<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#ffffff" text="#000000">
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style></style>
<title>OPLIN 4Cast</title>
<style>
.headerTop { background-color:#FFFFFF; border-top:0px solid #000000; border-bottom:1px solid #FFFFFF; text-align:center; }
.adminText { font-size:16px; color:#0000FF; line-height:200%; font-family:verdana; text-decoration:none; }
.headerBar { background-color:#FFFFFF; border-top:0px solid #333333; border-bottom:0px solid #FFFFFF; }
.title { font-size:20px; font-weight:bold; color:#000000; font-family:arial; line-height:110%; }
.subTitle { font-size:11px; font-weight:normal; color:#000000; font-style:italic; font-family:arial; }
.defaultText { font-size:12px; color:#000000; line-height:150%; font-family:trebuchet ms; }
.footerRow { background-color:#FFFFCC; border-top:0px solid #FFFFFF; }
.footerText { font-size:10px; color:#996600; line-height:100%; font-family:verdana; }
a { color:#0000FF; color:#0000FF; color:#0000FF; }
</style>
<table class="backgroundTable" bgcolor="#ffffff" cellpadding="0"
cellspacing="0" width="100%">
<tbody>
<tr>
<td align="left" valign="top">
<table cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="border-top: 0px solid rgb(0, 0, 0);
border-bottom: 1px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 255); text-align:
center;" align="center"><span style="font-size:
10px; color: rgb(96, 96, 96); line-height: 200%;
font-family: verdana; text-decoration: none;">Email
not
displaying correctly? <a
href="http://www.oplin.org/4cast/"
style="font-size: 10px; color: rgb(0, 0, 255);
line-height: 200%; font-family: verdana;
text-decoration: none;">View
it in your browser.</a></span></td>
</tr>
<tr>
<td style="border-top: 0px solid rgb(51, 51, 51);
border-bottom: 0px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 255);">
<center><a href=""><img id="editableImg1"
src="cid:part1.03070000.01020001@oplin.org"
title="OPLIN" alt="OPLIN 4Cast" align="middle"
border="0"></a></center>
</td>
</tr>
</tbody>
</table>
<table style="width: 763px; height: 877px;"
bgcolor="#ffffff" cellpadding="20" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 12px; color: rgb(0, 0, 0);
line-height: 150%; font-family: trebuchet ms;"
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickbgwide.jpg"
bgcolor="#ffffff" valign="top">
<p><!-- Make sure you modify the 4Cast title in this section -->
<span style="font-size: 20px; font-weight: bold;
color: rgb(0, 0, 0); font-family: arial;
line-height: 110%;">OPLIN 4Cast #204: Locking
down WiFi</span><br>
<!-- Make sure you modify the date of the 4Cast in this section -->
<span style="font-size: 11px; font-weight: normal;
color: rgb(102, 102, 102); font-style: italic;
font-family: arial;">November 17th, 2010</span></p>
<!-- Begin copy of Web Source here -->
<p style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.oplin.org/4cast/wp-content/uploads/2010/11/wifilock.gif"><img
class="size-full wp-image-1462 alignleft"
style="margin-right: 3px;" title="wifilock"
src="cid:part2.02090306.01000801@oplin.org"
alt="wifi padlock" height="123" width="112"></a>Up
until now, many public libraries have not been too
concerned with the security of their public
wireless networks. Libraries, after all, are open
to the public, so why shouldn't their networks be
"open," too? Does it really matter if a neighbor
might "steal" some of the library's bandwidth? But
about a week before Halloween, the Firesheep
extension for the Firefox web browser rattled the
WiFi world. Suddenly, it became ludicrously easy
to use open WiFi library networks to steal
patrons' usernames and passwords to unsecured
websites like Facebook and Twitter. Suddenly,
there's a really good reason to lock down the
library WiFi. </p>
<div> </div>
<ul style="text-align: left;">
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://techcrunch.com/2010/10/24/firesheep-in-wolves-clothing-app-lets-you-hack-into-twitter-facebook-accounts-easily/">Firesheep
in wolves' clothing</a>: extension lets you
hack into Twitter, Facebook accounts easily
(TechCrunch/Evelyn Rusli) "Developer Eric Butler
has exposed the soft underbelly of the web with
his new Firefox extension, Firesheep, which will
let you essentially eavesdrop on any open Wi-Fi
network and capture users' cookies. As Butler
explains in his post, 'As soon as anyone on the
network visits an insecure website known to
Firesheep, their name and photo will be
