I’m giving a workshop next week in Utah titled “Setting up Wireless Access in Your Library” and of course, one of the topics covered will be security issues. In preparation I’m playing with some very interesting software including Ethereal. To keep it non-technical, Ethereal allows anyone to sniff, trap, and save network data, including data being transmitted over the air via WiFi connections. As a test, I connected to an open WiFi access point, started a capture, and logged into my flickr account. I then stopped the capture and saved 2.25MB worth of data (about 45 seconds worth of surfing). Look what I found when I searched the data for the word “password”:
I’ve obscured my password for obvious reasons but I’m sure you still get the point. So, who wants to log into their bank account from a Starbucks?
Michael Sauers is the Technology Manager for Do Space in Omaha, NE. After earning his MLS in 1995 from the University at Albany's School of Information Science and Policy Michael spent his first 20 years as a librarian training other librarians in technology along with time as a public library trustee, a bookstore manager for a library friends group, a reference librarian, a technology consultant, and a bookseller. He has written dozens of articles for various journals and magazines and has published 14 books ranging from library technology, blogging, Web design, and an index to a popular horror magazine. In his spare time, he blogs at TravelinLibrarian.info, runs The Collector's Guide to Dean Koontz website at CollectingKoontz.com, takes many, many photos, and typically reads more than 100 books a year.
View all posts by Michael Sauers
3 Replies to “Stealing Passwords”
From an HTTPS page? If so, that’s pretty shocking. If not–if a bank or anyone else is using an unsecured page for an important password–that’s a different problem.
Not that I’d log into any financial account from anything but my own secure net anyway, but…
From an HTTPS page? If so, that’s pretty shocking. If not–if a bank or anyone else is using an unsecured page for an important password–that’s a different problem.
Not that I’d log into any financial account from anything but my own secure net anyway, but…
The login page for us with old school flickr logins isn’t secure: http://flickr.com/signin/flickr/
do you know if this kind of security risk still exists? I am in cambodia now and using unsecure internet cafe wifi. Should I worry?