Security for Libraries (SEC4LIB)

Fri May 4 00:52:17 EDT 2012

Dear Erin

Please add me. to the SEC4LIB

HRS

On 4 May 2012 09:14, I.D.A.L. Wijayaratne <idwij at ou.ac.lk> wrote:

> Hi Erin,
> I would like to join the SEC4LIB discussion group
> Include me pl
>
> Anusha
>
> Anusha Wijayaratne, PhD
> Senior Assistant Librarian/ Periodicals
> Office: +94-112881263
> Home +94-112410970
> Mobile +94-0718024933
> The Open University of Sri Lanka (www.ou.ac.lk)
>
>
> ---------- Original Message -----------
> From: Bob Stromberg <bob.stromberg at GMAIL.COM>
> To: WEB4LIB at LISTSERV.ND.EDU
> Sent: Thu, 3 May 2012 16:23:51 -0400
> Subject: Re: [WEB4LIB] Security for Libraries (SEC4LIB)
>
> > I'm also interested. I think that the "stories" -- the narrative
> > descriptions of what might happen as patrons use libraries -- help
> clarify
> > security issues.
> >
> > For example, to install the FireSheep add-on for Firefox, all a user
> > needs to do is restart Firefox (not reboot the computer). What
> > access does this action give the user to other computers on the same
> > network?
> >
> > Another: Faronics Deep Freeze resets the computer to a preferred
> > state when the computer is rebooted. But if the computer is running
> > with downlevel software, such as Java, Flash, or Adobe Reader, which
> > see very frequent security updates, is that user vulnerable to drive-
> > by downloads for the duration of his/her session?
> >
> > What advice can (and should) libraries give to patrons who are using
> > public-access PCs to do online shopping and online banking? Or, for that
> > matter, their own laptops while connected to the library WiFi. Just
> > watching for https in the address bar (and other patrons shoulder-
> > surfing) might not be sufficient.
> >
> > Many Windows 7 PCs have network discovery turned on in the "Public"
> > location. Whoops.
> >
> > And Mac OS X computers have sharing options turned on by default,
> >  not only in System Preferences but also in iTunes, iPhoto, or iChat
> > preferences. Whoops again.
> >
> > Smartphones can be set up to connect to WiFi networks.
> >
> > WiFi networds can be set to turn on "wireless isolation" or "AP
> isolation"
> > to prevent device-to-device connection. This would prevent wireless
> access
> > to printers, and wireless access to patrons' own devices (for
> > example, for copying photos from a smartphone to a computer).
> >
> > Lots of topics here....
> >
> > Bob Stromberg
> > Round Lake, NY
> >
> > On Thu, May 3, 2012 at 3:10 PM, Erin Germ
> > <erinlovestechno at gmail.com> wrote:
> >
> > > I thought I would extend this to the WEB4LIB listserv.
> > >
> > > Would anyone be interested in forming an informal SEC4LIB discussion
> > > group. This would be an informal group to discuss and investigate
> existing
> > > security features and shortcomings of library services and
> applications.
> > > This would essentially include documenting and pen-testing library
> > > applications and services.
> > >
> > > As background, I'm finishing a second Masters in Cybersecurity and have
> > > been "investigating" various library software and services. I've been
> do
> > > white-hat investigating on library software and services for about a
> year
> > > and reporting discoveries to vendors and sites. My goal is to bring
> > > attention to the security aspect of library software and services while
> > > working with vendors/providers to secure their products, services,
> > > applications, and solution. If your interested in the same, please
> contact
> > > me.
> > >
> > > V/R
> > >
> > > Erin Germ
> > > ============================
> > >
> > > To unsubscribe: http://bit.ly/web4lib
> > >
> > > Web4Lib Web Site: http://web4lib.org/
> > >
> > > 2012-05-03
> > >
> > >
> >
> > ============================
> >
> > To unsubscribe: http://bit.ly/web4lib
> >
> > Web4Lib Web Site: http://web4lib.org/
> >
> > 2012-05-03
> ------- End of Original Message -------
>
> ============================
>
> To unsubscribe: http://bit.ly/web4lib
>
> Web4Lib Web Site: http://web4lib.org/
>
> 2012-05-03
>

============================

To unsubscribe: http://bit.ly/web4lib

Web4Lib Web Site: http://web4lib.org/

2012-05-04
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listserv.nd.edu/pipermail/web4lib/attachments/20120504/88a66117/attachment.htm>