Cory Bohon

Something that a lot of people don’t pay much attention to is wireless access points. Many people will connect to any wireless access point and begin checking their email, bank accounts, and go to other online services without giving much thought to their wireless surroundings.

But, here’s the thing … no matter if you’re connected to a 100% trusted wireless network, your information and security could be at risk no matter the operating system you’re using: Windows, Mac, Linux, it doesn’t matter.

The insecurity comes from the way a network operates. Generally, wireless networks work in a logical BUS topology, which means that any data response is sent to all computers on the network, but only the computer the data was addressed to will accept it and other computers will disregard the data.

If you have some specially designed software on your computer, like Wireshark, then you can “sniff” the packets (small chopped up bits of data) being sent and received from other computers on the network you’re connected to. By doing this, you can see in plain sight any data (passwords, bank account numbers, usernames, messages, etc.) that is being sent as plain text. Most websites generally send sensitive account information in this fashion, too. This will work on both wired and wireless connections, mind you.

Take the screenshot below. This is from my home wireless network that I was connected to. It shows where I was attempting to login to a website using my username and password. Notice how both the username and passwords were sent unsecurely as plain text. If anyone was connected to the network and had an application like Wireshark up and running, they could capture those packets and retrieve my username and password all without me ever noticing.

This is something very important to remember when connecting to wireless networks. What you may think of as a secured access point may be the way in which your important information is stolen unsupectingly.

Protecting yourself
There are ways to protect yourself from this method of data theft, however.

Generally, banks and other websites that maintain personal data use SSL security. This means that data sent or received to your computer and the server you’re connected to is encrypted before being sent. If you’ve ever noticed a small lock in your web browser or noticed that the protocol in the address bar changed from “http://” to “https://” then you’re most likely secured via encryption.

What does HTTP or HTTPS mean?
HTTP stands for Hyper Text Transfer Protocol and it’s the method by which web pages are requested and delivered to your web browser. HTTPS stands for Hyper Text Transfer Protocol Secure and it’s a secure version of the standard HTTP protocol that allows SSL security certificates and other security layers between you and the server you’re connected to.

In addition to checking to make sure you’re connected to a secure website before typing and submitting personal information, you also have a few other options. You could set up a VPN (virtual private network) on a computer at your home that you could connect through to provide a secure gateway for accessing websites while on-the-go. You could also invest in a 3G/4G wireless card for your notebook computer. This would allow you to have a direct connection to an wireless Internet provider (via a more secure cell tower connection). Plans can be pricey, however, which is why some use a VPN connection.

This is one of the reasons I went for the 3G version of the iPad. I’m trying to free myself from using public Wi-Fi where I am only as secure as the content I access and my computer security is only as safe as the people accessing the network.

The problem with this security issue is that anyone and any network is susceptible to the problems. Even if the network features WEP or WPA security measures. If someone can connect to it and open an application like Wireshark, they can begin gathering sensitive information.

What is WEP and WPA Security?
WEP stands for Wired Equivalent Privacy and is an older, less secure way to encrypt a wireless network. WPA stands for Wi-Fi Protected Access and is a newer and more secure way to encrypt a network. Generally, it is better to stray away from WEP encryption because tools exist that can allow anyone to penetrate the network and gain access to your wireless connection.

I wanted to post this because I see a lot of people who nonchalantly connect to public wireless networks and begin surfing to websites that contain sensitive data about that person. I hope that you were able to understand my concern and the reason that I wanted to let you know about this security issue.

If you have any questions, feel free to post a comment below or email me. Also, if you have a computer topic that you’d like me to talk about, feel free to send me an email and I will see what I can do.

If you’re following my Twitter feed, you probably know that I’ve been ecstatic about a fairly new content management system for Digital Humanists creating digital archives. The web software is called Omeka, and it’s out of the Center for Digital Humanities at George Mason University in Virginia.

Omeka has a rich API (application programming interface) that lets developers and creatives alike create awesome plugins and additional content that flows right along side of the CMS. I have been actively developing Omeka plugins for the past academic year at my university in hopes of making Omeka more accessible to visually impaired people accessing the Omeka archives. The development was sponsored by two grant-related projects that I’m involved with. The first project is LookListenTouch.org which I worked for Fall 2009, and BrailleSC.org that I’m currently working on.

People who are visually impaired generally access websites using screen reading software like JAWS or Apple’s screen reader VoiceOver. This software reads aloud what’s on the screen, but screen readers don’t work well with certain web content, namely Adobe Flash, JavaScript and Java applets. Fortunately, Omeka’s front-end doesn’t rely on any of the technologies, making it pretty accessible out-of-the-box. However, the accessibility plugins I’ve developed expand on the universal design model, making Omeka even more accessible.

