The Mobile Web Becomes Right Sized

Inn at Craig Farm's phone site - Image Credit: Patrick Conlon

The Mobile Web Becomes Right Sized

As the mobility age becomes more of age, it was only a matter of time that the visual side, the display side of the web, started to deliver content for the small format screens like the ones found in ones pocket.

The cellphone world is beginning to catch on to the fact that pushing buttons to communicate (texting) is tedious at best, so now it is rapidly becoming automated with camera imagers and codes … but where does that take one?

Generally, to a website that is tailored to a computer screen. Scrolling and adjusting the format just sends one back to pushing buttons and tapping screens. Visually, the process is still a nightmare at best. Text is okay but graphics are all over the map.

The match-up between the site and the screen is just around the corner.

Company efforts are dedicating themselves to mobile sized web development for mobile phone users. At Symblogogy, with nearly 75% of cellphones in the field having web access capability, we say it’s about time that the mobile web becomes right sized.

This from The Wall Street Journal Online –

Mini Web Sites Target Users of Mobile Phones
New Kits Give Firms A Cellular Presence; Boon for Concertgoers?
By AMOL SHARMA - April 5, 2007 - WSJOnline

Johannes Tromp says the Web site for his South Carolina bed-and-breakfast generates good business. But last fall, he found a way to reach even more potential customers: He made a version of the site for cellphones.

Mr. Tromp signed up for a mobile Web address with the newly available suffix "dot-mobi" and used a self-starter kit from a company called Roundpoint Ltd. to build www.kilburnie.mobi, the mobile site for his Inn at Craig Farm. He says he's gotten a surprisingly good response, with 30 to 40 new calls per month from interested travelers who heard of his inn by accessing the cellphone site.

"For people to find me, I have to make myself available any way I can," says Mr. Tromp, a Dutch native who was general manager of the Windows on the World restaurant in the World Trade Center before moving south for a career in hospitality.

As technology allows consumers to access the Internet with their cellphones, many big companies have launched mobile versions of their Web sites, including big media brands like MTV and ESPN and news sites like USA Today and The Weather Channel. But such projects can be costly and complex and until recently have been out of reach of small businesses.

Now new low-cost tools and services are making it easier to jump onto the mobile Web. Internet registrars such as GoDaddy.com Inc. and Network Solutions, who have helped millions of small businesses set up traditional dot-com sites, are now also beginning to roll out all-inclusive packages that help companies register and build mobile Web sites. And mobile-content specialists like the United Kingdom's Bango Ltd. have their own mobile kits that help companies get a basic Web presence on cellphones.

One way to promote a musician - Image Credit: Fli Digital

The wireless Internet is just beginning to take shape. Most consumers aren't nearly as comfortable with mobile Web surfing as they are with trolling the Web on PCs. Entering URLs can be difficult on many cellphones, and there's a limited amount of content that is well-formatted for a small screen. Cellphone networks are getting faster but still lag behind landlines significantly in broadband speeds.
----
Many small companies are planning to build mobile Web sites. Thousands are using dot-mobi domain names, which are administered by mTLD Ltd., whose backers include cellphone companies such as Nokia Corp. and Vodafone Group PLC as well as Internet service providers like those of Google Inc. and Microsoft Corp. The company, which gets a cut of registration fees, hopes that dot-mobi will become the de facto domain for mobile sites, much like dot-com is for the regular Internet.

Dublin-based mTLD says a separate mobile-specific domain is the only way to assure users that the site they will visit will be designed appropriately for a phone, with minimal graphics and verbiage and a format fit for a tiny screen. It has issued guidelines on how to develop appropriate mobile sites, and plans to charge content developers $250 to $300 to certify that they can build sites within dot-mobi standards.
----
Dot-mobi isn't the only alternative. Sites that end in dot-com or dot-net can also be designed so they show mobile-specific content when consumers access them through a mobile device. In fact, that is how most major media brands and other companies have built cellphone sites to date.

Internet registrars, who have made a living on small businesses and already offer a variety of tools to help them build basic Web sites, are taking advantage of the new opportunity in mobile.

For example, Harry Boadwee used GoDaddy to set up www.travelosa.mobi, a mobile Web site that provides information for travelers such as flight cancellations, weather and car-rental information. Registering the domain for a year cost him $12 . GoDaddy also provided Mr. Boadwee with site-development tools offered through a partnership with mTLD. Mr. Boadwee developed the site himself using those tools.

