Cory Bohon

Something that a lot of people don’t pay much attention to is wireless access points. Many people will connect to any wireless access point and begin checking their email, bank accounts, and go to other online services without giving much thought to their wireless surroundings.

But, here’s the thing … no matter if you’re connected to a 100% trusted wireless network, your information and security could be at risk no matter the operating system you’re using: Windows, Mac, Linux, it doesn’t matter.

The insecurity comes from the way a network operates. Generally, wireless networks work in a logical BUS topology, which means that any data response is sent to all computers on the network, but only the computer the data was addressed to will accept it and other computers will disregard the data.

If you have some specially designed software on your computer, like Wireshark, then you can “sniff” the packets (small chopped up bits of data) being sent and received from other computers on the network you’re connected to. By doing this, you can see in plain sight any data (passwords, bank account numbers, usernames, messages, etc.) that is being sent as plain text. Most websites generally send sensitive account information in this fashion, too. This will work on both wired and wireless connections, mind you.

Take the screenshot below. This is from my home wireless network that I was connected to. It shows where I was attempting to login to a website using my username and password. Notice how both the username and passwords were sent unsecurely as plain text. If anyone was connected to the network and had an application like Wireshark up and running, they could capture those packets and retrieve my username and password all without me ever noticing.

This is something very important to remember when connecting to wireless networks. What you may think of as a secured access point may be the way in which your important information is stolen unsupectingly.

Protecting yourself
There are ways to protect yourself from this method of data theft, however.

Generally, banks and other websites that maintain personal data use SSL security. This means that data sent or received to your computer and the server you’re connected to is encrypted before being sent. If you’ve ever noticed a small lock in your web browser or noticed that the protocol in the address bar changed from “http://” to “https://” then you’re most likely secured via encryption.

What does HTTP or HTTPS mean?
HTTP stands for Hyper Text Transfer Protocol and it’s the method by which web pages are requested and delivered to your web browser. HTTPS stands for Hyper Text Transfer Protocol Secure and it’s a secure version of the standard HTTP protocol that allows SSL security certificates and other security layers between you and the server you’re connected to.

In addition to checking to make sure you’re connected to a secure website before typing and submitting personal information, you also have a few other options. You could set up a VPN (virtual private network) on a computer at your home that you could connect through to provide a secure gateway for accessing websites while on-the-go. You could also invest in a 3G/4G wireless card for your notebook computer. This would allow you to have a direct connection to an wireless Internet provider (via a more secure cell tower connection). Plans can be pricey, however, which is why some use a VPN connection.

This is one of the reasons I went for the 3G version of the iPad. I’m trying to free myself from using public Wi-Fi where I am only as secure as the content I access and my computer security is only as safe as the people accessing the network.

The problem with this security issue is that anyone and any network is susceptible to the problems. Even if the network features WEP or WPA security measures. If someone can connect to it and open an application like Wireshark, they can begin gathering sensitive information.

What is WEP and WPA Security?
WEP stands for Wired Equivalent Privacy and is an older, less secure way to encrypt a wireless network. WPA stands for Wi-Fi Protected Access and is a newer and more secure way to encrypt a network. Generally, it is better to stray away from WEP encryption because tools exist that can allow anyone to penetrate the network and gain access to your wireless connection.

I wanted to post this because I see a lot of people who nonchalantly connect to public wireless networks and begin surfing to websites that contain sensitive data about that person. I hope that you were able to understand my concern and the reason that I wanted to let you know about this security issue.

If you have any questions, feel free to post a comment below or email me. Also, if you have a computer topic that you’d like me to talk about, feel free to send me an email and I will see what I can do.

If you live on planet earth, then you know Apple announced the release of its newest invention, the iPad this week. A lot of people have been speculating about this device, wondering what market it’s for and what all it might be capable of. Many people have mixed feelings about whether or not they will purchase one, also. In this post, I want to let you know why I chose to get one and also what the iPad means to the developer community.

The iPad has been compared to a “giant iPhone or iPod touch,” but I simply don’t think that’s what this device is. Sure, the device is running iPhone OS 3.2, but the OS and software has so many more possibilities than the iPhone or iPod touch. I’d imagine Apple chose this operating system over Mac OS X because it’s extremely touch-friendly and because probably half the population of the world has seen and/or used the iPhone OS. If people already know how to use a piece of software or hardware, the chances they’ll purchase and enjoy it is more likely because they can relate to it.

But the OS is just one small part of the device. The third-party software that can be written for the device is generally about the same as the software that can be written for Mac OS X. There’s a few differences, but for the most part high-quality software can be written for this device. Take Apple’s own iWork for the iPad. They are taking a piece of software from the Mac that’s pretty hefty and porting it to a device that supports Multi-touch gestures for manipulating text, images, slides, and spreadsheets. To me, that’s the amazing part of this device. My hope is that developers take heed to the wonderful iPad SDK Apple has released to develop desktop-class applications that can take full advantage to the Apple designed processor, and touch screen.

People have been badgering the device because there’s no Adobe Flash playback, but I’m not so sure that’s a problem. Flash has been around for a long time and has been adopted by a lot of websites, but that doesn’t mean it’s the best use of the technology. Microsoft has also came out with their own sort of technology called Silverlight. These technologies, however, often take up lots of memory and CPU. And for what? Video playback? Games? All of these tasks can already be done with the iPad if developers would take a look at creating apps. Not a fan of apps? Apple is simply addressing the future. Because of the iPhone and lack of flash support, Apple has forced developers to take a look at other technologies to accomplish these simplistic tasks. Adobe is just angry because Apple is slowly taking away their market, but the truth is that flash is on its way out (or at least should be). Advanced CSS and HTML techniques give web developers the ability to add video playback and game design right on a webpage without using the resource hogging flash that’s common today. YouTube has already adopted many of these techniques and it’s simply beautiful to see in action.