displayed' in the window. All you have to do is
double click on their name and open sesame, you
will be able to log into that user's site with
their credentials."</li>
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.readwriteweb.com/archives/protection_from_firesheep_hint_its_not_blacksheep.php">Protection
from FireSheep</a> (ReadWriteWeb/Audrey
Watters) "Since Firesheep was released, there
have been a number of countermeasures developed,
ostensibly to warn if not protect users from
potential side-jacking. Blacksheep, released
earlier this week by Zscaler, generates 'fake
traffic' then monitors the network to see if
Firesheep is active. But Blacksheep warns you
that it is, then what? Other than shutting off
your notebook and perhaps relocating to a
different cafe with free Wi-Fi, what are your
options?"</li>
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://arstechnica.com/security/news/2010/11/researcher-free-wifi-should-use-free-password-to-protect-users.ars">Free
WiFi should use "free" password</a> (Ars
Technica/Jacqui Cheng) "...businesses that offer
free WiFi to customers—such as Starbucks or
hotels—are still putting everyone at risk of
being sniffed and hacked by leaving their
networks open. If those businesses were to
simply lock their networks down (WPA2, of
course) with the password of 'free,' then
customers' information would be much more secure
and the world would be a happier place."</li>
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.boingboing.net/2010/11/10/password-doesnt-shea.html">Password
doesn't shear Firesheep</a> (BoingBoing/Glenn
Fleishman) "Thus, you could defeat Firesheep
today by assigning a shared key to a Wi-Fi
network until the point at which some clever
person simply grafts aircrack-ng into Firesheep
to create an automated way to deauth clients,
snatch their keys, and then perform the normal
sheepshearing operations to grab tokens. [...]
The way around this is to use 802.1X, port-based
access control, which uses a complicated system
of allowing a client to connect to a network
through a single port with just enough access to
provide credentials."</li>
</ul>
<div style="text-align: left;"> </div>
<p style="text-align: left; font-size: 20px;
font-family: arial; line-height: 110%;"><small><strong><em>OPLIN
Fact:</em></strong></small><br>
</p>
<div style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;">89% (645)
of all Ohio public library buildings offer free
public WiFi. </div>
<div style="text-align: left;"> </div>
<!-- End paste of web source here --> </td>
</tr>
<tr>
<td style="" solid="" background-color:="" rgb(255,=""
255,="" 255);="" >=""
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickbgwide.jpg"
valign="top" width="760"><span style="font-size:
10px; color: rgb(96, 96, 96); line-height: 100%;
font-family: verdana;">
<hr><!-- Begin standard subscription verbiage -->
<div style="text-align: justify;">The <strong><em>OPLIN
4cast</em></strong>
is a weekly compilation of
recent headlines, topics, and trends that could
impact public
libraries. You can subscribe to it in a variety
of ways, such as: <br>
</div>
<div style="text-align: left;"> </div>
<ul>
<li style="text-align: justify;"><strong>RSS
feed.</strong>
You
can receive the OPLIN 4cast
via RSS feed by subscribing to the following
URL:
<a class="moz-txt-link-freetext" href="http://www.oplin.org/4cast/index.php/?feed=rss2">http://www.oplin.org/4cast/index.php/?feed=rss2</a>.
</li>
<li style="text-align: justify;"><strong>Live
Bookmark.</strong>
If you're using the Firefox
web browser, you can go to the 4cast website
(<a class="moz-txt-link-freetext" href="http://www.oplin.org/4cast/">http://www.oplin.org/4cast/</a>) and click on the
orange "radio wave" icon
on the right side of the address bar. In
Internet Explorer 7, click on
the same icon to view or subscribe to the
4cast RSS feed. </li>
<li style="text-align: justify;"><strong>E-mail.</strong>
You
can have the OPLIN 4cast
delivered via e-mail (a'la OPLINlist and
OPLINtech) by subscribing to
the 4cast mailing list at
<a class="moz-txt-link-freetext" href="http://mail.oplin.org/mailman/listinfo/OPLIN4cast">http://mail.oplin.org/mailman/listinfo/OPLIN4cast</a>.
</li>
</ul>
</span> </td>
</tr>
<tr>
<td style="border-top: 0px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 204);"
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickfooter.jpg"
valign="top" width="760"> <br>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</body>
</html>