Is James Holmes aka “The Batman Shooter” lawyer/family rep.. also happen to be on the Sandy Hook school board? Hmm.. inquiring minds want to know!
Mobile technology has made it possible for people to do an amazing amount with tablets and smartphones within the workplace—including hacking the living daylights out of the corporate network and other people’s devices. Pwnie Express is preparing to release a tool that will do just that. Its Pwn Phone aims to help IT departments and security professionals quickly get a handle on how vulnerable their networks are in an instant. All someone needs to do is walk around the office with a smartphone.
Pwnie Express’ Kevin Reilly gave Ars a personal walk-through of the latest Pwn Phone, the second generation of the company’s mobile penetration testing platform. While the 2012 first-generation Pwn Phone was based on the Nokia N900 and its Maemo 5 Linux-based operating system, the new phone is based on LG Nexus 5 phone hardware. However, it doesn’t exactly use Google’s vanilla Android.
“What we’ve done is taken Android 4.4 Kit Kat and recompiled the kernel,” said Reilly. “On the backend, it runs our own derivative of Kali Linux, called Pwnix. Essentially it’s running a full-blown Debian OS on the back-end of Android.“
One of the benefits of the recompiled Android kernel is that the Pwn Phone can act as a USB host, just as PCs do. That makes it possible for the Pwn Phone to use external USB adaptors for Wi-Fi, Bluetooth, and Ethernet in addition to its built-in Wi-Fi and Bluetooth adapters. The external adapters for Wi-Fi and Bluetooth extend the Pwn Phone’s attack range and capabilities, and the Ethernet adaptor allows the device to jack straight into a facility’s local wired network for additional attacks.
The result is that the Pwn Phone can handle most of the functions of bulkier, less easily concealed security testing tools at a fraction of the weight—and with even less of the potential suspicion. This new generation of the Pwn Phone (and its larger cousin, the Pwn Pad) also makes it a whole lot easier for people without a great deal of penetration testing experience to quickly get up to speed and dig into potential vulnerabilities. Using the new Pwn devices can quickly convince you that it’s important to turn Wi-Fi off on your phone when you’re in a public place.
The Pwn Phone comes with a total of 103 network monitoring and attack tools loaded, 26 of which have been configured for launch by touch from the device’s home screen. While all the tools run in a terminal window and have a character-based interface upon launch, some of the 26 touch-optimized tools require just one touch to execute. Others have been given menu-driven interfaces to reduce the amount of thumb-typing required to launch them effectively.
One of those “one-touch” penetration testing tools is EvilAP, a tool for creating a “malicious” Wi-Fi access point that can detect and respond to the Wi-Fi probe requests sent by devices as they look for previously used wireless access points. EvilAP can use the phone’s wireless broadband connection or another network to then pass through network requests while the phone’s user launches other attacks on the traffic. (These can include SSL Strip “man-in-the-middle” attacks against secure Web sessions.)
Other tools in the touch collection include: the network mapping tool Nmap; Strings Watch (a tool that watches for text within packets); the Tshark and Tcpdump packet analysis tools; the Metasploit and dSploit penetration testing toolkits; and the Kismet and Airodump wireless network monitoring tools.
Of course, if you’d rather not do any thumb typing at all while wandering around a targeted area for stealth purposes, a good portion of Pwn Phone’s functionality can be controlled remotely. Just as with Pwnie Express’ other penetration hardware, the Pwn Phone can be configured using Web-based administration tools over one of the six covert channels provided in the phone’s toolset to connect through the network being tested or through its wireless broadband connection. And a remote terminal session to the phone can be opened via a reverse-SSH connection back to a PC. That means security surveys can be done without the Pwn Phone-carrying foot soldier ever pulling the phone out of his or her pocket. A remote security pro can even handle the whole show without leaving home.
Data collected by the tools—such as logs for packet captures from Tshark (the text-based version of the WireShark packet capture tool) and captured text from the Strings Watch packet monitoring tool—are stored in the phone’s 32 gigabytes of local storage. If you need to make all the data go away quickly, there’s a one-touch application that restores the phone to factory settings. It’ll wipe away any sign that the phone might have been up to no good.
These are all capabilities that Pwnie Express already offers in a slightly larger form factor: the Pwn Pad 2014, based on Google’s Nexus 7 tablet and Android 4.2 (“Jelly Bean”). The only real difference between the Pwn Phone and the Pwn Pad is form factor and price. The Pwn Phone will sell for around $1,295, while the Pwn Pad is priced at $1,095. Of course, if you’d rather piece together your own Pwn Phone on an existing Nexus 5, there will eventually be a community version of the software available for download.
Google is continuing to push forward on the wearable technology, announcing it has filed a patent for contact lenses that have a tiny camera on them, making Google Glass seemingly appear archaic even before its general public launch later this year. Having a camera on your eye may not be a thing of science fiction and Google believes it can take the world there.