Too many people have compared the iPad to the Amazon Kindle and various netbooks. The iPad is in a completely different class than those devices, and the iPad will probably take a good bit of market share from those and other devices like it. Apple has created a device that can do eBooks (or iBooks as they’re calling them), it can do HD video from either iTunes or YouTube (another game changer for parents who despise portable DVD players and the ever-so-scratchable discs), and it can do productivity with the iWork suite (I’d imagine it’s only time before Microsoft joins in, please?). Sure it doesn’t have an e-Ink display, but so what? Many people read and have no problems reading from an LCD monitor everyday. Plus, you don’t need a book light like you need to have to read in the dark with e-Ink devices. Plus, this device is in full color and has a 9.7″ screen that will be amazing for displaying textbooks in PDF or ePub format.

Basically, I’m just a little disappointed that people are already bashing this device when it (1) hasn’t been released yet, and (2) hasn’t been used by anyone except people at the media event last week. The iPad has a lot of potential if only people would look at that. This device is truly a game changer. The Amazon Kindle DX is only a few dollars less than the basic iPad that costs $499, a few dollars separates these two devices that are completely different. Except, the iPad can do all that the Kindle has to offer. The Kindle, however, cannot touch what the iPad has to offer.

At the Apple iPhone event today, Apple demoed the next version of their iPhone operating system, version 3.0.

Apple includes over 100 new features, some of which includes:

- Push notifications will be standard in iPhone 3.0. Apple claims that there was a scaling issue when they first announced this feature last year, with thousands of developers clamoring to use it, so it had to be delayed. Developers will be able to build message, sound, and badge alerts into their applications.

- iPhone will support cut, copy and paste — copy text and pictures, then paste them in any application on the device. If you change your mind about the newly pasted data, just shake to display a menu asking if you wish to undo the paste.

- In-App purchasing — developers will have the ability to charge a fee from within the application for more levels in a game, magazine subscriptions, eBooks, etc. This solves the problem of the 20 ebook readers that only allow you to read one book each.

- MMS — you’ll be able to use MMS on your iPhone 3G (yes, 1st gen iPhones will not get the fortune of using MMS due to the use of a different cell radio). The new Messages application will be taking the place of the SMS app and will allow you to send voice memos and pictures to your friends.

- Peer-to-Peer connectivity — allows iPhone apps the ability to find other iPhone users over WiFi or Bluetooth. This can be using for anything from gaming to sharing data.

- Third-party Accessories — app developers can now access third-party accessories attached to the iPhone. This could allow for developers to interface with their own accessories to create a truly unique experience on the device. One of the demonstrated uses was a prototype blood glucose meter for the iPhone, from a Johnson & Johnson subsidiary, which is already getting attention from our readers; it’s not for sale yet!

- Apple will now be allowing applications the ability to get GPS coordinates from Core Location and turn that into software that provides Turn-by-Turn directions for iPhone users. However, due to the terms of use with Google maps, developers will be required to license their own maps for this use (meaning that Turn-by-Turn GPS applications will almost certainly be paid apps). This isn’t a problem for vendors like TomTom or Telenav, who already have licenses for their map data.

- A landscape keyboard option is now available in all iPhone applications, including the infamous Mail.app.
Voice memos will allow iPhone users the ability to capture audio and then email it, or send it through the Messages application as a multimedia message.

- System-wide Spotlight searching is built right into the home screen. To the left of the first home screen, there is a magnifying glass, so by flicking to the left of the first home screen will show this search app. You can search for anything, including mail, music, and notes. There is no word yet on how this will interface with third-party applications.
- Stereo Bluetooth audio devices are now supported through the use of A2DP technology.

Developers that have access to the iPhone Dev Center will have immediate access to download both the iPhone OS, and the new SDK that includes over 1000 new APIs.

As an aside, this entire blog post was type/copied from my TUAW article using nothing but my iPhone, mobile Safari, and the free WordPress application for iPhone.

If you have at least a $1,000 (US) to blow, then you might want to take a look at an iPhone prototype that’s being sold on eBay. The auction in question is for 2 pre-release iPhones that have a beta version of the iPhone OS (version 03.06.01_G) on them. You may remember that when the iPhone was released in June 2007, it ran the OS version 03.11.02_G. You can see a video below of the iPhone prototype in action.

I was looking through my RSS feeds this morning and stumbled across a Slashdot article that talks about the current situation regarding the iPhone Developer program through Apple.

The article mentions that the current waiting line to join the developer program has stretched from waiting weeks to waiting for a few months. Having recently joined the developer program in December, I can say that it definitely has started taking longer to join the program. I purchased the $99 developer access on December 7, 2009, and had my first applications in the waiting line a week later; however, it wasn’t until the third week in January that my contract was approved and my apps went into the store. I think this is a real problem.

Also mentioned in the Slashdot article is the Android phone. While I believe Apple has beaten the Android OS in almost every regard, the iPhone falls short when comparing it to Google’s open development standards. I would love nothing more than to see Apple fully open the device up to the developers who are wanting to create applications. Sure, require the digital signing in order for the apps to run, but don’t limit the developer’s creativity with the SDK restrictions! There are tons of good applications that will probably never see the light of day on the App Store because of Apple’s choking standards.

I believe that if Apple would lighten up a little bit with their SDK restrictions that developers could really make this device shine (even more than it already does). Google really has a good thing going for them. Yes, they have a marketplace, but they also allow developers the ability to give downloads from their own site that can be installed (legally) on the device. I think this is a far better system than what Apple has proposed, and just might “win” in the end. After all, why should Apple limit their users? It’s 2009, not 1999.