With the likelihood of multiple devices on any given home network ever increasing, most households now contain some form of a router. A router is the simplest manner to allow for multiple network connections to share a single external  connection – like the one to your Internet provider. Routers are protected by a password and if you’ve followed best-practice, you’ve changed it from the default password to something more secure and memorable – hopefully. The problem is, a router is basically an appliance; it sits on the desk or otherwise out-of-sight and does it’s job once it’s been configured. It’s quite possible that after initial setup and changing of the password you never access it again. Now, this becomes a problem because passwords that aren’t used often are more likely to be forgotten. If this is the case, what are you options?

Many routers have a physical device reset switch on the back that will restore the configuration to it’s shipping state from the manufacturer. It’s not a bad last-ditch effort but it will then require configuring of everything again. There is another option however, but it requires a bit of forward thinking.

It’s an excellent idea to backup your router configuration to a file and store somewhere safe on your computer, if your router supports such a feature – most do however. If you have previously made a configuration backup it’s possible that the router password could then be extracted from that backup.

RouterPassView is another fine utility from NirSoft that attempts to uncover information from router backups such as admin passwords or even wireless keys and passwords. As is commonplace for NirSoft, RouterPassView requires no installation and is dead simple to use – just open your router configuration file from within the application. If the software is able to detect and decrypt the file you will quickly be presented with a tabular view of the data it contains. The passwords should be easily identifiable at this point!

As there are probably hundreds of home routers it’s impossible to expect a free application like RouterPasssView to identify and support them all. However, the software continues to be updated with expanded compatibility so if your router isn’t supported today, check back tomorrow.

RouterPassView currently supports:

• Linksys WRT54GL (With original firmware or Tomato firmware), WRT54G (only some of them), WRT160N, and possibly similar models.
• Edimax BR6204WG, and possibly similar models.
• Siemens ADSL SL2-141, and possibly similar models.
• Dynalink RTA1025W, and possibly similar models.
• NETGEAR WGT624, and possibly similar models.
• ASUS WL-520g, WL-600g, and possibly similar models.
• D-Link DIR-655, DIR-300, and possibly similar models.
• Sanex SA 5100, and possibly similar models.
• Sitecom WL-351, and possibly similar models.
• COMTREND 536+ (Only Internet Login)
• US Robotics 9108 ADSL (internet login and admin login)
• D-Link DSL-2540U/BRU/D ADSL2+, DSL-2650U, DSL-520B
• D-Link DVA-G3170i/PT
• TP-Link TD-8810 ADSL Modem/Router.

Download RouterPassView

Have you ever had a situation where you wished you could restrict access to a running program on your computer? If you share a common login with members of your family, you can likely think of a few instances where it would be advantageous to keep prying eyes in your blood line at bay. Microsoft Outlook as the ability to assign a password to the Personal Folders would prevents access to email unless the password is known. But not all email applications have this functionality, and while there exists some workarounds – they aren’t all foolproof which is typically frowned upon when it comes to security. However, email is just one application that may make sense to secure a bit tighter than is normally feasible.

LockThis! is a free windows utility that can provide a layer of security on top of any application. When running, LockThis! can password protect a running application so that when it is minimized it can’t be restored until the password is provided.  The application is extremely easy to use – applications that are minimized while holding down CTRL will be protected from further un-minimizing with a user assigned password. An immediate word of warning – LockThis! defaults to the admin password of LockThis! unless you change it, so be sure to do that upon installation!

Programs can be restricted with a single password or configured on a per-application basis. LockThis! sits in the tray and can be further hidden with a few preference settings. The software cannot be shutdown traditionally without first providing the admin password, however savvy users are able to kill the application through Task Manager – an unfortunate limitation. Additionally, while LockThis! can secure most any application one of which it struggled with was Firefox 3.6 – an issue the developers suggest may be an issue with Firefox’s security model. Know of any other problematic applications?

Nevertheless, LockThis! is a rather simple and effective way to prevent little Jimmy from accidentally accessing something he shouldn’t.

Download LockThis!

