Identity Theft Is Easy

I was watching the Today Show this morning and they had a short piece on the NYC’s implementation of free wireless in many of the subway stations in the city.  Free Wi-Fi can be found at many businesses today (many food chains are now offering it to their customers; Starbucks, Dunkin Donuts, etc…) and it is often a great convenience to people who are out and about with their iPads and/or their smartphones.  But with this simplicity comes responsibility.

What the majority of WiFi users do not realize is just how EASY it is for a hacker to grab your signal “out of the air” and analyze it on their laptops almost instantaneously, as you are browsing the web.  So what does this mean?  Well if you are checking your emails and are not using a secured connection, bingo!  The hacker now has your email address and password.  If you are logging into a small ecommerce site to check the status of your order and it is unencrypted, guess what?  They now have your username and password to that site.  AND if you are placing a new order and entering in your credit card on an unencrypted connection… well I think you know…

There are two tools to help you protect yourself and your data.  First when using Wi-Fi connections to connect to your work or to your home computers, if its possible, look to setup a VPN (virtual private network) to make your connections.  So as not to get too technical, think of a VPN as a special tunnel on the Internet where only your data can move through – if anyone should try to intercept your data “out of the air”, all they will see are random characters and numbers; basically gibberish.

For those of you that may not have the means to setup/maintain a VPN, the second tool is to make sure your sensitive data connections are using SSL (secure socket layer) protection.  (in your browser the website should read https:\ versus a non-encrypted site name of http:\  (does not have the “s” in the http).

This goes for your email servers as well.  If you are unsure, definitely ask someone to check it out for you, to make sure your email server is using SSL or TLS.

As a final note, to give you a quick example, below is a free utility that anyone can download from Microsoft and use (click the images to zoom in).  While it isn’t exactly a tool a hacker would use to sniff Wi-Fi connections, it does show you how easy these utilities are made, to help read sensitive information.  The first screen shot shows a user logging into an unencrypted website via FTP (notice the username and password shown).  The second screen shot shows an encrypted connection using SSL.

All that was needed to see the information going across the net via Wi-Fi was to press the Start button on the software.  That’s it.

Be wise. be safe.

No encryption for Wi-FiEncrytped Connection across Wi-Fi

Apple, Apps & Your Business

“We need an iPhone app fast!”
We have heard this quite often over the past year, from current and new clients alike. The question we immediately ask is “Are you sure?” It’s not that we don’t want the business, but rather we want to make sure the client understands what is involved in designing and building a native Apple app. Putting aside the red tape and aggravation of getting an app listed in the iTunes store for a minute (it can take months to get your app approved and listed on iTunes), building a true native app isn’t a 1, 2, 3 type of project (and beware anyone who tries to sell you that it is).

Most of all, if you are not looking to charge for your app, then maybe a native Apple app is not for you. Just maybe a mobile web-app is more of what you need.  A mobile web-app runs on most smart phones and not just on a single platform (like how an Apple app only runs on Apple devices). You won’t need to get anyone’s approval to share your app, and best of all integrating a mobile web-app with your current website is often quite easy. The drawbacks to the mobile web-app approach mostly have to do with the app getting access to the higher features of the newer smartphones (like the phone’s camera or GPS chip). But that is changing as most mobile phone manufacturers are starting to allow developers to access to these features without having to write device specific apps.

As with anything “tech”, there are always alternatives. Our advice? Do your best to start all new projects with an open mind and be open to your developer’s suggestions.