The first of the plugins is an Access Keys plugin. This plugin lets the administrator assign Access Keys, which are one-character keyboard shortcuts, to basic Omeka functionality, such as go to the home page, browse by items, browse by collections, skip to next item, skip to previous item, and skip directly to the content. Normally people accessing websites with a screen reader need to listen to a list of menu items each and every time they listen to a page being read, but with the Access Keys model, they can memorize a set of keys, then jump to any page they wish to go to. For example, if you wanted to go to the search page, you can press Control + S and go directly to the search page in Omeka.

Access Keys can provide a ton of usability for user accessing a particular website, making navigation easier than ever before. The thing is, Access Keys have been around since around 1999 — why haven’t they been used before? Well, I’d suggest that’s partially because different web browsers use different modifier keys (i.e. pressing control, command, or shift before pressing the access key in order to activate a link). That’s why BrailleSC.org and LookListenTouch.org is advocating the standardization of modifier keys across different browsers, operating systems, and versions of browsers. This would make life easier for users and developers alike.

Continuing on the idea of Access Keys, I’ve also developed a custom Access Keys plugin that will allow an Omeka administrator to specify up-to 10 URLs and Access Keys that will be available from any page inside of Omeka. For example, you could go to Google.com by pressing Control + G.

Of course, Access Keys are limited to the number of letters and numbers available on the keyboard, so that’s 26 + 10 = 36 available keys. Symbols are not available for assigning Access Keys, and remember that if the shortcut assigned is also a shortcut for the web browser (i.e. in Internet Explorer Control + B is for bookmarking pages), then the assignment will overwrite the browser functionality.

The Last plugin that I’ve completed is one called “TextZoom” that, like its name implies, lets the user enlarge the text on the page. When the admin enables this plugin, they also can specify Access Keys for the enlargement functions. There is five levels of enlargement: default, small, medium, large, and extra large. When a user selects any of the enlargement levels, the settings are automatically remembered for 30-days using a cookie, so when they visit the site again, the text will automatically be enlarged for them. The user can then press the default option to go back to the default site and remove the cookie from their browser.

There are other plugins that I’m working on, including a Google Analytics plugin that will let an administrator look at current website tracking information right from within the admin pages.

Where Can You Get The Plugins?
I have the three plugins mention in detail above available for download at BrailleSC.org/development. I also have the source listed on my own development wiki at CoryBohon.com/development. The plugins are completely open source, so if you wish to take the source code an improve it you can under the terms of the included GNU public license.

If you have any questions about the plugins, you can email me directly at cory [at] corybohon [dot] com or cory [at] braillesc [dot] org.

Getting one step closer to being like Squarespace, Google’s Blogger has a new feature that makes designing your blog much easier. It’s called the Blogger Template Designer and it allows you to create your own templates in a matter of minutes with just a few simple clicks. Pretty nifty considering its price: free.

The other week I decided to order “The Wikipedia Revolution” by Andrew Lih after I heard Leo Laporte talking about it in his speech on journalism in today’s world. After reading the book, I would have to agree that this book is an awesome resource for anyone looking to get more information on Wikipedia.

Even though much of the book is focused on the online wiki-based encyclopedia, Lih gives your brain a stroll down memory lane by telling you the history of the wiki software and how it came to be. There’s also discussions about the GNU licensing and the idea of a “copyleft.”

One of my favorite chapters would have to be about the origins of a wiki in which Lih talks about the invention of Apple’s Hypercard technology that allowed hyperlinking between electronic documents back in the late 80s.

As someone who’s heard about, but wasn’t around to experience Nupedia, Hypercard, and Usenet, Lih gives a general overview of the technologies, how they came to be, and the role they played in structuring “The World’s Greatest Encyclopedia.”

This book is a joy to read and provides a lot of background information into the inner workings of Wikipedia. Plus, you can pick up a copy of the book for only $10 on Amazon — quite a steal in my opinion.

With the new audio editor, you can trim, loop, stretch and reverse clips, width editable loop points, and interactive time stretch capabilities. You can add fade-ins/outs, modify gain, add effects like pitch, reverb, EQ. The import/export allows you to search the cloud library, mix down and export to your computer, or publish it online with your Aviary account.

You don’t need an account to play around with these awesome browser applications, so head on over to Aviary.com and try out one of them today. If you are inclined to, you can create an account that will allow you to save your creations on the service.

Aviary Blog via Mashable