Blog

Web applications with no secrets!

  
Artykuł opublikowany na łamach miesięcznika PenTest Magazine

Times are changing, technology are changing too. Few years ago our computers were connected to the internet only across very slow dial-up modems. Now, we can’t imagine world without speed broadband connection and access to many web-services.

Wersja PDF / PDF version

If few years ago somebody would have asked me, which web-services I was using, I would answer that only electronic mail and some news portals. I remember times when simple e-mail web clients were appearing. It was something new, because everyone who it had was used to using desktop mail clients, like an Outlook Express. Some difficulties were appeared when you want to check up your mails at other computer, without your Outlook’s default configuration. Smartphones, tablets or different mobile devices were not in common as now; laptops were very expensive and unprofitable to buy. I did not mention yet about dial-up internet connection, with characteristic sounds coming from speaker localized inside the computer. Moreover it was very slow and luxurious connection, not available everywhere. Dial-up internet was a big barrier to develop it.

Internet evolution immediately started together with broadband connection. Providers offered twice or more better speed. It was impulse to action. Very quickly old Internet Explorer browser was replaced (of course not at all) by other competitive browsers, especially by brand new Mozilla Firefox, which main idea were based on compatibility with new internet standards. We could not tell that about Internet Explorer, because many years later Microsoft still insisted at their “standards”. Webmasters had big quandary: write websites compatible with Internet Explorer or with W3C standards and other browsers? But returning to main topic: over time websites had become more and more interactive and attractive for users. That new creature had been called web applications. It was entailing with appearing new languages and techniques creating websites. I think neither Flash nor Java applets were such innovative like AJAX. Nowadays, on the one hand it is used by the largest companies in their products and on the other hand by simple bloggers in theirs “e-diaries”. I am laughing that now people must have only web browser with connection to the internet even without operating system. Of course there is for example Google Chrome OS – web browser as an operating system, but now it is not yet time to off-load our lovely Windows. Nevertheless web services dominated our lives spending in the front of computer or other mobile device with internet access.

Main web application what we are in the majority using is webmail. All of today’s primary mail service providers usually give us access to our account in three ways: POP3, IMAP and exactly webmail. Many people think the last one way is the best and they are using it. Why? The first advantage is ease of using webmail. Wherever on the world you open any browser you will see the same content and your personal settings. It is easier than every time configuring mail client. Anyways you may only want to check your mail in short time, which not allow to do all this configuring process. The second advantage is expressed in safety of using. For example Gmail from Google optionally offers two-step verification. It means that knowledge the password is not enough for potential hacker. The thing is that to get access our mails extremely important is specially generated code, which is sent by text message to our mobile phone. I think it is the greatest way to guard private correspondence against intruders. Next advantage is possibility of syncing our settings and contacts on all our computers and mobile devices with special e-mail applications. Keeping this data in mind is very difficult; on the other hand writing that in something like notebook is outdated. Syncing helps us out. Moreover majority of modern web mail clients offer us a chat, like a Google Talk based on Jabber. Chat client in browser allows bring it with all conversation archive wherever we want by the laptop, netbook or other mobile device.

Next very important web service we are used to use is online banking. Now, we cannot imagine our business and personal payments without possibility to do that on the internet. E-banking changed our lives. Quick money transfers, opening deposit accounts, finally checking amount of balance when only you want and from where you want – there are main undisputed advantages, which are enforcing to open bank account with access to the internet banking. Now you do not have to queue and wait for your bank assistant to do money transfer. Using bank web application is very simple. Many even elderly people are managing their money this way, so I think it denote correctness of my ascertainment. Today, banks offer very advantageous conditions to maintenance web accounts. Remain only aspect of safety our money. Of course hacking e-account and theft money still exist, but above all, risk all the time is going down. Largely it is our fault. Real bank never send us messages with request to enter on their website our login and passwords. If we did that, we should immediately call the bank to block our account or… prepare ourselves to unexpected withdraws. But generally banks encrypt connection in web browsers with strong certificates and in case doing something in account we have to confirm that entering password read from token, tangible list of disposable codes or from mobile text message. It makes a lot of difficulties to take over our money by hackers.