Network Solutions, which hosts the Web sites of 3.5 million small businesses, plans to begin selling dot-mobi addresses soon, along with a suite of tools with templates to build simple mobile Web sites. The company already has a tool that lets businesses automatically convert their existing Web sites into mobile versions -- stripping out unneeded verbiage and graphics -- but company executives say they encourage companies to build a mobile site from scratch.

In March, Bango rolled out Bango2Go, which offers small businesses hosting and mobile Web development as well as software that lets companies track who is visiting their site and bill customers for purchases. Bango's introductory package is $1,000, plus ongoing maintenance fees that will usually be a few hundred dollars. For bigger companies who want a more elaborate site with more content, the Bango fee is about $5,000.

Bango has already helped huge brands like News Corp. and World Wrestling Entertainment Inc. build their mobile Web portals, but its new product is aimed at smaller players such as Basin Street Records, a small independent music label in New Orleans.

The label's founder, Mark Samuels, is using Bango and Web-site designer Fli Digital Inc. of Hauppauge, N.Y., to develop cellphone Web sites for the nine artists he works with, beginning with jazz trumpeter Kermit Ruffins, whose new mobile Web page is ruffins.wap.com. Mr. Samuels says mobile sites will give concertgoers the ability to download ringtones or album art or even sign up for newsletters. All a fan needs is access to the mobile Web.
Reference Here>>

Security Testing PDA Tool Hacks All WiFi

The palm-sized PDA tucked away in Justine Aitel's pocketbook just might be the most scary device on display at this year's RSA security conference. Aitel is roaming the hallways here with Silica, a portable hacking device that can search for and join 802.11 (Wi-Fi) access points, scan other connections for open ports, and automatically launch code execution exploits from a built-in exploit platform. Image Credit: ZDNet/CNET Networks, Inc.

Security Testing PDA Tool Hacks All WiFi

Introduced at this year’s RSA Security Conference (Feb. 5-8, 2007 - Moscone Center, San Francisco), a pen testing tool produced by Immunity Inc. (a penetration testing company based in Miami Beach, Florida) offers covert wireless network hacking through the use of a PDA handheld computer.

Penetration testing (pen test) is a process by which a test of a network's vulnerabilities by having an authorized individual actually attempt to break into (exploit) the network.

The tester may undertake several methods, workarounds, and "hacks" to gain entry, often initially getting through to one seemingly harmless section, and from there, attacking more sensitive areas of the network.

Security experts recommend that an annual penetration test be undertaken as a supplement to a more frequent automated security scan.

What Immunity Inc. has been able to do is deliver a tool that automates the process of hacking into 802.11 (WiFi) access points and can be taken and used anywhere, anytime without drawing suspicion to the person using the device.

Excerpts from ZDNet “Tracking the hackers” blog post -

Wi-Fi hacking, with a handheld PDA
By Ryan Naraine - ZDNet @ 11:10 pm, February 6th, 2007

SAN FRANCISCO - The palm-sized PDA tucked away in Justine Aitel's pocketbook just might be the most scary device on display at this year's RSA security conference.

Aitel is roaming the hallways here with Silica, a portable hacking device that can search for and join 802.11 (Wi-Fi) access points, scan other connections for open ports, and automatically launch code execution exploits from a built-in exploit platform.
Silica is the brainchild of Aitel's Immunity Inc., a 10-employee penetration testing outfit operating out of Miami Beach, Florida. It runs a customized version of CANVAS, the company's flagship point-and-click attack tool that features hundreds of exploits, an automated exploitation system, and an exploit development framework.

Immunity uses the Nokia 770 Internet Tablet in the first version of Silica but Aitel says it can be customized for a wide range of hardware devices. You start it, run a scan, connect, run your exploit, get an HTML report of what was done. Image Credit: ZDNet/CNET Networks, Inc.

Running a customized installation of Debian/Linux running kernel 2.6.16, Silica comes with a touch-screen interface featuring three prominent buttons — "Scan," "Stop," "Update Silica."
----
The idea is to give pen testers a tool to launch exploits wirelessly in the most covert fashion. At startup, Silica offers the user the option to scan for available open Wi-Fi networks. Once a network is found, the device connects (much like a laptop at Starbucks) and asks the user if it should simply scan for vulnerable/open ports or launch actual exploits from CANVAS.

