For your Halloween reading pleasure, here's a bit more elaboration on the actual vulnerability that Firesheep exploits. I'm afraid it's scarier than I intimated below, because it's not so much login pages that aren't encrypted (although they remain just as dangerous), but sites designed to use cookies for session authentication-something I wasn't aware Web designers were still doing-which then stupidly send those cookies back and forth in the clear-even after a secure login on a properly HTTPS-encrypted page.
It's these particular inadvertently unencrypted cookies Firesheep grabs, and as has been pointed out elsewhere, limiting your Wi-Fi use to locked-down routers will only reduce your risk, not eliminate it, since you're of course still vulnerable to such "sidejacking" beyond the router-or even still on the LAN side of it in some cases. The only true solution for sites that still insist on tossing cookies around like this would be to encrypt all their pages that do so-which is precisely what Firesheep's author wants. He merely latched onto open Wi-Fi because it's the easiest venue for demonstrating the vulnerability.
So...will these site owners invest in more SSL certificates and the infrastructure and bandwidth to support them, or better yet leave cookies and the 1990s mindset they represent behind, now that the "cookies are safe" myth has been totally busted?
Stay tuned. And in the meantime I'd limit my use of the affected sites until each of them decides on a course of action and takes it.
Sunday, October 31, 2010
Friday, October 29, 2010
No, the sky is NOT falling-it's ALREADY down
How interesting it's been to sit back and watch all the hair-pulling and other nonsense that's gone on over the release of the Firesheep extension for Firefox that according to some is the fourth horseman of the Apocalypse riding in at full gallop. Relax, everyone-it's just a rather unorthodox way of reminding everyone of what ath64 and I have begged, cajoled and preached for everyone to do since day 1 1/2-don't enter or access ANY sensitive information on ANY web page you're connected to over an open Wi-Fi link (or for that matter, connected to in ANY OTHER manner) unless that page is protected by SSL encryption or you're connecting through a virtual private network.
That's the bottom line, folks. And it's gratifying to note that Firesheep's author makes it clear he created the extension not to scare people away from free and open Wi-Fi, but to persuade the owners of at-risk websites to man up (or woman up as necessary, I guess) and get their sites properly HTTPS secured-as they should have done long ago, of course.
That's the bottom line, folks. And it's gratifying to note that Firesheep's author makes it clear he created the extension not to scare people away from free and open Wi-Fi, but to persuade the owners of at-risk websites to man up (or woman up as necessary, I guess) and get their sites properly HTTPS secured-as they should have done long ago, of course.
Friday, October 15, 2010
Charge up and come early
YWCA Corner Coffee Cafe
1017 North 6th Street, KCK
802.11g
SSID: YWCA Public
Well, what do you know? No sooner do we discover that the Kansas City, Kansas Public Library has eased its death grip on its wireless network-now if they'll just lose a bit of their anal-retentiveness and loosen up on the filtering and port blocking-than we get a lead to another free and open hotspot in downtown KCK-and here it is.
Two big downsides-no power outlets and it closes at 4:30 p. m. On balance, however, I'm going to declare that the upsides-it's free, open and in the area of the metro where the need for it is greatest-carry the day. It's on the east side of Sixth just north of Minnesota Avenue, so those south and west facing windows you're looking at will only be a problem late in the afternoon, and only if you sit next to them.
1017 North 6th Street, KCK
802.11g
SSID: YWCA Public
Well, what do you know? No sooner do we discover that the Kansas City, Kansas Public Library has eased its death grip on its wireless network-now if they'll just lose a bit of their anal-retentiveness and loosen up on the filtering and port blocking-than we get a lead to another free and open hotspot in downtown KCK-and here it is.
Friday, October 08, 2010
Half the Internet-better than none?
Kansas City Kansas Public Library
625 Minnesota Avenue, KCK
802.11a or 802.11g
SSID: KCKPLMAIN
Okay, the anonymous tip we received was at least partly correct. You don't need a library card to get online at KCKPL anymore. (I'll let ath64 know so the guide gets updated.) That said, they do ask for an e-mail address, as if anyone out there was dumb enough to provide a real one. And in order to get outside their firewall you'll still have to do something you really shouldn't-accept a self-signed encryption certificate (all the more reason not to give them your actual e-mail address, which in many if not most cases is also your Internet account username).
