Future of Mobile Data Networks

Selection of SmartphonesAnything can be communicated via the Internet.  It readily connects everyone to emails, web, television, and voice.  It is where mobile computing’s future lies. The mobile industry seems to be shifting focus to Everything-Over-IP.

Traditionally, a mobile phone is used to communicate voice conversations.   The question now is who needs mobile voice?  Texting has becoming a popular way of doing things in Asia and Europe.  North America is catching up.  Then there’s the popularity of Facebook and Twitter, where Internet connection is required for status updates.  It’s becoming more than just a 1-to-1 communication.  It’s a broadcast of information.

To make Internet capable mobile devices, first the portable technologies have to converge.  Laptops have to be small enough for maximum portability.  Cell phones must be powerful enough to run like computers.  There are plenty of companies like Apple, Toshiba, Dell, and Nokia who are trying to close that gap.

It’s no surprise Apple announced the iPad.  They’re touting it as a reading device, but people know it can be much more.  Its main communication devices are WiFi and 3G.  No voice capability.  However, Apple has also recently allowed VoIP over the 3G network, so apps like Fring or Skype can provide voice calling.  Similarly, AT&T now allows Slingbox, TV anywhere, to go over 3G network to iPhone users (eventually the iPad).  So Apple’s strategy is definitely IP based communication.  Other companies will (or have already) follow suit.

This may sound familiar.  In 1998, there was much hype for Voice-Over-IP (VoIP) in the Telecom industry.  Huge investments were made to lay down fiber optics infrastructure for faster data transfers.  It took a while for that investment to bear fruit, and it looks like the consumers are finally starting to see the benefits.

Interestingly enough, wireless Internet connectivity it not widely available.  But that’s changing, thanks to innovation in wireless technology, such as WiMax or LTE.  It will reach the rural areas where Internet access is scarce.  Also, the price needs to go down in order to make it economically feasible.  Maybe the government should step in?

The direction is to get everyone connected.  Mobile Internet can finally become an integral part of the way people do business and go about their personal lives.  It’s the future of communication – on everyone’s hand.

Got Hacked?

Green Lock (via Flickr)The talk around Twitter right now is the phishing scam via Direct Message, as reported by many including Read Write Web, Mashable, and Chris Pirillo.  The victims include Twitter accounts for Barack Obama, Fox News, Britney Spears, and Rick Sanchez of CNN.   Getting their Twitter account hacked is a potential public relations nightmare.  The bait was a simple message to direct recipients to a fake Twitter login page, and enters their Twitter passwords.  Unsuspecting users went ahead and entered their information.  A similar trick was done in e-mail for the longest time using pages that looked like E-Bay, PayPal, or a banking site.

I get similar complaints with the websites that I maintain.  What can server administrators do to figure out who’s behind these attacks?   Here are the steps I take:

  1. Ask the business or customer when the suspecting hack happened.  Find out the exact date and time, if possible.
  2. Comb through the web server logs to find the IP addresses of the hackers using the date and time range reported by user.  For example, in Apache HTTPD, the file is normally called “access_log”.
  3. Most hackers try multiple times, in quick successions.   In this case, running through web logs through an analyzer like Webalizer or Awstats will reveal the IP address with the most hits, within a specified time range.
  4. Find out who the IP belongs to using tools like dig or nslookup.
  5. Report the offending IP address to the Internet Service Provider (ISP) as indicated by the lookup tool.  It can be done via email to postmaster@<isp.name> or abuse@<isp.name>.
  6. Depending on the severity, a fax or a phone call to the ISP may be required.  This is usually done when the hacking continues and there’s no indication of the ISP intervention to stop it.
  7. Start using the web server IP filtering features to blacklist the offending IPs.  For example, in Apache it can be done via Deny directive for doc-root in httpd.conf or .htaccess file.
  8. For known hackers’ IP addresses, make it permanent by blacklisting them in the firewall or router level.

Users do get complacent with their username/password.  They type (or even share!) passwords to others without thinking twice.  With more and more sites requiring a login, it’s easy to forget about checking the legitimacy of the page presented on the web browser.  Proactively, the web applications need to be modified to prevent login hacking such as:

  • Using Secure Socket Layer (SSL)   With SSL, most phishing sites will not bother with it because of the cost involved.  If logins are not done securely, users need to be extra careful.
  • Using OpenID, the open standards user login.  A site needs to be registered with OpenID to be able to use this service.  This removes the guesswork if the site is legitimate or not.

Hopefully the word is out for both users and web developers, to do whatever is required to secure login passwords.

Image Credit: Ashenzil