Other very interesting example of very popular web services is social networks, like Facebook, Twitter or Google+. Over last five years this kind of web applications strongly gained ground. Many people got caught this huge eddy and now they are addicted of social networks. It gives us a lot of messages from our friends, what are they doing now. Human is very nosy being, he likes to know all about his nearest (but not only!) society. This web services hit the spot. Twitter is a microblog. The thing is, you write your thoughts only in 140 characters. Your message can be read by every single person all over the world, but in particular you associate “followers” around you. Each of them will see your “tweet” on their virtual dashboards. Each of them can reply on your message, start conversation with you or “retweet” your 140-characters information, what means – share it to their “followers”. This way you can get more people who want to read your posts. Any benefits? Yes, of course. If you have a big amount of people, who are observing you, you can invite them to your website or web application. Twitter web interface is very simple, but it has a lot of Java Script, AJAX implementations, as well as Facebook and Google+. But it is different story. History of Facebook begins in 2004 when Mark Zuckerberg, now, he the richest young man in the world, started project named The Facebook. The way of working it is very simple: people are publishing posts what and where are they doing now; optionally they can add one or more photos or videos which show this situation. Facebook is a mirror reflection of our real life: there are our friends, relationships, text chats, audio or video conferences based on Skype’s engine, fan or anti-fan pages of corporations, trademarks, known people (politics, journalists, celebrities and people from the first pages of newspapers). Facebook is a huge database about over 845 million people! Soon if amount of active users grow up, Facebook will store all information about 1/7 human race society: from name, surname, date of birth and finishing with politics view, religious view, private messages to friends and posts on the Facebook’s tables. Facebook is making conditional like a narcotic. After few days using this social network web service, every day, first in the morning, using computer, laptop or other device, we have to check up main stream, what’s up in my friends? Did somebody change his relationship status? Or maybe appeared new photos from our yesterday’s party? Facebook is a second life and that is engrossing. Recently I read the article that said people’s productivity decline when they are browsing social networks. I even came across with people, who cannot imagine world without access to Facebook. At home, all the time they are staring on the monitor and following each friend’s move. On the free air, at school, on the shop – in a word: everywhere except behind computer – they are using Facebook application for smartphones and other mobile devices. Few months ago Facebook introduced new functionality named “Timeline”. “Timeline” is an axle of our life from birthday to nowadays. It shows our life in good light, how we had born, how was our childhood, what were we use to do etc. In the internet we can make ourselves a star, on Facebook too. It applies “Timeline” of course. Therefore when it was introduced, psychologist were reporting, that there is lots of instances people who was extremely jealous of friends, who had better biography, better told and illustrated. One more danger comes from using Facebook and generally internet – loneliness. At first sight it is a paradox. Loneliness, when we have over half thousand friends? Yes, it is truth, because then we are not focusing on real relationships, we are talking to friend less, successively we are separating from real word, what leads to personality disaster. Turning back to technology aspect of Facebook I can say this big society platform is wonderful, because each of us who have account there, can use it as a global ID on many, many websites. Now, we do not have to enter our nickname, e-mail address and password all the time, verify this data by clicking some link on the confirmation e-mail when we want to register on some website. We have to only click “Connect with Facebook”. We do not have to remember all this passwords, because logging to website is limited to click the same Facebook button. That is great connection Facebook – the biggest database about us – and Open ID – prototype of “Connect with…” button. Otherwise Facebook allowed bringing closer producers and consumers, celebrities and fans. Formerly contact with that two groups were very difficult.