And that's just the bad news-it goes downhill from here. Perhaps users will take to calling KCK "Johnson County North" given this network's heavy filtering and blocking of ports needed for Usenet and server-based e-mail. Methinks this outlet won't get much usage unless its operators loosen up a little bit. No one else here but your lonesome correspondent just after 4 p. m. on a Friday before what will be a three-day weekend for many government workers around town. Take a hint, KCKPL. Cruise over to the KCMO Plaza branch and see how much more usage a hotspot gets when it's actually useful for something.
Yes, I know I shouldn't complain, what with how long it took this place to unwire to start with and then decide to open up to everyone. Nonetheless, Wyandotte County-particularly its eastern part-is in such dire need of these services that any crippling or restriction of them strikes me as something a public provider of them ought not be doing without a strong rationale. And if KCKPL has one I can't imagine what it would be.
Speaking of rationale...why on earth is there an open 802.11a access point here? You do know that "a" is not part of the Wi-Fi standard, don't you?
Oops...in my excitement I almost forgot to tell everyone to be sure to bring a fully-charged battery or two if despite all the above they decide to come anyway. Very little laptop-friendly seating within reach of power outlets.
625 Minnesota Avenue, KCK
802.11a or 802.11g
SSID: KCKPLMAIN
Okay, the anonymous tip we received was at least partly correct. You don't need a library card to get online at KCKPL anymore. (I'll let ath64 know so the guide gets updated.) That said, they do ask for an e-mail address, as if anyone out there was dumb enough to provide a real one. And in order to get outside their firewall you'll still have to do something you really shouldn't-accept a self-signed encryption certificate (all the more reason not to give them your actual e-mail address, which in many if not most cases is also your Internet account username).
And that's just the bad news-it goes downhill from here. Perhaps users will take to calling KCK "Johnson County North" given this network's heavy filtering and blocking of ports needed for Usenet and server-based e-mail. Methinks this outlet won't get much usage unless its operators loosen up a little bit. No one else here but your lonesome correspondent just after 4 p. m. on a Friday before what will be a three-day weekend for many government workers around town. Take a hint, KCKPL. Cruise over to the KCMO Plaza branch and see how much more usage a hotspot gets when it's actually useful for something.
Yes, I know I shouldn't complain, what with how long it took this place to unwire to start with and then decide to open up to everyone. Nonetheless, Wyandotte County-particularly its eastern part-is in such dire need of these services that any crippling or restriction of them strikes me as something a public provider of them ought not be doing without a strong rationale. And if KCKPL has one I can't imagine what it would be.
Speaking of rationale...why on earth is there an open 802.11a access point here? You do know that "a" is not part of the Wi-Fi standard, don't you?
Oops...in my excitement I almost forgot to tell everyone to be sure to bring a fully-charged battery or two if despite all the above they decide to come anyway. Very little laptop-friendly seating within reach of power outlets.
Sunday, October 03, 2010
Five years in, a pause to reflect-and look forward
It's somewhat hard for me to believe that it was actually five years ago this evening that, while sitting in the atrium of Crown Center hunched over the Athlon 64 laptop from which I took my online moniker, I composed this post and brought this blog into being.
Such a journey it's been-one during which wireless capability has gone from being either a luxury option available only on high-end laptops or an expensive and complicated add-on to a standard feature of any portable computing device, sort of like the evolution of automobile air conditioning we baby boomers witnessed during our formative years. Indeed we have just recently observed the rise of an important new class of portables-the netbook-obviously fueled at least in part by the wireless revolution. Just what we would expect at a time when, according to surveys, today's generation of college freshmen-born around 1992-have never used a telephone with a cord, or known a time when the World Wide Web did not exist.
And the number and variety of locations welcoming them with free, open wireless Internet access has relentlessly grown. Since the start of this year alone both McDonald's and Starbucks have transitioned their national networks from fee to free, following the lead of bookstore chains Borders and Barnes and Noble. Locally, we can be thankful for the Mid-Continent Public Library having made the same change as a counterpoint to the closed networks adopted or stubbornly held onto by several area library systems.