The company says it has a patent pending for what would see contact lenses with a small camera and sensors placed into the lens that could be controlled simply by blinking. This, Google believes, would assist the blind in managing their daily lives as well as allow those who can see to take pictures by just looking at what they want to record.
Don’t get your hopes up just yet, as the patent pending is still only a hypothetical future tech, with the patent taking from the controversial Google Glass head wear and the company’s tear-scanning contact lenses.
The idea driving the future contact lenses is the blind and vision-impaired. The company hopes that the lenses can assist them in crossing roads and managing blockages in their path by sending signals to an accompanying smartphone that warns of pending problems.
Although Google had submitted the patent in 2012, the company only revealed the new technology idea on April 15 as its Glass was being given a one-day sale across the country and continues to change public perception of the glasses which have sparked attacks and isolation for those wearing them.
The proposed lenses could enable those not vision-impaired the opportunity to view the world in a completely different manner, changing focus and using a wider view of the world, all through blinking and thinking.
Like Google Glass, the new contact lenses could provide even more turmoil in the realm of privacy, with those who have attacked Glass as infringing on one’s right to privacy - Glass users can take video and images through simple voice commands - coming out in full forced against the proposed lenses. It could continue to create major schisms in the public over Google and its future-thinking technologies.
Even still, the techies across the globe are likely whetting their appetites for a new, vastly futuristic product that could continue to change the technology that we could one day be wearing on our heads, or in our eyes.
What is Responsive Web Design?
The term, “Responsive” and “Adaptive” have been thrown around quite a bit this past year as it has become that “catch phrase” everyone uses, but very few seem to understand. I am writing this in hopes that everyone here at BWA once and for all understand what responsive sites are, and why they are the new “Standard” in HTML web development.
“You can create a flexible website that fits beautifully on any device, rather than having to create and maintain separate versions for each device.”
Within the field of Web Design/Development, we’re quickly getting to the point of being unable to keep up with the endless new resolutions and devices being offered by new consumer electronics products. When in the past as web developers we were only responsible for developing for 1 form factor. That being the desktop. As time went on with the release of mobile browsers the requests for a “mobile ready” website became the standard. During the first generation of devices, back when we were only dealing with 2-3 different mobile devices it made sense to just design a completely different site and style sheet for the mobile phone. But over time more devices came to market, the resolutions became more varied and more complex. Standards are set by device adaption rates. So it took time before new standards in resolutions and display qualities to be set by the market. Eventually with a saturation of new devices, the old way of doing a mobile site became unrealistic because you would essentially be a designing and building 5 separate sites which wouldn’t necessarily guarantee that your site would render correctly on future devices released.
in order to counter the lack of control we have with handset manufactures and standards bodies themselves it was in the best interest of the industry to develop a new way of developing mobile ready websites. “Responsive” frameworks such as Twitter’s Bootstrap were released to the public for developers to utilize in future web development.
The Concept of Responsive Web Design
"Recently, an emergent discipline called “responsive architecture” has begun asking how physical spaces can respond to the presence of people passing through them. Through a combination of embedded robotics and tensile materials, architects are experimenting with art installations and wall structures that bend, flex, and expand as crowds approach them. Motion sensors can be paired with climate control systems to adjust a room’s temperature and ambient lighting as it fills with people. Companies have already produced “smart glass technology” that can automatically become opaque when a room’s occupants reach a certain density threshold, giving them an additional layer of privacy.” - http://alistapart.com/article/responsive-web-design
Websites that “Bend, Flex, and expand as crowds approach them”
Unlike in the past where we created Pixel Perfect representations of a website from a photoshop compilation the new way of doing things is to keep things “Fluid”. Rigid constraints in your designs are not advised. We have seen this influence cascade over a lot of the new websites out there. Sites today need to be creatively designed to bend and flex to unforeseen future devices that have yet to be released to the market, but will obviously be used in the future to render sites on. Today in web development and design we not only have to contend with the limitations of the desktop browser, but also ensure that the site will render in a readable manner for devices that range from Television browser, mini-tablets, full-size tablets, E-Readers, Phablets, and Mobile phones.
Responsiveness Starts at the Design Stage, not the Development Stage
It’s unfair to require developers to try and adapt non-responsive designs into a responsive website. Therefore its very important that companies start to introduce “Developer Driven Design” into their creative work flows. A designer can no longer just get by with design, they have to understand the technology building their designs in order to correctly design for that technology. For example, it would be unfair to ask a designer to mock up an iPhone app, and then expect a developer to turn it into a working Android app that looks the same. This just is impossible to do if doing the process backwards. Designers need to understand how Responsive sites work, and why they are the way they are. That way expectations aren’t set that are unrealistic for responsive website development.