Next very interesting web service, which started in the beginning of 2005, is popular YouTube. YouTube is a place, where everybody can share his video. It could be birthday party, interesting nature phenomenon, how-to video – everything. In this way we can simply share video with our family, friends or all the YouTube community. First idea of this web service was to share short, up to 10-minutes videos on low resolution. Over time YouTube came through a big siege – a lot of people wanted to upload their video and share it with each other. It led to improve service’s capacity by developing new infrastructure. Interest of YouTube was such huge that finally, in 2006 Google decided to take it over. Immediately service was developing and improving. Next, YouTube changed default videos aspect ratio from outdated 4:3 to panoramic 16:9, added HD 720p, Full HD 1080p and even 3D videos supporting. Time limit was extended firstly from 10 minutes to 15, now there are no time limits. Size of video is not important too, because now YouTube accepts each video without regard for its size. YouTube formed a new kind of blogging by recording quick movies. It is called vloging. Vlogging is very popular way to give emotions and sense of speech. To be a vloger we have to have only webcam with microphone and a lot of enthusiasm. Using YouTube is very simple; we can create new playlists and add them videos which we want to see. YouTube shared applications for mobile devices, so we can watch all video from YT Database for example on the underground, in a train, at school. Moreover most of new TV manufactures include YouTube application, so we can watch videos as well on our TV sets. YouTube allows sending videos by website or mobile devices. Second solution is very useful when we have not access to computer. Hosting that huge project request special attention, because lots of sent videos violate the law and copyrights. YouTube worked out mechanism which immediately recognize protected soundtracks in the movie and flag it. In majority cases YouTube marks film as controversial, because it is using third-party content and adds advertisements in the player. Otherwise YouTube can mute our film or completely block access to it and close our account, named channel. Now, YouTube has got 800 million unique users every month, which sends 48 hours of films every minute, what gives 8 years films every single day. It is amazing figures. This web service definitely will be remembered in a future as first, the biggest place where everyone could upload and share his own film with no time and size limits.

Other interesting web services are GPS sport tracers like Endomondo. Nowadays almost every mobile phone, every smartphone have included GPS receiver which could be used for various purposes. One of them is exactly Endomondo. This service is working on two levels: as web application and as app for mobile device. Method of working it is very easy. First, we have to create Endomondo account, optionally connect it with social networks, like Twitter, Facebook and finally download the app from our manufacturer’s store. When you finally installed it, you should fill your profile up. It is necessary, because system will work out your training data, for example burning off calories, on base of this profile. After all this setting up you can open application, find GPS signal and start training. Now, your stop-watch will start counting time and application will receive and save your coordinates from satellites. Moreover if you have access to the internet in your mobile device, Endomondo can use it for sending your geographical position to their databases. Furthermore it is happening in real-time, therefore everyone, who has got capabilities to see your profile and your trainings, can see, where are you now, on Google Maps overlay, like a spy. Unfortunately (or maybe exactly not?) we are living at “spy-times”. Endomondo does not bring so much data transfer, even when you are training a lot. Otherwise, if you do not want to be spied or have not got access to the internet, you can sync all your trainings with all details, at home, for example by wireless connection. On the computer, whenever and wherever you can check your achievements, compare it with others, join to the challenge, calculate how many hamburgers have you burnt or how many way to the Moon have you moved on. What does it give us? I think the most important thing is that it is bringing oneself to do more exercises, to run, to cycle, to walk. We feel internally mobilized to do that. Moreover, at home, we can check out where we have been. In addition Endomondo could be great tool for parents to control their children. For example we can create two accounts: for us and for a child. Then, on child’s mobile phone (I suppose kid has got almost new mobile device with GPS antenna) we are configuring application. If our offspring wants to go somewhere with friends, but we want to know where are they, we can turn on Endomondo and track the child on a computer. I do not think it is spying, I think it is care for it, for its safety. If you are a professional sportsman or sportswoman you can also buy on Endomondo Store additional equipment like a Bluetooth heart rate monitor which will save current measurements on application statistics. It allows seeing how our heart was working during all training.

