Talisman turns Wi-Fi into a super-router
| || By Mark Joseph Edwards |
Did you know that you can gain new wireless router capabilities without buying a new router?
This week, I tell you about an alternative third-party firmware package that you can install to add numerous new features and improve your Wi-Fi performance.
Wireless networking is a useful technology — but, as you might have found out already, typical wireless routers have their limitations. In the past, getting around some of those limitations often required that you buy a new router whose features and functionality better met your needs.
The output strength of your router’s signal, for example, might not be strong enough to reach all the areas of your home or office where you need connectivity. Or you might need to use specialized services, such as Dynamic DNS, router-based VPNs, access-controlled wireless hotspots, etc.
These features and others are typically not available in common routers available today. But instead of buying a new router, you might be able to replace its existing firmware with new third-party firmware.
This is possible because many common routers (especially those made by Linksys, Netgear, ASUS, and Buffaltech) actually use a mini-Linux operating system. And since Linux is open source, people who base their router firmware code on Linux typically must publish their modifications. As a result, some people have extended the firmware in Wi-Fi routers to include new capabilities.
Firefox allows sites to piggyback on others
| || By Chris Mosby |
While Firefox is my Web browser of choice, I still realize that it isn’t 100% secure.
Any piece of software that is even remotely popular is going to have hackers going over it trying to find ways to exploit it for their purposes — and that’s led to a Firefox hole you should plug.
Mozilla Firefox has a flaw in the way that it handles iframes, which are rectangular areas that can appear within Web pages. This vulnerability allows one Web site that you visit to run scripts affecting other sites that you may navigate to.
A hacker could modify the iframe of a site to gain access to sensitive information. This could include passwords or bank-account information that you enter at a different site. Other exploits are also possible with this flaw. For example, a hacker site could run its scripts outside of the security zone you’d set. In other words, an untrusted site could run a script using the profile of a trusted site.
This flaw has been confirmed in all versions of Mozilla Firefox up to 18.104.22.168 (which is currently the latest version) running on multiple operating systems.
What to do: If you’re like me, and Firefox is your browser of choice, I recommend that you install the third-party NoScript add-on to protect yourself from this threat. The NoScript extension allows you to enable scripting on Web sites you trust while blocking scripts from all other sites from running by default. The latest version also has Cross-Site Scripting (XSS) protection, which directly helps to protect you against this flaw in particular.
| || By Susan Bradley |
The latest back-door method Microsoft is using to install its Windows Genuine Advantage (WGA) marketing software has hit a nerve for many.
The e-mails have been piling up on me since I wrote about that subject in my June 14 column.
(892130) Microsoft is installing WGA by subterfuge
After my June 14
column regarding Microsoft slyly installing WGA, readers complained to Microsoft — and the Redmond company has apparently removed the WGA requirement from at least one patch. More details will appear in the July 5 issue of this newsletter.]
I’ll be the first to admit that I’ll put up with some annoyances in order to be secure. For example, I leave Vista’s User Account Control (UAC) turned on because it doesn’t really annoy me.
But what does annoy me is when I know that some Microsoft program is bothering others and keeping them from patching their PCs. WGA is one of those annoyances. I’m revisiting this subject, which I previously covered in my last Patch Watch column, to follow up on the many e-mails I received and to answer the numerous questions about WGA.
Last Patch Tuesday’s WGA update on June 12, known as patch 892130, technically wasn’t new. The ActiveX update component of that patch was actually released back in February.