Microsoft Spynet is a utility integrated in Microsoft’s Windows Defender and Security Essentials software packages. While not a separate program per say, Spynet is a means for Microsoft to collect information about suspicious activity flagged by both their security products when installed on your local computer. The general premise is, a network of users are likely to identify spyware based on whether they allow or block a particular item from executing on their systems. These items would be anything that Defender or Security Essentials do not yet contain a valid thumb print or signature on – meaning it doesn’t know if they are harmful or not. As an end-user, you are able to leverage Spynet and determine how other users have handled a piece of software that is otherwise suspicious.

Spynet is a rather useful system in my opinion, but users tend to get uneasy about sending any information back to Microsoft without their consent. The reality is – you’ve probably agreed to this behavior without realizing it. Windows Defender is included in Windows 7 and one of the initial setup screens as you installed Windows requested your permission for things of this nature; to Help protect your computer and improve Windows automatically. If you are having second thoughts about the whole agreement it is pretty simple to reverse the process.

Windows Defender

Launch Windows Defender from the search menu with defender.

From Tools->Microsoft SpyNet you can change your membership between three levels – the last of which is opting out of the process entirely.

Security Essentials

The currently released version of Security Essentials does not contain a graphical option to opt-out of SpyNet, strangely enough. This oversight has been corrected in v2.0 of the security suite but it still remains in beta form. Nevertheless, it still is possible to disable SpyNet in v1.0 – it just requires a trip into the Windows Registry.

Launch regedit from the search menu.

Navigate to the key HKLM\Software\Microsoft\Microsoft Antimalware\SpyNet\ from the left-hand menu.

Change the value of the name SpyNetReporting to 0 to prevent your PC from participating in the SkyNet network. You should reboot your system to fully apply the change however.

One of the advantages of keeping your email in the cloud – outside of the obvious ability of accessibility basically anywhere you have access to a computer – is the notion of security and privacy. Accessing your Gmail requires a username and password, that’s pretty obvious. But what if you have your Gmail, or any other email system, configured in Mozilla Thunderbird? Even if you’ve told Thunderbird not to save your account credentials, a nosy person could still obtain access to all your previously downloaded email. To some, it might sound ironic how email stored in the cloud is actually more secure!

If you are using a shared computer, perhaps by your family, and additionally share the same Windows profile – not that uncommon actually – you might be interested in adding a bit of security to your Thunderbird profile.

Profile Password is a Thunderbird extension that lives up to it’s title billing. The extension adds another context menu off Tools that allows one to set a password on their current Thunderbird profile. Once set, further attempts to open Thunderbird will require the password before access can be granted. Without a password, another user is unable to view your current email or access your address book. Additionally, you can also lock the main panel of Thunderbird to provide the layer of security while the client remains open.

Pretty nice alright!

However, there is one giant caveat – the security isn’t very strong, actually it’s quite basic. A savvy user can track down your email profile folder on the hard drive and still access any of the contents through the file system. Still, Profile Password is a rather quick and simple layer of security that may be just enough to keep prying eyes at rest.

Download Profile Password

Facial recognition systems are always portrayed so amazingly in the movies and on television. Even if you ignore Hollywood’s ability to take an extremely blurry and low-resolution photo, sharpen it up while also enlarging it and then make a positive ID on an individual – facial recognition software is real and can be magical outside of the theaters.

The real-world advancement of the technology has made way for software such as Blink! – from Luxand – possible. Blink! is a free utility that can allow Windows login by just an individual’s face – no password necessary. Once installed, the traditional Windows login screen is modified to include a live video window from your webcam or built-in laptop camera. Merely sit down at your PC, ensuring your face is aligned within the grid, and the software will do the rest.

Configuration is simple and involves having Blink! learn your face – obviously. Upon initial login, the software will compare your live face with the stored snapshot photo and determine if it is the same individual. The algorithm is fairly sophisticated, with the developers claiming it can cope with changes in your personal appearance – glasses, a beard, new hair style or color. While I wasn’t able to test all of these conditions, I can say I was unable to fool it by simply donning a pair of sunglasses.

