Open Source Routers!

Netgear has announced the launch of its WGR614L open source Wireless-G router.

The fully-featured wireless router is designed to support a variety of applications created by the open source community.

The router supports Linux-based Tomato and DD-WRT firmware and will soon support OpenWRT.

It is powered by a 240MHz MIPS32 CPU with 16KB of instruction cache, 16KB of data cache and 1KB of pre-fetch cache, and incorporates 4MB of Flash memory and 16MB of Ram.

"There has been growing demand for more powerful platforms to support open source enthusiasts seeking to create more robust, commercial-grade applications for their wireless routers," said Som Pal Choudhury, senior product line manager for advanced wireless at Netgear.

The router features a single 10/100 internet Wan port, a four-port 10/100 Lan switch, an 802.11g access point and all of the most common security and logging features.

"An important feature of our offering is the dedicated and responsive open source community which enables users to easily exchange ideas and troubleshoot issues," explained Choudhury.

"New applications currently being developed include traffic shaping applications, redirections to captive portals for hotspots, guest access via a separate SSID, upstream and downstream QOS and intelligent bandwidth monitoring. "

Ironically the router is also 'Works with Windows Vista' certified. The WGR614L is available now for around $69.

Students Hack Windows Cardspace

Students at the Ruhr University of Bochum, Germany, say they have found a way to steal security tokens in Microsoft's new CardSpace authentication framework. Attackers can apparently get access to protected, encrypted user data – such as passwords, credit card numbers, and delivery addresses – when they are transmitted. CardSpace (formerly InfoCard) is the successor to Passport. In both architectures, users' personal data are stored locally on the user's system. Depending on the web site, users can decide which data they want to transmit. CardSpace is designed to make classic passwords a thing of the past, by replacing them with digital certificates that may be self-signed or signed by an authoritative CA such as Verisign.


According to the report, anti-DNS pinning, DNS rebinding, DNS spoofing, and drive-by pharming are apparently all successful ways to steal transmitted tokens. Attackers basically need to manipulate the user system's name resolution so that the token for the browser-based CardSpace is sent to the attacker. To this end, attackers manipulate the DNS entries on a router, for instance by means of cross-site request forgery, and send the attacked user to a malicious name server. If the attacker manages to switch name resolution during an authentication process so that the victim lands both on a shop's genuine CardSpace website and on a malicious forgery, the attacker then gets the token. During the token's validity, attackers can then pretend to be the user in question when they go shopping.

The students have created a demo server that they claim demonstrates the problem. To reproduce the demonstration, you should change your own DNS settings and install an untrusted certificate. In our test at heise Security, we could not get the demonstration to run, however. Microsoft has apparently already been informed of the problem and is working on a solution. In their report, the students propose improving Same Origin Policy as a security function for browsers.

MICROSOFT SCAMS AGAIN!

Businesses that skip Windows Vista and upgrade their computers directly from the XP operating system to Windows 7 could expose themselves to security risks and other problems, Microsoft says in a new white paper.

Bypassing Vista could have "implications for security, support, and regulatory compliance and reduce flexibility in the face of changing business requirements," writes Microsoft VP Mike Nash, in the paper.Specifically, Nash says that businesses that wait for Windows 7 -- set for release in late 2009 or early 2010 -- to upgrade from XP could find themselves using outdated applications that don't employ proper security safeguards or are no longer supported.

They also won't get the advantage of new security technologies and other improvements that Microsoft embedded in Vista, Nash says. "By not deploying Windows Vista, it means missing out on the proven benefits such as better security, productivity, search, mobility, manageability and infrastructure optimization," Nash says in the paper, which is titled "The Business Value Of Windows Vista."

Do you remember any similar pushes with previous operating systems? This could possibly be because of the absolute travesty that is Vista security, that has kept so many large businesses from switching to the operating system. After such an outcry from the IT community and backlash against their prettiest operating system, Microsoft has decided to switch their tactics from marketing to George Bush-esque "strategertizing". Overheard in a consultation, "OH so you don't want to upgrade to Vista? If you don't You will never be able to Upgrade again!!!" Basically they are trying to tell you that if you don't upgrade to Vista, You can't upgrade to 7. And you can bet that the software of 7 wont allow a install from XP. And will most likely have a discount upgrade to Vista. 49.99 so that you can upgrade to vista so that you can upgrade to 7 (It's a steal!!!)

Microsoft wants your Opinion?

In the continuing effort to improve computer and network security, Microsoft has developed the End to End Trust initiative. As a part of that initiative, Microsoft is seeking input from users and information security professionals to help answer the questions that need to be addressed in order to evolve computer security such as How should we enhance security on the Internet without undermining social values, such as privacy and anonymity? There are more questions to be answered in the End to End Trust Forums. Scott Charney, Microsoft's Corporate Vice President of Trustworthy Computing, has developed a white paper entitled Establishing End to End Trust which provides more details on Microsoft's vision.

While  it is not beyond the stretch of a reasonable person's imagination that a giant of the industry would want to keep it's users secure. The employees and designers of microsoft have showed a lack of willingness to address serious security issues, and wrap every tiny piece of security as the next big step in computing. Rather than the required software that all of this should have been back in Windows 98. It seems that every time Microsoft attempts security, it undoubtedly blows up in it's face. So I would encourage you to voice your opinion to microsoft- Let them know you value your security, as well as your wallet.

Microsoft Vista Security... Yeah Right!

Lately, Microsoft has been trumping the myriad of new security measures that have been included in Windows Vista. However, IT techs have been screaming their guts out that between the lack of any substantial changes (aside from a circular start bar), the forced User Account Control, and big brother like computing- That everyone should stay with XP. Well, now we have actual basis for this. Notice how that Microsoft is quick to shift ALL the blame to the incompetent user.  

                The claim that Vista is less secure than Windows 2000 was made last week by security vendor PC Tools, which said that over the past six months Vista had suffered 639 unique threats, whereas Windows 2000 has suffered 586. PC Tools's research was conducted by collecting data from customers using its ThreatFire behavioural detection software. "Ironically, the new operating system has been hailed by Microsoft as the most secure version of Windows to date," said Simon Clausen, the chief executive of PC Tools last week. "However, recent research conducted with statistics from over 1.4 million computers within the ThreatFire community has shown that Windows Vista is more susceptible to malware than the eight-year-old Windows 2000 operating system, and only 37 percent more secure than Windows XP," Clausen said.

        However, Microsoft strongly hit back at the claims, blaming users for executing malicious code on their machines. On Tuesday, Technet blogger and Microsoft evangelist Michael Kleef said the number of infections found by PC Tools was an indication of poor user behaviour


639 unique threats? This coming from the billion dollar brain-trust that spent four years to develop a circular start bar? I am truly, truly stunned.