One of our readers just sent me the following info. If you are using DD-WRT with the effected version be sure to patch/resolve this. Follow this link.
*Update* You can test your router and see if you are vulnerable by entering this into your browser:
http://routeripaddress/cgi-bin/;reboot
–Himuraken
One open source tool I use everyday is Firefox web browser from Mozilla. Currently on version 3.5, Firefox is perhaps the main alternative to Microsoft Internet Explorer. Now with the release of IE8 and the significant resources impact on many machines, there is an even stronger demand for a stable, easy-to-use web browser.
The open source security process that Mozilla implements for Firefox results in faster bug-fix and a quicker response to network wide threats. This is real security for the user. According to the Brian Krebs, Washington Post, 1/4/2007 blog post “Internet Explorer users Unsafe for 284 Days in 2006″, Firefox users only had nine days of risk. This is a huge difference! Security is the top priority for Firefox coders.
Comparisons such as installation file size show that Firefox i smuch more compact as well. Firefox 3.5 is a 7.7MB download, while IE8 for Windows XP weighs in at 16.1MB, more than twice the size. Firefox will also run in a portable mode from a thumb drive or other removable storage. This is excellent for travelers who like to carry favorites lists with them. All data is stored on the thumb drive when browsing, which also increases user privacy and security.
As a Network Manager I use Firefox for managing Cisco networking devices, as I have often experienced errors using IE in the past. Firefox connects to the device every time.
Firefox Resources:
Firefox Tweak Guides
Download Firefox
8 Easy Firefox Tweaks for Super Fast Web Browsing
I recently replaced my laptop and decided to encrypt the hard drive. I use Absolute Computrace for system recovery if lost or stolen, but this does not protect the data. Security experts recommend using encryption with recovery tools. The point of this is that if the hard drive is removed from the system with the recovery tool installed, the data can be accessed without activation the recovery features when reported missing.
After checking out several proposals for enterprise encryption packages, I remembered I had used TrueCrypt to encrypt a thumb drive. It worked great for that purpose so I gave it a shot on my new laptop.
Version 6.2a download is very quick (3.04MB) for Windows Vista/XP/2000. There are also options for Mac OS X and OpenSUSE and Ubuntu Linux distros. As with most open source tools, source code is easily obtained from the website as well.
Installation was painless and I was quickly ready for encryption. There are a couple of options at this point: encrypt entire drive including system partions, etc. or create and encrypted folder on the drive for critical data. This option will show a file on the directory listing that cannot be accessed without the password key that you generate. (NOTE: without the key (or Rescue Disk) the company website claims that there is no way to access data.) For key generation, I used a random tool I found on a Google search. Link is at the bottom. I created a recommended twenty character key. I chose to encrypt the entire hard drive. I followed all of the instructions, including backing up my few data files and proceeded with encryption. This took approximately five hours for a 160GB drive that is 30% full. Make sure you have plenty of power available and don’t need to use the system. Power failure during encryption will lead to data loss. The encryption completed, I rebooted, entered my key and XP loaded right up.
So far I have noticed two performance hits; system hibernate, XP completely locked up on recovery and I had to power cycle. I had the same issue copying 30GB of data to the laptop from a network share. Twice XP completely locked up. Other than that, normal operations seems to be fine.
So once again, an open source tool fits the need!
http://www.truecrypt.org
http://www.thebitmill.com/tools/password.html(Random Password Generator)
It can be challenging to find business tools if you do not know where to start looking. Here is a list of some of the tools I have used. These sites all offer free or very low cost tools.