I’m giving a workshop next week in Utah titled “Setting up Wireless Access in Your Library” and of course, one of the topics covered will be security issues. In preparation I’m playing with some very interesting software including Ethereal. To keep it non-technical, Ethereal allows anyone to sniff, trap, and save network data, including data being transmitted over the air via WiFi connections. As a test, I connected to an open WiFi access point, started a capture, and logged into my flickr account. I then stopped the capture and saved 2.25MB worth of data (about 45 seconds worth of surfing). Look what I found when I searched the data for the word “password”:
I’ve obscured my password for obvious reasons but I’m sure you still get the point. So, who wants to log into their bank account from a Starbucks?
Michael Sauers is currently the Director of Technology for Do Space in Omaha, NE. Michael has been training librarians in technology for the past twenty years and has also been a public library trustee, a bookstore manager for a library friends group, a reference librarian, serials cataloger, technology consultant, and bookseller since earning his MLS in 1995 from the University at Albany’s School of Information Science and Policy. Michael has also written dozens of articles for various journals and magazines and his fourteenth book, Emerging Technologies: A Primer for Librarians (w/ Jennifer Koerber) was published in May 2015 and more books are on the way. In his spare time he blogs at travelinlibrarian.info, runs The Collector’s Guide to Dean Koontz Web site, takes many, many photos, and typically reads more than 100 books a year.
View all posts by Michael Sauers
3 Replies to “Stealing Passwords”
From an HTTPS page? If so, that’s pretty shocking. If not–if a bank or anyone else is using an unsecured page for an important password–that’s a different problem.
Not that I’d log into any financial account from anything but my own secure net anyway, but…
From an HTTPS page? If so, that’s pretty shocking. If not–if a bank or anyone else is using an unsecured page for an important password–that’s a different problem.
Not that I’d log into any financial account from anything but my own secure net anyway, but…
The login page for us with old school flickr logins isn’t secure: http://flickr.com/signin/flickr/
do you know if this kind of security risk still exists? I am in cambodia now and using unsecure internet cafe wifi. Should I worry?