Blink can be configured to recognize any number of individuals; additionally it maintains a login history of all users and can even take a picture of any person whom it doesn’t recognize – great for catching a would-be snoop!

The software requires Vista or Windows 7 and only the 32 bit builds, unfortunately. Additionally, as it is always running in the background, you should be aware it used approximately 25-35MB of memory. For future versions I would hope to see 64 bit support and a bit lighter of a memory footprint. Nevertheless, the software is rather slick and impressive!

Download Blink!

Recently, the Electronic Frontier Foundation in collaboration with the Tor anonymous routing project released a public beta of their security and privacy conscious Firefox extension. Inspired by Google’s latest SSL encrypted search option, HTTPS Everywhere extends that concept to other websites. Visiting a website known to the extension will automatically switch your browsing session over to an SSL or HTTPS connection.

HTTPS Everywhere, while greatly useful, is not the giant panacea that you might imagine – simply because web sites must be preconfigured for the addon to work it’s magic. It has no discoverability option to determine when an SSL connection is available on a website you are perusing unencrypted. Still, the addon comes preconfigured to support many of the most popular websites including: Google, Twitter, Facebook, Wikipedia, or even news sites like NY Times and Washington Post.  For industrious users, there exists a method to create your own matching rule sets so you are free to expand the functionality to any and all sites you choose. The rule sets look for a specified URL address and then rewrite the link to instead traverse over SSL – pretty simple yet genius in the same breath.

Here is an example straight from the EFF howto:

<ruleset name="Twitter">
  <rule from="^http://twitter\.com" to="https://twitter.com"/>
  <rule from="^http://www\.twitter\.com" to="https://twitter.com"/>
</ruleset>

If writing your own customized rule sets sounds a bit too much you’ll be happy to know the addon will be updated by the EFF and Tor, promising wider and wider compatibility – there’s already been one update since I’ve been testing the extension in fact.

Installation is painless; just download and the rest happens automatically. After a quick Firefox reboot, HTTPS Everywhere just works with zero configuration. If, for some reason, you wish to disable a particular site all the SSL redirection is toggled by a simple check-box. Simple – just as I like!

Download HTTPS Everywhere for Firefox

The shortening of website addresses is quite handy and useful as you share links across all the social media networks. With limits on the length of your posts wasting 50 characters on a web address just isn’t going to fly. The shortened URL service came about as a solution to communicating long addresses to friends; in email a long address may word-wrap across a few lines which makes a single click and visit problematic and relaying an address verbally can be tedious and prone to errors. It’s only logical that services like bit.ly and tiny.cc made the jump to the Twitter and Facebook realms.

One of the problems when a friend sends you a link that’s been shortened is not knowing where it will take you until you are already there. I discussed previously about a Firefox plugin that will expand the shortened URL to it’s destination address on hover which is helpful if the newly discovered information can clue you in on the linked material before visiting. However, merely knowing the domain may not be enough to protect you from some malicious website. Why would your friend send you to a site like this in the first place? One answer: they may just not know as the site is clever in it’s infection, or it may not even have come from your friend first hand – but rather a trojan acting on their behalf!

Saf.li is a new URL shortening service that will scan the provide web address using the the BitDefender anti-virus software before returning a saf.li shortened URL. The scan ensures that address is free of any malicious software, viruses, phishing attacks, etc. The scan and creation takes mere seconds and the result is peace of mind that the link is clean – whether you’ve created that link or your friend has sent you a saf.li address directly. Better, even if you are sent a shortened URL from another service, Saf.li can still scan that link and verify that it is clean and safe.

After running the scan click the Get stats graphic to obtain the results.

Saf.li is a logical and necessary extension to the crowded market of URL shortening services. It’s certainly worth more than a look or two!

Microsoft received a lot of positive press when they proclaimed their recommitment to ensuring security would be a main focus in their products moving forward. The consumers got a brief introduction to the initiate with Vista, where we saw changes such as User Account Control and other security-conscious features. Ignoring the initial venom towards UAC, what we are now left with in Windows 7 is necessary and aligns Windows with most of it’s competitors when dealing with raising user access rights within the system.

