Embarrassing is an understatement.
- Open-source firmware vuln exposes wireless routers
- Open-source firmware flaw exposes wireless routers – DD-WRT
- http://www.securityfocus.com/bid/35742/info
Tomato users are not affected. No idea regarding HyperWRT or Thibor.
Sebastian Gottschall’s statement, “consider that this exploit was released without any report to us”, is a miserable attempt at taking responsibility for the mistake. I have personally reviewed the DD-WRT source many times while working with WRT* routers — and like Busybox, it’s all duct tape and Bondo. The same applies to HyperWRT, though most of the trashy code there comes from the base source which is the responsibility of Linksys and their third-party vendor.
With regards to DD-WRT, I really don’t care if the exploit was released without any prior report — consider doing security audits of your own code, and stop allowing patches with hacked-up solutions. Instead, stop and think about the change in its entirety before committing.
2009/09/12 at 12:58
Hey, curious, do you still stream things? Curious, what program do you use now? I’d like to stream but having problems with VHScrCap 2.2.6.3 (newest?) The selection doesn’t update (say I’m streaming 500×500, then I want to stream 1440×900, it doesn’t update if it’s currently in use by anything such as streaming it on skype. I have to stop the stream, change it, and then redo the stream.) , while my friend who uses the same thing doesn’t have this problem.
so, I need an alternative.
2009/09/12 at 14:02
Yes, I still stream things.
I’ve already documented elsewhere on my blog how VHScrCap is… well… you can view my posts, which include videos and so on documenting numerous problems with it, while reading replies from the author denying that his software is responsible for the bugs + threatening me because more or less “my wrong statements could cost him money”. I spent much of my own time essentially doing QA of VHScrCap, so I feel confident in my statements.
Here are the relevant URLs. You’ll want to read each item in order, since you can see how things progress.
http://koitsu.wordpress.com/2008/04/10/vhscrcap-bugs/
http://koitsu.wordpress.com/2008/06/13/vhscrcap-bugs-part-2/
http://koitsu.wordpress.com/2008/06/14/vhscrcap-bugs-part-3/
http://koitsu.wordpress.com/2008/06/14/vhscrcap-bugs-part-4/
http://koitsu.wordpress.com/2008/06/14/vhscrcap-bugs-part-5/
The video of the key problems exists in my final blog post above. There you can view it and see for yourself exactly how broken the software is.
The alternative program to use is called SCFH DSF:
http://mosax.sakura.ne.jp/fswiki.cgi?page=SCFH+DSF
It’s written by a Japanese fellow, and the site + docs are in Japanese — however, the actual program is in English. It works flawlessly for what I do. There’s really not much else to say about it — it’s fantastic.
If you need instructions on how to install it (it’s quite easy, but requires you install Visual C++ 2008 Runtimes first), let me know and I’ll post the necessary steps.
2009/09/12 at 16:37
Yeah, some steps on how to install and operate it would be helpful. I downloaded it, but now I just don’t know what to do.
2009/09/12 at 17:23
I’ll make a blog post about it, since you’re the 3rd or 4th person to ask me how to actually install and use the software.
2009/09/12 at 18:10
As promised:
http://koitsu.wordpress.com/2009/09/12/how-to-install-and-use-scfh-dsf/