On the end of article I want to show I think the best web service, which is now using by more and more people. It is of course cloud storages – network file hostings. It began when speed of the internet quickly increased, average in 2005. Firstly, we had heard about RapidShare. This web service was giving about 100 megabytes storage per file. People were using it, shared photos from holidays, but the biggest disadvantage was the file had been deleted after 90 days if nobody downloaded it. Moreover only downloading process made some problems, because user who wanted to do it had to (and now they also have to) wait about one minute, when “downloading had been prepared”. Of course it was purposeful action made by RapidShare, because they wanted to pull in the biggest amount of users with bought account in “pro” version. Accounts weren’t free; therefore people who wanted to download immediately files had to pay for it. Meanwhile in Poland appeared completely revolutionary network drive. In Polish it was called “Chomikuj”, what in English means to hoard by hamster. It was metaphor to way of working it, to uploading a lot of files. This one was revolutionary, because it was wholly free for using and it was unlimited. People could upload everything what they want: photos, videos, backups, without paying attention to its size. But there was one snag: other users which wanted download our files had to have available transfer limit. Every week it is renewed up to 50 megabytes. If you want download more data, you should buy more transfer limit by SMS or money transfer. “Chomikuj” as first web drive shared their web client interface based on JavaScript and AJAX technology. Nowadays it is possibly to download special “Chomikuj” client for Windows, which allows downloading and uploading files to storage, even after troubles with internet connection. Similar service released Microsoft. They called it Windows Live Sky Drive. It is free as well and access to it user can get by the web browser. Microsoft gives 25 gigabytes storage and maximum 100 megabytes per one file. On a bit different rules works Dropbox. Dropbox is now surely the most known cloud web storage, which offers us up to 8 gigabytes free web drive. It differs than other because it is normally available from system’s default files browser and of course from web too. Using Dropbox is very easy. We have to only create account and install client on computer. If we have mobile phone with new operating systems, like iOS, Android, we can install special application for it. Now, each files which we put onto Dropbox will be downloaded and saved on every device connect with your account. Unless you defined earlier that not to sync all folders at some devices. It is very easy – we are editing some document on our desktop. We send it to Dropbox and on a journey we can edit it in notebook. Not until notebook battery will be depleted, next we can continue editing document on the mobile phone. All this changes are saving on device’s memory and in Dropbox cloud storage. Similar to Dropbox could be Box or Ubuntu One, but it is less well known than Dropbox. Finally I went to the last way to storage files in web cloud. It is brand new technology, brand new service, but I am sure in next months it will be more known. It is Bitcasa – infinite storage on your desktop. Sounds great! And it is great! For $10 we will have unlimited cloud to upload files, but we cannot share this files with others, there is no option. Inventor’s idea is all users’ files should be on Bitcasa with no duplicates and syncing with hard drive as in Dropbox. On computer could be very small hard drive, even 50 gigabytes, only for operating system and necessary programs, because all files will be on Bitcasa, which is seen by computer as unlimited external drive. Every time you want to get access your documents, spreadsheets, presentations, photos etc. you have to have connection to the internet. Without them you are alone with your computer and files only on it. It is disadvantage, but slogan tells – infinite storage in cloud, so it is not possible to sync infinite data on all the devices. I think that when internet connection speed will increase even more, Bitcasa could be really big competition, especially for Dropbox. Providers of cloud storages services have problems with pirates. But some of them allowed them, because they are making money on it. For example few months ago FBI closed Megaupload.com and arrested their owners under the charges of criminal copyright infringement in relation to his service. RapidShare had also problems with copyrights. Now they changed their policy and piracy files are immediately deleted. Of course if you are cloudifing legal files, which you are an owner you can sleep well, because all of them are safe in a lot copies on storages in the all the world!

Nowadays, we cannot imagine world without the internet. We cannot imagine world without web applications and services. It is part of our life. With time it becomes more useful, more practical and more mobile. It is not a secret that we are using many more mobile devices than ever before. This market is still growing up, therefore we can expect even more. Soon majority of web applications will be made in more effective technology, which now there is. I mean HTML 5. But what about safety our data, our money and ourselves? I think if we can manage all this services reasonable with a bit of vigilance we can sleep well.

Podobał się artykuł? Myślę, że tak. :) Czekam na Twój komentarz poniżej. Bądź ze mną na bieżąco na Facebooku i obserwuj mnie na Twitterze.
671
WYŚWIETLEŃKOMENTARZ


BĄDŹ ZE MNĄ NA BIEŻĄCO
NA FACEBOOKU I TWITTERZE  

671
WYŚWIETLEŃKOMENTARZ





WYŚLIJ
E-MAILEM

WERSJA
DO DRUKU

SUBSKRYBUJ
KANAŁ RSS


BĄDŹ ZE MNĄ NA BIEŻĄCO
NA FACEBOOKU I TWITTERZE


PODAJ E-MAIL I ZAPISZ SIĘ
DO NEWSLETTERA


Komentarze 

OD NAJSTARSZYCH  •  OD NAJNOWSZYCH
  
AKCEPTUJĘ ZASADY
abcd
07.05.2012, 09:56 #1
Twój angielski mógłby być troszkę poprawniejszy.
ODPOWIEDZ    NAPISZ NOWY
Pasja. Każdy ma swoją
Twitter
Newsletter
Podaj swój e-mail i zawsze bądź na bieżąco!
Wiadomości rozsyłam następnego dnia rano po publikacji nowego artykułu.
Tak samo jak Ty nie lubię spamu.