[OPLIN 4cast] OPLIN 4Cast #204: Locking down WiFi

Editor editor at oplin.org
Wed Nov 17 10:17:36 EST 2010 

Email not displaying correctly? View it in your browser. 
<http://www.oplin.org/4cast/>
OPLIN 4Cast

OPLIN 4Cast #204: Locking down WiFi
November 17th, 2010

wifi padlock 
<http://www.oplin.org/4cast/wp-content/uploads/2010/11/wifilock.gif>Up 
until now, many public libraries have not been too concerned 
with the security of their public wireless networks. 
Libraries, after all, are open to the public, so why 
shouldn't their networks be "open," too? Does it really 
matter if a neighbor might "steal" some of the library's 
bandwidth? But about a week before Halloween, the Firesheep 
extension for the Firefox web browser rattled the WiFi 
world. Suddenly, it became ludicrously easy to use open WiFi 
library networks to steal patrons' usernames and passwords 
to unsecured websites like Facebook and Twitter. Suddenly, 
there's a really good reason to lock down the library WiFi.

    * Firesheep in wolves' clothing
      <http://techcrunch.com/2010/10/24/firesheep-in-wolves-clothing-app-lets-you-hack-into-twitter-facebook-accounts-easily/>:
      extension lets you hack into Twitter, Facebook
      accounts easily (TechCrunch/Evelyn Rusli) "Developer
      Eric Butler has exposed the soft underbelly of the web
      with his new Firefox extension, Firesheep, which will
      let you essentially eavesdrop on any open Wi-Fi
      network and capture users' cookies. As Butler explains
      in his post, 'As soon as anyone on the network visits
      an insecure website known to Firesheep, their name and
      photo will be displayed' in the window. All you have
      to do is double click on their name and open sesame,
      you will be able to log into that user's site with
      their credentials."
    * Protection from FireSheep
      <http://www.readwriteweb.com/archives/protection_from_firesheep_hint_its_not_blacksheep.php>
      (ReadWriteWeb/Audrey Watters) "Since Firesheep was
      released, there have been a number of countermeasures
      developed, ostensibly to warn if not protect users
      from potential side-jacking. Blacksheep, released
      earlier this week by Zscaler, generates 'fake traffic'
      then monitors the network to see if Firesheep is
      active. But Blacksheep warns you that it is, then
      what? Other than shutting off your notebook and
      perhaps relocating to a different cafe with free
      Wi-Fi, what are your options?"
    * Free WiFi should use "free" password
      <http://arstechnica.com/security/news/2010/11/researcher-free-wifi-should-use-free-password-to-protect-users.ars>
      (Ars Technica/Jacqui Cheng) "...businesses that offer
      free WiFi to customers---such as Starbucks or
      hotels---are still putting everyone at risk of being
      sniffed and hacked by leaving their networks open. If
      those businesses were to simply lock their networks
      down (WPA2, of course) with the password of 'free,'
      then customers' information would be much more secure
      and the world would be a happier place."
    * Password doesn't shear Firesheep
      <http://www.boingboing.net/2010/11/10/password-doesnt-shea.html>
      (BoingBoing/Glenn Fleishman) "Thus, you could defeat
      Firesheep today by assigning a shared key to a Wi-Fi
      network until the point at which some clever person
      simply grafts aircrack-ng into Firesheep to create an
      automated way to deauth clients, snatch their keys,
      and then perform the normal sheepshearing operations
      to grab tokens. [...] The way around this is to use
      802.1X, port-based access control, which uses a
      complicated system of allowing a client to connect to
      a network through a single port with just enough
      access to provide credentials."

*/OPLIN Fact:/*

89% (645) of all Ohio public library buildings offer free 
public WiFi.
------------------------------------------------------------
The */OPLIN 4cast/* is a weekly compilation of recent 
headlines, topics, and trends that could impact public 
libraries. You can subscribe to it in a variety of ways, 
such as:

    * *RSS feed.* You can receive the OPLIN 4cast via RSS
      feed by subscribing to the following URL:
      http://www.oplin.org/4cast/index.php/?feed=rss2.
    * *Live Bookmark.* If you're using the Firefox web
      browser, you can go to the 4cast website
      (http://www.oplin.org/4cast/) and click on the orange
      "radio wave" icon on the right side of the address
      bar. In Internet Explorer 7, click on the same icon to
      view or subscribe to the 4cast RSS feed.
    * *E-mail.* You can have the OPLIN 4cast delivered via
      e-mail (a'la OPLINlist and OPLINtech) by subscribing
      to the 4cast mailing list at
      http://mail.oplin.org/mailman/listinfo/OPLIN4cast.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.oplin.org/pipermail/oplin4cast/attachments/20101117/a3804816/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kubrickheader.jpg
Type: image/jpeg
Size: 38379 bytes
Desc: not available
Url : http://mail.oplin.org/pipermail/oplin4cast/attachments/20101117/a3804816/kubrickheader-0001.jpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: wifilock.gif
Type: image/gif
Size: 14477 bytes
Desc: not available
Url : http://mail.oplin.org/pipermail/oplin4cast/attachments/20101117/a3804816/wifilock-0001.gif

More information about the OPLIN4cast mailing list