Monday, November 22, 2010

Life Without My Smartphone

So it happened - the moment I had never really prepared for, but still dreaded nonetheless. I was happily swiping away at my first generation Motorola Droid when suddenly the touchscreen refused to respond. Thinking it was a glitch, I turned the phone off, then back on again to no avail. I removed the battery, waited a few minutes, then tried again. Nothing. Eventually, I went to desperate measures and performed a factory reset. Still nothing. Finally, I had to face the truth - my beloved Droid was dead; the very device I have used for everything, from sending email and editing documents to identifying songs on the radio was dead. Luckily, I had a replacement, LG enV3 so I was able to make phone calls and text (Google Voice saved me during the time I was without a phone.). But as many of you who have had a smartphone know - once you get one, you can't go back.

Undeniably, not having a smartphone made me question how I was ever able to manage my life before. I couldn't send email, I couldn't browse Facebook, I couldn't check my calendar, read the news, perform Google searches, or anything else but text and call. I couldn't read my voicemail using the Google Voice app, scan barcodes, get directions, navigate, identify music, listen to Pandora, listen to my music, or play Angry Birds.

This experience has also led me to question my need for a smartphone. Honestly, I can say that I am addicted to the device - when it was working, it never left my side. But I am addicted to it because it makes my life easier and it makes communication seamless. I don't need a smartphone because someone tagged me in a photo on Facebook; I need a smartphone because it allows me to access my contacts from anywhere, send a last-minute email, stay on time with my schedule, and navigate to a new place.

UPDATE: Thanks to Verizon, I now have activated my replacement Droid and everything seems to be working.

Saturday, November 13, 2010

Facebook and Email - What Could Be Announced Soon

If you follow any of the technology blogs, or even happened to glance at Yahoo! during the past few days, you may have noticed that Facebook is planning an "event" for this coming Monday. As usually happens with these events, almost everyone has been speculating as to what new feature the popular social network could roll out next. This time, it seems to be an overhaul of Facebook's email system, with all of its users possibly getting an @facebook.com email address.

This announcement is interesting, yet also confusing to me. Allow me to explain. Back in the beginning days of the Internet (and technically speaking, still today), we access websites through a series of numbers called IP addresses. So to go to one website, you would type, for example, 129.23.88.1 into the web browser and be taken to that homepage. But then, along came the domain name system, which allows a word to be translated into that address. So instead of remembering a very complex set of numbers for every one of their favorite sites, users can now simply remember facebook.com or google.com. You're probably wondering what this has to do with anything.

Well, in order to send someone an email, we have to remember a series of letters and numbers followed by an @ sign, followed by more letters, followed by a period, followed by more letters. This is ridiculous. I have saved all of my contacts, so sending them an email is not difficult because Gmail or whatever email program you use stores the names and associated emails. But suppose you want to send an email to your friend "John Smith?" You know his name, just not his email address. So what do you do? You either have to look his email up on Facebook, assuming it is publicly available, or you have to wait and ask him for it at some other time. This is a problem; it is a problem that Facebook can fix.

Email needs to be more social - a form of social which is not necessarily a bad thing. So what can Facebook do? Facebook, as you are aware, is currently the biggest social network in the world. It knows all of your connections; it knows that when you want to talk to "John Smith," it's not the same "John Smith" that someone else is likely wanting to talk to. This is where the confusion comes in, which I will do my best to explain.

Essentially, I am proposing that Facebook begin to change email all-together. Redo the inbox, make it a full-featured web-application, even allow IMAP and POP support. But it can be different than email in this way: Instead of having to remember my immature friend's email address of "fancypants340@facebook.com," I can instead formulate an email by typing, from any account, john.smith@facebook.com. Then, when Facebook's servers receive the email, they can compare the sender with the recipient and know which John Smith it was intended for. Have two John Smith's in your friends list? It could reply with an email that asks for clarification.

Internally, this would work similar to email, but in another way, entirely different. Instead of having to remember or store 2,000 contacts, all I have to do is remember their name. I think, if human social interaction demonstrates anything, that it is much easier to remember a name (think google.com) than a series of numbers of letters (think 173.194.33.104).

Friday, November 12, 2010

Google Hacking

I recently completed a presentation for a security group at RIT called "Google Hacking." Essentially, Google hacking involves using certain logical search operators to find critical files that Google has indexed that shouldn't technically be indexed. This is usually the fault of the designers of the website because they did not specifically prevent Google from reading the content on their servers.

So what is the risk of having Google index your files? Well, let's think about the following search:
   - intitle:“Index of..etc" passwd


Now, here lies the problem. Imagine if someone were to get a hold of the passwords stored in "passwd." These passwords, which are typically hashed, can actually be broken using simple tools such as John the Ripper. After completing many of these searches, I determined that a surprising number of results were returned when searching for these types of files.

The web designers (or hosts) who are creating these websites need to secure these files, either by hiding them from search engines or preferably encrypting the actual files. Here is my presentation: