Not only is the KCK Public Library's Wi-Fi network closed (and thus beyond this blog's scope, meaning we won't be reviewing it), but even if you have a library card there I'm going to recommend you not attempt to use it, at least until they fix their insecure login page.
Memo to the library IT department: There's a reason browsers warn users about improperly configured SSL installations, you know. Google "man in the middle attack" and you might get a clue-before one of your unsuspecting patrons gets rousted out of bed in the middle of the night by the police wanting to find out why he or she checked out those umpteen DVDs and never returned them. Of course, it will be because the patron didn't check them out. Rather, it will have been the identity thief who cloned a phony library card with the patron's number and then absconded to eBay or a pawn shop with the stolen discs. Don't think so? It's happening elsewhere.
And memo to the rest of you. Don't ever-ever-EVER!!!-proceed with entering any sensitive information of any type on an encrypted page once your browser has given you any warning about the site's certificate. Your browser is grabbing you by the lapels and shaking you while shouting "Hey, buddy, I don't know if this really is the library (or your bank or credit card issuer) you're connected to; it could be someone in a cave in Afghanistan for all I know. You want to go ahead, I can't stop you, but if you end up living on bread and water in a cage at Gitmo, don't say I didn't warn you."
Be smart. DON'T go ahead.
Wednesday, December 19, 2007
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment