I saw the first light in 1984. It was the day that Prince with Purple Rain was the number 1 song in the Netherlands. It was the time that IBM launched its first MacIntosh. Since then the evolution of technology went forward in a fast pace.
The first Personal Computer (486 pc) that I had was in 1992. I remember it very well. It was a large and very heavy tower with a floppy drive and cd-rom player with the latest and greatest Windows 3.11 and Dos. The machine had great specs:
- 133 Mhz processor
- 500 MB hard disk
- 2 x 16 MB RAM memory
- And a modem
With today’s smartphone it is impossible to imaging these specs. Its performance and its costs are not comparable with the hardware from 90's. I had to connect to the internet via a modem and was able and allowed to go online every day for 1 hour max. This caused that we were also unavailable by the phone for 1 hour. The times that I had to spend more time on the internet to finish my downloads in Kazaa or Napster, I hoped that my parents would not made a phone call, because by then they knew I was on the internet because of the strange sound in the phone.
I was able to download the files with a max speed of 56K per second and I always hoped that the connection kept stable or I had to start the download again. The 486 pc was the only device in our home that was able to connect to the internet so I also had fights with my sister on how much she could be online.
It was also the time that I built websites in just notepad and internet explorer. No lint, no packages that help you as a developer, no chrome dev tools and no front end or backend frameworks. Just code and see what happens. Then in 1997 Adobe Dreamweaver was there, it made the life of web developers easier. I was able to drag visual elements and it generated some code for me, but especially working with DIVs and see the direct output as a web page was great. You only had to focus on 1 or 2 browsers, upload it via a FTP to a server and that was it.
Then I bought my first phone in the 90’s. It was a Sony Ericsson T10. You could make phone calls, send sms messages and compose your own ringtones. Later on, the blackberry’s became more popular till the moment that Apple launched its first iPhone. This suddenly changed the whole idea of using the internet via a web browser only. Developers had to build now front end or / and native applications. This caused a change in the careers of the front end developers. Are you going to build for both channels or do you stick to the web front as channel?
We are in the situation now that we are online for 24/7, each device is connected to the internet and driving business is not possible anymore without internet and IT. This results in an exposure that makes us more vulnerable. Online we are generating revenues and communicating with each-other. Hackers also know this! They miss-use the opportunities that internet brings with it. For the most people nowadays a device that is connected to the internet is a common understanding, although we don’t have a basic understanding how the internet is working and for the elder people it is even more difficult the get up the speed with the latest trends in technology.
Something what haven’t changed during the 90’s is how the internet works. We are still communicating via the same principles as in the 90’s.
Each time when you send some information on the internet (on the network), download a file or visit a website, you will communicate via TCP/IP. This is an unsecure and unstable protocol, which in itself is vulnerable. So how does that work?
Each device (PC, mobile phone, server, routers, etc.) that is connected to the internet has a MAC address and IP address.
As a user you start a request via a browser or app. In the background your request will be translated in a request to an IP address. If you know only the domain name (www.google.nl) then a DNS server will translate this into an IP address.
The first action (SYN) is a broadcast to the internet where you ask which MAC address belongs to the IP address where you have a request for.
Example: You ask a large audience in a room who is "Bob"?
You will receive an answer (SYN + ACK) with a MAC address.
Bob responses with: "Here I am!"
You will send an answer (ACK) that you have received the answer with the MAC address.
You say to Bob: "Thanks Bob!"
You can now request the data :)
You submit your request (ACK + request)
You point to Bob and ask for his age.
Your request is translated in multi packages of max 64k each and send (ACK + response) over the internet to your MAC address.
Bob answers with: "Hi, nice question, I am 30 years old"
Your device is constructing the packages into one package
Your device sends a confirmation (ACK)
"Thanks Bob for the information. Bye"
The other MAC address (FIN) closes the connection
"Bob answer with: Bye!"
Now you have the data (30 years) on your device in a readable structure.
You see that there are many handshakes between devices before you have the data available on your device. This communication is unreliable because packages can lost or be intercepted without proper security measurements.
On the internet there are many tools available to help security engineers in auditing the security of their environments and again also hackers miss-use these tools for self fulfilling profits. Last week I had a training on Ethical Hacker and it really surprised me how easy you can act as a man in the middle and intercept data.
So don’t take the internet as a common understanding when you connect a device, build an app or do a request. Although more and more is abstracting away from you with the frameworks or the cloud services you are using, but always make sure you understand how the internet works, how to protect your devices and packages that you send across.
The world wide web became public available in 1991. Let's make sure we use the biggest invention in technology in a secure way now and in the future. And let's make the job of a hacker unprofitable.