Network World Canada provides a little back and forth between telco Rogers Communications and Toronto Hydro: The former backs WiMax as the coming thing, so why bother with Wi-Fi. The latter once had plans for a large city-wide Wi-Fi network, and defends that technology’s ubiquity and cost. Mobile WiMax isn’t yet mobile; Wi-Fi is. WiMax in Canada is enormously more expensive in this pre-standard version: C$45 to C$65 per month; Toronto’s Wi-Fi, C$29.

Only problem? Toronto’s Wi-Fi network hasn’t increased in area for some time, and the head of the company, quoted in this article extolling Wi-Fi, fails to mention its tiny size. It was rated very heavily by Novarum, a testing firm, partly because of the density of access points installed. Their six sq km network has under 4,000 users, and they went say how many below. But they won’t build the network further until subscribers top that figure.

Gavin Newsom and the president of the city’s board of supervisors stuck a free wireless resolution on the ballot five minutes before the deadline: The measure is nonbinding, but asks voters whether they support the notion of free wireless throughout the city. It also asks if they’d like free ice cream and a pony.

The existing contract with EarthLink was already unlikely to move forward due to EarthLink’s business model changes. The emendations to the contract requested by the supervisors’ head ensure that EarthLink will ultimately back out. I give it another four to six weeks before the whole deal is over.

Which means that SF has to return to the drawing board. Kite Networks is undercapitalized (per their disclosures on their recent spinoff) to take on a task like SF without outside financing. Cisco, IBM, and Intel are tied up with their Wireless Silicon Valley (Cisco/IBM) and Sacramento (Cisco/Intel) consortiums. MetroFi wants an upfront commitment of service revenue, which doesn’t seem in the cards, and it appears rather busy with Portland, Ore., and several other cities. US Internet is tied up in Minneapolis. There’s no other firms of scale involved in bidding on and winning contracts like this except Clearwire, which isn’t building out Wi-Fi.

Minneapolis city, citizens leaned on Wi-Fi network for information, telecom after tragedy: This interesting story from Computerworld demonstrates the best aspects of currently deployed city-spanning Wi-Fi networks: outdoor access in emergencies. The operator, US Internet, couldn’t reach the city, so opened the network for free for 24 hours. Nice move. Usage climbed from 1,000 users to 6,000 users. The city used the network to relay information from the field, including detailed maps and large files. US Internet was able to add nodes near the bridge the day after its collapse.

While US Internet’s CEO thought people with Wi-Fi phones could switch from the overloaded cell network to his Wi-Fi network, it’s unclear how many people have such phones. US carriers don’t directly support any such models, except T-Mobile, which can’t authenticate to any network that requires a Web page interaction.

BusinessWeek asked my thoughts about the FCC’s choices over rules in an upcoming auction for wireless licenses: I wrote this essay out the of the frustration of hearing regulators’ choosing a set of rules for one chunk of the 700 MHz spectrum called “regulation” when it didn’t suit the party’s interest and a “lack of regulation” when it did. Google et al proposed that we have a single broad enough national spectrum (in this case, six licenses that together cover the U.S.) that had a requirement for openness. Open access for any legal device, any legal purpose, and any reseller. Instead, we have a carrier-forged policy that will ensure that it’s just business mostly as usual.

The dancing rabbits reference is shorthand for the vast array of devices we have in the Wi-Fi junk band that’s supposedly unusable spectrum in the eyes of cell carriers. The Nabaztag is a very weird use of Wi-Fi, but it shows how innovation isn’t restricted by mere sanity.

Errata Security’s Robert Graham showed how easy it is to grab tokens from Web traffic sent in the clear over Wi-Fi to hijack a session in progress: Almost every site that offers account logins uses a token stored in a cookie or appended to every link on a page (Amazon’s original, pre-cookie approach) that serves as proof the user logged in successfully recently. Often, tokens time out forcing you to log in again to get a new one. The tokens are sent in the clear, and if you know the browser cookie name for the token, you can grab it over an open Wi-Fi connection at a hotspot.

Graham demonstrated automated tools to accomplish what he’s calling sidejacking at the Black Hat security conference. The Ferret and Hamster programs work together to grab and sidejack a connection. It’s a rather neat idea; it was clear to many that these tokens were a risk, but it raises the risk profile when it’s demonstrated how easy it is to turn that into something practical. Graham noted, the BBC reports, that many appropriately designed sites require you to re-enter your password to perform account changes, and this weakness wouldn’t affect that level of security.

The point of this kind of sidejacking would be to create an easy process for a cracker at popular hotspots to insert malicious code into MySpace or other social media sites. It’s pretty clear that you could automate a tool to scan for social logins, grab the token, make the connection to retrieve and post a revised page with a payload—all of which could happen in seconds.

The Web has an inherent bit of weakness, in that Web browsers can’t create or pass information without layering encryption on top of the connection that a sniffer can’t extract. That is, you can have JavaScript in a browser create a hash of various computer details that would uniquely identify it and combine that with a timestamp, but it’s pointless. As soon as the token leaves the computer in the clear, a sniffer can grab and use it.

There are three solutions to this problem:

• Only use Web sites that employ SSL across their entire session. SSL imposes a slight yearly cost for certificates for the site’s operator, and computational cost for the encryption overhead in managing browser interaction. But it’s possible and worth it. There’s no good reason except adding a few percentage points to your server budget to avoid SSL for everything.
• Use a VPN (virtual private network) connection, which opaques everything entering and leaving your computer from sniffing. Plenty of rent-a-VPN services exist like JiWire’s HotSpot Helper, AnchorFree’s free Hotspot Shield, WiTopia’s personalVPN, PublicVPN.com’s eponymous service, and HotSpotVPN’s multiple offerings.
• Browser and server makers could agree to develop a new protocol that would bind local network and computer information into a cryptographic hash that would vary on each transmission. There may be such an effort in progress. It’s a compromise between SSL (and would require an SSL negotiation at the start) and clear text, but imposes a lower computational load on both ends.

Graham’s business partner David Maynor gets a booby prize: The Pwnie Awards are a self-organized set of security raspberries presented at Black Hat but with no connection to the event. The judges, all security researchers, gave David Maynor a Pwnie for the Most Overhyped Bug, with a description of the events last year in which Maynor and his colleague Jon Ellch appeared to say and then deny that they had found exploitable vectors in Apple’s native wireless drivers.

While Maynor noted in February that he had actually found such vulnerabilities and reported them to Apple, he said he would shortly release the code that he used, in order to show that the potential was there before Apple released patches, and that the patches corresponded to what he and Ellch found. Maynor has never released this code. I pinged him recently to ask if he was now ever planning to; no response.

The Pwnie judges note in a rather fair way, especially considering some of those judges’ general attitudes towards Apple and its security responses, “In the end, the only public information about Maynor’s Wi-Fi vulnerabilities are hype, denial, a media frenzy, and a patch that may or may not have been based on Maynor’s findings.”

And it gets more interesting: Graham praises Apple’s iPhone patches in advance of Black Hat: Back to Graham. Graham praises Apple for its rapid response to a series of bugs found in the iPhone that had already been demonstrated to show exploits. In the cell world, Graham writes, “Apple [h]as set a record for responding to security problems quickly.”