Category Archives: Internet

Facebook Lockdown…

Facebook-LockHave you ever logged into your Facebook account while attached to a public Wi-Fi connection? If you have, you are not alone. A majority of smart-phone users do it on a regular basis, and why not? It is easy enough, standing in line at Starbuck’s? Just update that Facebook status and check out what your friends are up to. Unfortunately, using public Wi-Fi hotspots makes it very easy for almost anyone to intercept your internet activities.

This vulnerability is best  demonstrated by an extension for the Firefox browser called Firesheep that makes use of a packet sniffer to intercept information  from popular websites (Facebook and Twitter, for example) traveling over the Wi-Fi network and then allows the Firesheep user (hacker) to assume the log-in credentials of whoever’s identity was intercepted. Once logged in, the hacker has access to all sorts of personal information with very little fear of detection. Keep in mind, this extension is readily available and is very easy to use. Next time you think about logging into Facebook at your local Wi-Fi hotspot, look around. Is one of those guys (or gals) in the corner with a laptop running Firesheep?

Fortunately, defeating this particular exploit is fairly simple. Facebook allows you to access their website with the HTTPS (HyperText Transfer Protocol Secure) protocol instead of the more commonly used HTTP. HTTPS encrypts communications with SSL (Secure Socket Layer), preventing hackers from eavesdropping on your browsing. Some websites, such as banking websites, PayPal, and others require the use of HTTPS and Facebook has allowed the use of HTTPS on its website for quite some time, although it required users to manually type into the address bar of their browser instead of the using the default

Facebook has a new option, automatically enabling the use of HTTPS. This option can be accessed by selecting Account from upper right corner of the page, and choosing Account Settings. Within the Account Settings is an Account Security section that looks like the one below.

Facebook Account Settings

Putting a checkmark in the Browse Facebook on a secure connection… box (be sure to click Save to apply the setting) will do just what it says and will provide a much more secure Facebook experience. Do yourself a favor, check the box, and shear that Firesheep!

NOTE: Enabling HTTPS will make browsing a little slower and Facebook apps like Mafia Wars and Farmville won’t work. Facebook chat, however, may still work. I just tested chat and it works for me, although others have been unable to use it over a secure connection.


The internet is out of room… doom is upon us!

The internet is out of room... doom is upon us!As of yesterday, February 3rd, the organization that controls the distribution of internet addresses has allocated all of the remaining addresses that it held for distribution.  More information can be found here. This blog post is intended to shed a little light on exactly what that means and how it will impact the internet and you, the internet end user.

Out of space? In order to understand what we mean when we say that the internet is out of addresses, we’ll need a little background on how the internet works and where those addresses come from. The internet is built on a protocol known as IPv4 which is based on 32-bit addresses limiting the total number to just over 4 billion available. At the inception of the internet, this seemed that it would more than sufficient but the explosive growth of internet-enabled devices has rapidly depleted the reservoir, creating a need for more numbers. In addition, not all of the 4 billion addresses are usable for assignment but are instead designated for other purposes, such as non-routable internal address spaces, multicast, or simply can’t be used because of the way the protocol and routing works, and explanation of which is beyond the scope of this post. In a nutshell, the IANA (Internet Assigned Numbers Authority) had 5 blocks of just under 17 million address left for distribution. There are 5 Regional Internet Authorities (RIR) that each control a different geographical region and they agreed to each receive one of the 5 remaining blocks. Each RIR is now able to distribute the newly acquired addresses but cannot get anymore. The IP address barrel is empty.

What does this mean? In the short term, there won’t be any noticeable impact. The RIRs (ARIN in North America) still have addresses to distribute to ISPs, governments, corporations, etc. and while they will most likely be more frugal in doing so, the addresses could last from 6 months to 2 years depending on the region. As an end user, you probably won’t notice anything for quite some time although change is coming. The internet continues its unabated growth and there is too much money at stake to allow for a little address claustrophobia to stop it. There is a solution at hand…

What is the solution? Since IPv4 and its 32-bit address space is used up, a new version of the Internet Protocol (IP) has been created. The new version is called IPv6 and uses a 128-bit address space. At first glance, you might think that going from 32-bit to 128-bit only allows for 4 times as many addresses and we might run out of space again, but this isn’t the case. A 32-bit address has 232 combinations (4,294,967,296) while a 128-bit address has 2128 combinations (340,282,366,920,938,463,463,374,607,431,768,211,456). This staggering and tough-to-comprehend number means that each person on earth could be assigned many trillions of their own addresses and we would still have plenty left over.

Why don’t we just switch now? When IPv6 was designed, the decision was made to start fresh and not hinder it with any backwards compatibility to IPv4. This means that switching to IPv6 isn’t as simple as throwing a switch. Any time you access a website or use an internet connected device, the information is traveling through a number of different routers, devices, and connections. The screenshot below is a route I traced from my computer to A TRACERT to

In order for me to connect to through an IPv6 connection, every device in that list would need to be compatible with and properly configured for the IPv6 protocol. This is going to require a lot of hardware to be upgraded and network engineers will need to learn a new IPv6 skillset. These things come at a cost that most companies will try to avoid for as long as they can. The groundwork is being laid – Windows supports IPv6 as does OS-X, Linux, the iPhone, and your ISP may (or may not) already support IPv6. There are also workarounds available that can translate between IPv6 and IPv4 addresses (such as Teredo and 6to4) but these do not work in all cases. In summary, until the situation becomes bad enough that everyone involved is forced to upgrade, IPv6 will be ready (it has been available for 10 years already) but little used.

How will we switch? Now that the end of IPv4 is becoming more apparent, preparations for the switch are being made. IPv6 connections are being turned on and the transition to the protocol is slowly building momentum. There is a World IPv6 Day scheduled for June 8th, 2011 where some of the largest websites in the world (Facebook, Google, Yahoo!, and others) will enable IPv6 connectivity to their websites as a test. While IPv4 will not be disabled, this will test the world’s ability to connect to these websites while IPv4 and IPv6 are running in tandem. The event is also intended to provide some momentum for the inevitable switch to IPv6.

What do I do now? In the immortal words of Douglas Adams, “Don’t Panic!”  Nothing is going to change in the immediate future and almost all of the work that needs to be done will be handled by ISPs, network professionals, and hardware vendors. If you are curious about your IPv6 readiness, you can test your connection here.