It is important that these new “Responsive Concepts” are thought of from the beginning of the creative process and carried through to the development stage. Developers like myself expect to receive “Responsive designs” from creative. Sure we can work our magic at times to adapt certain non-responsive designs into a responsive format, but we are limited by the capabilities of all the moving parts! The CMS down the version of jQuery being used can regretfully have very strict requirements that prohibit the seamless adaption of non-responsive designs into responsive designs. It is vitally important that everyone come to the same conclusions when asked to define what “Responsive” actually means, and is. Otherwise, miscommunication will continue to plague us as we move forward.
Responsive versus Native WebApp, and Native App
Native Apps are defined as being mobile applications built in either Android Java or Apple’s Objective C. These applications execute faster on mobile devices because their is a layer of abstraction taken out of the equation.
We can Mash it Up!
There have been 200+ page books solely devoted to the concept of “Responsive Web Design” so its really impossible for me to cover every aspect of this in one email. However, the only way to really learn this is to read, and learn it. So I have included a couple links below that give very detailed and also not-so detailed summaries of what Responsive is.
Resources to be read and understood by all!
A List Apart’s Write up on Responsive Web Design
Why 2013 Is The Year of Responsive Web Design
Beginner’s Guide to Responsive Web Design
Why User Responsive Web Design? - Video
As far as money is concerned, much of the headline press over the past five years has focussed on how little of it is floating about these days. But despite the headlines something else has been happening in the world of money, something more fundamental is being engineered and entirely new models for the representation, storage and transfer of currency are being proposed, prototyped and adopted. A new paradigm is fast emerging with potentially profound implications, offering opportunity and risk in equal measure. Welcome to Bitcoin.
Born in 2008, and representing a new generation of digital currency, Bitcoin enables people anywhere to store and transfer payments though a global decentralised peer-to-peer network. Transactions do not pass through any financial institution and Bitcoin is not owned or controlled by any company or government; it is opensource, borderless, and accessible to any internet user. Transactions are processed near instantly at close to zero cost and cannot be blocked, seized or interfered with.
Five years on, the fledgling currency is gaining traction. Stats for just one of the many available digital wallet applications show over 3.5 million downloads, the value of a Bitcoin has appreciated over 1000% in the past year, and the platform network boasts more than twice the dedicated processing power than the top 500 supercomputers in the world, combined.
People are getting excited, and it’s not just the geeks. Venture capital likes disruptive technology, and Bitcoin is the poster child for disruptive potential. Bitcoin presents an entirely new model for the way in which money is denominated, issued, stored, exchanged, received, monitored and controlled. Widespread adoption would redefine consumer behaviours in traditionally hard-to-penetrate markets and the race to claim what may become a lucrative new landscape is well underway.
Adoption is currently highest in the US, UK, Germany and China. However, emerging regulatory obstacles are likely to produce a short term deceleration in growth amongst western markets. Legislation must adapt to ensure the usage and taxation policy toward Bitcoin denominated trade and earnings is clear and enforceable, as well as to guarantee consumer security within the marketplace as it evolves at tremendous speed. Finally it must keep pace with new forms of criminal activity perhaps best exemplified by the anonymous Silk Road, until recently a thriving anonymous marketplace for prohibited goods, with trade denominated entirely in Bitcoin.
Far more interesting is the emergence of Bitcoin technology amongst less developed communities such as Kenya, where access to traditional bank accounts is limited and the past decade has seen explosive adoption of new mobile phone-based payment services such as M-PESA. Kenya’s population is primed for the type of solution offered by Bitcoin, and the recent launch of a phone-based Bitcoin wallet providing direct integration with M-PESA accounts provides a platform for widespread adoption amongst communities in which there is genuine need for accessible, ultra-low cost capabilities.
If Bitcoin were to achieve the mainstream adoption some believe it is capable of, the implications to retail banking would be seismic, with declining demand for traditional banking services (cash storage, payment, balance checks, international transfers and foreign exchange to name a few) as consumer behaviour shifts toward alternative technology.
To survive such a transition retail banking institutions should embrace new technology and redefine their value proposition for tomorrow’s market, emphasis must shift away from exclusive ownership of customer accounts and associated transactional activity, towards lightweight, collaborative and community-driven operating models supported by new value added products and services. Beyond this organisations must leverage all the power of social community and learn how to harness the big data goldmine that is the blockchain to deliver truly powerful social finance capabilities.
The future of Bitcoin is far from certain. Its risk profile is still enormous and the currency is simply not ready for widespread adoption today. For now though it’s not the price of Bitcoin we should be watching but the real case studies of economic value emerging from those who choose to try it. It’s a money game after all and, regulatory hurdles aside, the survival of Bitcoin will ultimately be determined the true economic value it offers.
Tyler is an emerging technology evangelist with a background in business analysis and customer experience transformation across the public sector, private sector and FSI industries.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.