So just where do things stand five years in?
Clearly the battle between Free and Open versus Everything Else still rages. The fact that, as mentioned above, there are still local public library systems (KCK, North Kansas CIty and Cass County) running closed or cardholder-only networks is disheartening-especially in the case of NKC, whose network started life as an open one. Public libraries, currently striving to maintain their relevance in a world where information is increasingly a mouse click away as opposed to being ensconced behind a reference desk, would seem to have no excuse for this anymore. Jumping would-be patrons through hoops would strike me as the last thing they should be doing today. And while big national companies have embraced 21st-century thinking by tearing down Wi-Fi paywalls to draw in much-needed customers in this recession, it's unfortunate that too many local operators have proven slow on the uptake, clinging to outdated notions of wireless access as a product or service rather than an amenity. Apparently the lesson of the two coffeehouse operators that failed in the Power and Light District location where Latté Land is now running a free and open network-right across the street from a Starbucks doing the same-hasn't sunk in. The tide towards free and away from fee has clearly turned, however. Those on the wrong side have a simple choice-get with the program or be swept away.
Sadly, it must be said that local Wi-Fi has not done as much to bridge the digital divide as one might have hoped. With only one exception I'm aware of, the Bluford and Southeast branches of the KCMO Public Library are still the only hotspots in the traditional inner city on the Missouri side. And the situation in Wyandotte County remains worse, with the KCK Library's network closed to non-cardholders and essentially nothing else between the state line and the speedway. It comes as no surprise therefore that recent surveys indicate the most prevalent method of Internet access in these areas is via cellular phone-the electronic equivalent of payday loan and "rent-to-own" stores and buy-here-pay-here used car lots. Are community leaders there concerned at all about this? If not, they should be. Especially with the economy in the shape it's in, it should be clear that outside investment won't come to the rescue; after all, it hasn't up until now. Those who live there-particularly the entrepreneurs and the other ambitious and forward-looking individuals among them-are going to need to solve this problem themselves, along the lines of either the large-scale community networks once envisioned during Wi-Fi's infancy, or more likely a partnership arrangement offering help to new or existing establishments in the area to unwire. Such collective efforts often failed elsewhere because the marketplace obviated the need for them. That has not happened and does not appear to be happening in this case, so community initiative here would truly be filling a void.
And what of the future?
Truly mobile alternatives to fixed-site Wi-Fi grow cheaper all the time, but I think we're still a long way from anything replacing it. Anyone who really has a great need for genuine on-the-go Internet access is already paying for it, and they'll always pay more than those of us who can get by with 24/7 wired backhaul to our home router and an occasional stop at a favorite hotspot. The "white space" proposal the FCC recently signed off on is intriguing, but if the Big Telecom incumbents simply take over this technology-as a possible replacement for running copper over the "last mile" to subscriber locations in addition to providing mobile service, as some "4G" cellular providers are doing now-why wouldn't fixed site operators merely adopt it to provide backhaul for their existing routers? The incumbents would have to give away access to compete, and it would, it is hoped, become clear to them that it'd be much better to keep doing what they're doing now-join the Wi-Fiers rather than try to beat them. They're doing a land-office business selling backhaul over copper and fiber currently. If it ain't broke, why fix it?
No, wireless Internet hotspots aren't going anywhere anytime soon. And neither is this blog. We'll keep our eyes on the news and our laptops at the ready to bring you the latest, whether a review of a recently unwired location or our take on current events or technological, legal or social developments that could have an impact on when, where and how you go online away from home.
Again, this last half-decade has been quite a journey. Thanks so much for coming along.
Such a journey it's been-one during which wireless capability has gone from being either a luxury option available only on high-end laptops or an expensive and complicated add-on to a standard feature of any portable computing device, sort of like the evolution of automobile air conditioning we baby boomers witnessed during our formative years. Indeed we have just recently observed the rise of an important new class of portables-the netbook-obviously fueled at least in part by the wireless revolution. Just what we would expect at a time when, according to surveys, today's generation of college freshmen-born around 1992-have never used a telephone with a cord, or known a time when the World Wide Web did not exist.
And the number and variety of locations welcoming them with free, open wireless Internet access has relentlessly grown. Since the start of this year alone both McDonald's and Starbucks have transitioned their national networks from fee to free, following the lead of bookstore chains Borders and Barnes and Noble. Locally, we can be thankful for the Mid-Continent Public Library having made the same change as a counterpoint to the closed networks adopted or stubbornly held onto by several area library systems.
So just where do things stand five years in?
Clearly the battle between Free and Open versus Everything Else still rages. The fact that, as mentioned above, there are still local public library systems (KCK, North Kansas CIty and Cass County) running closed or cardholder-only networks is disheartening-especially in the case of NKC, whose network started life as an open one. Public libraries, currently striving to maintain their relevance in a world where information is increasingly a mouse click away as opposed to being ensconced behind a reference desk, would seem to have no excuse for this anymore. Jumping would-be patrons through hoops would strike me as the last thing they should be doing today. And while big national companies have embraced 21st-century thinking by tearing down Wi-Fi paywalls to draw in much-needed customers in this recession, it's unfortunate that too many local operators have proven slow on the uptake, clinging to outdated notions of wireless access as a product or service rather than an amenity. Apparently the lesson of the two coffeehouse operators that failed in the Power and Light District location where Latté Land is now running a free and open network-right across the street from a Starbucks doing the same-hasn't sunk in. The tide towards free and away from fee has clearly turned, however. Those on the wrong side have a simple choice-get with the program or be swept away.
Sadly, it must be said that local Wi-Fi has not done as much to bridge the digital divide as one might have hoped. With only one exception I'm aware of, the Bluford and Southeast branches of the KCMO Public Library are still the only hotspots in the traditional inner city on the Missouri side. And the situation in Wyandotte County remains worse, with the KCK Library's network closed to non-cardholders and essentially nothing else between the state line and the speedway. It comes as no surprise therefore that recent surveys indicate the most prevalent method of Internet access in these areas is via cellular phone-the electronic equivalent of payday loan and "rent-to-own" stores and buy-here-pay-here used car lots. Are community leaders there concerned at all about this? If not, they should be. Especially with the economy in the shape it's in, it should be clear that outside investment won't come to the rescue; after all, it hasn't up until now. Those who live there-particularly the entrepreneurs and the other ambitious and forward-looking individuals among them-are going to need to solve this problem themselves, along the lines of either the large-scale community networks once envisioned during Wi-Fi's infancy, or more likely a partnership arrangement offering help to new or existing establishments in the area to unwire. Such collective efforts often failed elsewhere because the marketplace obviated the need for them. That has not happened and does not appear to be happening in this case, so community initiative here would truly be filling a void.
And what of the future?
Truly mobile alternatives to fixed-site Wi-Fi grow cheaper all the time, but I think we're still a long way from anything replacing it. Anyone who really has a great need for genuine on-the-go Internet access is already paying for it, and they'll always pay more than those of us who can get by with 24/7 wired backhaul to our home router and an occasional stop at a favorite hotspot. The "white space" proposal the FCC recently signed off on is intriguing, but if the Big Telecom incumbents simply take over this technology-as a possible replacement for running copper over the "last mile" to subscriber locations in addition to providing mobile service, as some "4G" cellular providers are doing now-why wouldn't fixed site operators merely adopt it to provide backhaul for their existing routers? The incumbents would have to give away access to compete, and it would, it is hoped, become clear to them that it'd be much better to keep doing what they're doing now-join the Wi-Fiers rather than try to beat them. They're doing a land-office business selling backhaul over copper and fiber currently. If it ain't broke, why fix it?
No, wireless Internet hotspots aren't going anywhere anytime soon. And neither is this blog. We'll keep our eyes on the news and our laptops at the ready to bring you the latest, whether a review of a recently unwired location or our take on current events or technological, legal or social developments that could have an impact on when, where and how you go online away from home.
Again, this last half-decade has been quite a journey. Thanks so much for coming along.
Subscribe to:
Posts (Atom)