Whenever CANVAS is updated with new exploits — typically once a month — Silica automatically gets an update to ensure all the newest attack code is available for mobile pen testing. (Penetration testing is used to evaluate the security of a computer system or network by simulating an attack by malicious hackers. Pen testers typically assume the position of the attacker, carrying out active exploitation of known security flaws to search for weaknesses in the target system).

Immunity uses the Nokia 770 Internet Tablet in the first version of Silica but Aitel says it can be customized for a wide range of hardware devices. "We wanted to make it touch screen, so you can actually use a stylus, launch a scan in attack mode, then stick it in your pocket while you run your exploits," Aitel explained. "It's aimed at the non-technical user interested in doing drive-by pen-tests. You start it, run a scan, connect, run your exploit, get an HTML report of what was done."

During a brief demo, Aitel used a stylus to manually click through the options to show how frighteningly easy an exploit can be sent to a vulnerable computer connected to a Wi-Fi network.
----
Some examples of places Silica can be used:

* Tell Silica to scan every machine on every wireless network for file shares and download anything of interest to the device. Then just put it in your suit pocket and walk through your target's office space.

* Tell Silica to actively penetrate any machines it can target (with any of Immunity CANVAS's exploits) and have all successfully penetrated machines connect via HTTP/DNS to an external listening port.

* Mail Silica to a target's CEO, then let it turn on and hack anything it can as it sits on the desk.

* Have the device conduct MITM (man-in-the-middle) attacks against computers connected to a wireless network.
Read All>>

While all wireless networks utilize the wireless security standard known as WPA2, the wireless networks with the most access points installed in business locations that show the greatest “exploit” vulnerability are those based on a Cisco or Symbol Technologies (Motorola) network schematic where some of the wireless access points may not be properly integrated into the network systems security scheme.

Other network schemes like the type employed by Aruba Wireless Networks mobile edge technology are less vulnerable because Aruba is the only company that offers both modular data center mobility controllers as well as fixed-configuration branch office solutions.

The mobile edge uses wireless networks, both for voice and data, wherever wireless can be used. Image Credit: Aruba Wireless Networks

As Aruba Wireless Networks states from their website about mobile edge technology:

The mobile edge uses wireless networks, both for voice and data, wherever wireless can be used. Inside enterprise facilities, high-performance and highly-reliable wireless LANs are deployed to provide dense coverage. In homes, hotel rooms, other companies, and wherever Internet-connected Ethernet ports are available, portable wireless access points provide secure connectivity back to the nearest enterprise facility. Finally, at public wireless hotspots, client software provides a secure link to the nearest mobile edge location.

The first step in any wireless deployment is to get control of the wireless that is already there. This may mean existing enterprise access points, wireless-enabled client devices, and especially rogue APs. Rogue APs - access points that are installed by the users but are not under the control of IT - are incredibly dangerous to an organization because they allow outsiders to bypass network security mechanisms and obtain direct access to an internal network.

A wireless intrusion detection system (WIDS) can be deployed to combat Rouge APs using a small number of sensors placed throughout a building. These sensors continuously scan the air and the wired network looking for rogue APs, unauthorized wireless devices, and mis-configured devices. When these threats are found, the WIDS automatically blocks them while notifying the network administrator.
Reference Here>>

And this from the Linux community via Ziff Davis CIO Insight -

Linux Hackers Tackle Wi-Fi Hassles
By Steven J. Vaughan-Nichols - February 8, 2007

When it comes to troublesome Linux peripherals, Wi-Fi takes the cake. Sparked by the Portland Project's efforts to bring standardization to the Linux desktop, the Linux wireless developer community tackled this problem at its second Linux Wireless Summit last month in London.

The Summit was scheduled as a followup to the January IEEE 802 standards committee meeting, which, among other issues, moved a step closer to making 802.11n a real IEEE standard. As a result of this timing, participants at the Linux Wi-Fi meeting included kernel developers and vendor representatives from Intel, Broadcom, Devicescape, MontaVista and Nokia.

Once there, according to Stephen Hemminger, Linux Wireless Summit co-coordinator and a Linux software developer at the Linux Foundation, the attendees had a very productive meeting.

Still, it's been slow going in some critical areas of Linux and Wi-Fi, according to John Linville, the Linux wireless software maintainer. In particular, Linville reported that development work is proceeding too slowly on a new 802.11 stack (d80211), and with a new Wi-Fi API (cfg80211), "development is even slower." Hemminger described the cfg80211 as "a good start but there are no user interface tools (the iproute2 equivalent of iwconfig)."
Read All>>