In Vista and Windows 7, the user is forced to create a user account rather than use the native administrator account. The rationale behind this is if a would-be hacker does not know the username of the account, it’s that much harder to crack. However, both Vista and 7 still ship with accounts under the usernames of administrator and guest – with their usage obvious. Even if the accounts are disabled, which they typically are, it still provides a first-step in remote exploit. A vulnerability may exist that allows for the enabling or disabling of the administrator account, for example. While you could out and out delete them, I’d suggest otherwise and instead, just rename the accounts to something different and still keep them disabled.

In the Start->Search look for and execute Local Security Policy.

In the left-hand panel, navigate to Local Policies -> Security Options.

Now in the right-hand panel you should notice two options: Accounts: Rename administrator account and Accounts: Rename guest account. Right-click on either policy as appropriate and choose Properties.

Rename the account to whatever you desire. To Windows, user accounts are actually referenced by a security identifier or SID not the actual username. This facility is what allows you to rename accounts without having the system underneath break down.

The process can then be repeated for the other account; Guest in this example. By renaming both accounts, you are now able to tick-off one more box in your check-list of secure computing.

A few weeks back I wrote to you about how to use a bluetooth device to lock your PC when it’s out of range. The process is quite practical save for one glaring problem, perhaps. Not all of us have bluetooth devices and even few of us have bluetooth functionality on our computers. If that sounds like your situation I’ve got a similar solution using hardware that everyone has – USB ports and an available thumb drive.

Predator is one such piece of free software that can utilize any size thumb drive as a physical token to lock and unlock a computer. When you get up to leave, simply take the thumb drive with you; upon return, return the drive to an available USB port – Predator handles the rest, after some initial configuration of course.

Once installed, Predator needs to do some initial prep work on the thumb drive you wish to use. The process isn’t destructive to the existing data however, Predator will encode a key file onto the device that is referenced by the software in order to lock or unlock. Additional features are also available that tend to relate to the security and privacy aspects that go along with locking a PC; such as, minimizing all windows, hiding the desktop icons, or dimming the display.

At this point you should be wondering what happens if you lose the paired USB thumb drive, or it otherwise becomes damaged. Because Predator disables Task Manager and CTRL+ALT+DEL, the only way to unlock is typically with the device. However, one of the configuration options involves setting a back-up password just for this purpose – actually it’s required.

Predator is available both in free and professional versions but in my opinion, the free version includes everything you’d need to secure your PC painlessly.

Download Predator

The ultimate security for a computer is removing physical access and leaving it disconnected from a network. Your PC is now a glorified metal box but it’s totally secure! Obviously, this isn’t very practical so some concession will need to be made. Assuming we require network access, physical access to the device can be controlled or otherwise limited. But even this is not typically possible in most situations. Therefor, we look to locking access to the  computer through the operating system. This is generally an acceptable compromise between security, practicality, and usability.

The typical method of locking a computer is an auto-engagement method based on access – if you haven’t used the PC in x minutes the screensaver comes on and the PC gets locked. Pretty simple but the process but not overly flexible. If you get up and leave the PC unattended there is amble time for another person to sit down and access everything before the auto-lock triggers. The obvious solution is to engage the lock yourself but for most, it’s easily forgettable. Another solution is to have the PC lock itself faster, perhaps after 2 minutes of inactivity. The logical drawback to this is a PC locking every time you get distracted by something like a phone call.

A more clever option is utilizing bluetooth technology, built into just about every cell phone and found more and more often in your PC. A bluetooth device is first paired with a PC; then, when the device leaves the proximity of the PC the computer is locked. That sounds pretty eloquent and intelligent to me. The functionality is provided by a free application called Bluetooth Proximity Lock Utility or BtProx.

Once installed, BtProx can be configured to initiate any command the user wishes once the device has left the range of the PC. It can be as simple as locking the PC or something a bit more involved – perhaps unmounting your encrypted TrueCrypt drive. If you’ve got the hardware requirements the possibilities with BtProx are limitless. I’d be interested in hearing what others are using this software for in the comments!

Download BtProx