Security for Libraries (SEC4LIB)

Thu May 3 23:44:43 EDT 2012

Hi Erin,
I would like to join the SEC4LIB discussion group
Include me pl

Anusha

Anusha Wijayaratne, PhD
Senior Assistant Librarian/ Periodicals
Office: +94-112881263
Home +94-112410970
Mobile +94-0718024933
The Open University of Sri Lanka (www.ou.ac.lk)


---------- Original Message -----------
From: Bob Stromberg <bob.stromberg at GMAIL.COM>
To: WEB4LIB at LISTSERV.ND.EDU
Sent: Thu, 3 May 2012 16:23:51 -0400
Subject: Re: [WEB4LIB] Security for Libraries (SEC4LIB)

> I'm also interested. I think that the "stories" -- the narrative
> descriptions of what might happen as patrons use libraries -- help clarify
> security issues.
> 
> For example, to install the FireSheep add-on for Firefox, all a user 
> needs to do is restart Firefox (not reboot the computer). What 
> access does this action give the user to other computers on the same 
> network?
> 
> Another: Faronics Deep Freeze resets the computer to a preferred 
> state when the computer is rebooted. But if the computer is running 
> with downlevel software, such as Java, Flash, or Adobe Reader, which 
> see very frequent security updates, is that user vulnerable to drive-
> by downloads for the duration of his/her session?
> 
> What advice can (and should) libraries give to patrons who are using
> public-access PCs to do online shopping and online banking? Or, for that
> matter, their own laptops while connected to the library WiFi. Just
> watching for https in the address bar (and other patrons shoulder-
> surfing) might not be sufficient.
> 
> Many Windows 7 PCs have network discovery turned on in the "Public"
> location. Whoops.
> 
> And Mac OS X computers have sharing options turned on by default,
>  not only in System Preferences but also in iTunes, iPhoto, or iChat 
> preferences. Whoops again.
> 
> Smartphones can be set up to connect to WiFi networks.
> 
> WiFi networds can be set to turn on "wireless isolation" or "AP isolation"
> to prevent device-to-device connection. This would prevent wireless access
> to printers, and wireless access to patrons' own devices (for 
> example, for copying photos from a smartphone to a computer).
> 
> Lots of topics here....
> 
> Bob Stromberg
> Round Lake, NY
> 
> On Thu, May 3, 2012 at 3:10 PM, Erin Germ 
> <erinlovestechno at gmail.com> wrote:
> 
> > I thought I would extend this to the WEB4LIB listserv.
> >
> > Would anyone be interested in forming an informal SEC4LIB discussion
> > group. This would be an informal group to discuss and investigate 
existing
> > security features and shortcomings of library services and applications.
> > This would essentially include documenting and pen-testing library
> > applications and services.
> >
> > As background, I'm finishing a second Masters in Cybersecurity and have
> > been "investigating" various library software and services. I've been do
> > white-hat investigating on library software and services for about a year
> > and reporting discoveries to vendors and sites. My goal is to bring
> > attention to the security aspect of library software and services while
> > working with vendors/providers to secure their products, services,
> > applications, and solution. If your interested in the same, please 
contact
> > me.
> >
> > V/R
> >
> > Erin Germ
> > ============================
> >
> > To unsubscribe: http://bit.ly/web4lib
> >
> > Web4Lib Web Site: http://web4lib.org/
> >
> > 2012-05-03
> >
> >
> 
> ============================
> 
> To unsubscribe: http://bit.ly/web4lib
> 
> Web4Lib Web Site: http://web4lib.org/
> 
> 2012-05-03
------- End of Original Message -------

============================

To unsubscribe: http://bit.ly/web4lib

Web4Lib Web Site: http://web4lib.org/

2012-05-03