"I am not carrying around credit card information on my phone. For better or worse, there isn't a whole lot of personal information on the phone that people couldn't dig up other ways anyway." Nobody cares about that data anyway. Totally besides the point. Corporate data leaks, corporate espionage, HIPAA, Sarbanes Oxley, etc. That's the issue. Apple is trying to tout that the iPhone is Enterprise Ready, and that they have addressed all the security issues Enterprises have been asking for. Not the case. I'm happy with my users that are on AES-192 FIPS Certified Devices. iPhones, not so much. Goodlink has had AES, Polices, Remote Wipe, etc, etc for YEARS. I'm sure BB has too. It's amazing how slow other companies are picking it up. That being said, I still DO agree with many of your points :) -Sam
________________________________ From: Mayo, Bill [mailto:[email protected]] Sent: Friday, October 02, 2009 12:24 PM To: MS-Exchange Admin Issues Subject: RE: iPhone experience You read those articles, right? You phrase your statement to indicate that Apple is actively misleading people ("lied") telling people that something is in place that isn't. The first article is a hacker saying he can work around the encryption and I assume he can. That doesn't indicate that Apple "lies" when they say they encrypt the data. Is it a "lie" to say that WEP is encryption because it can be broken? You have to understand that encryption was *just* added. At this point, I'm sure they understand they have a problem and I am sure they are working on it. As for the second link, that is referring to the report that with older versions of the iPhone OS, it incorrectly reported to Exchange Server that it had encryption. This has been fixed in the current version of the OS, and I think that is all you can expect. But the bigger point here is that Exchange simply blindly trusts any device that connects to it about such things. Does Microsoft not bear any culpability? There is a valid argument that vendors shouldn't misrepresent, but if you go back to your hacker in the first link, it would be trivial for someone to alter traffic from an otherwise legit device to say that it did offer encryption and blow up your policies anyway. Again, Exchange working on the honor system is just as much of a problem as the now-corrected behavior of the iPhone. I fail to see how any of the last 4 links have anything to do with lying, iPhone security, or encryption. Just a bunch of complaints saying that Apple shouldn't advertise software that it is 100% your choice to download or not. As for my "I feel just fine" response, I offer the following. I am not carrying around credit card information on my phone. For better or worse, there isn't a whole lot of personal information on the phone that people couldn't dig up other ways anyway. But if it were missing, I have the ability to: 1) locate where it is on a map, and 2) remotely wipe it. And I would imagine that the odds are in my favor that any person that might steal the phone is not a hacker anyway. Every time an iPhone topic comes up on this list, you can determine the tenor of the response from the name of the sender (myself included, no doubt). I really don't understand why some people get so bent out of shape whenever comes up, but to each their own. ________________________________ From: Sam Cayze [mailto:[email protected]] Sent: Friday, October 02, 2009 12:56 PM To: MS-Exchange Admin Issues Subject: RE: iPhone experience "Again, source? I feel just fine." Just to recap a few articles that were referenced in this thread: "Hacker Says iPhone 3GS Encryption Is 'Useless' for Businesses" http://www.wired.com/gadgetlab/2009/07/iphone-encryption/ iPhone has been lying about it's compliance with security policies http://www.infoworld.com/d/mobilize/other-iphone-lie-vpn-policy-support-865 Apple pushes iPod/iTunes/iPhone update that includes the Apache web server: http://www.itworld.com/security/79064/dont-need-it-dont-install-it http://www.macrumors.com/2009/09/09/apple-releases-iphone-configuration-utility-2-1-for-mac-and-windows-and-mobile-me-control-panel-for-windows http://blogs.computerworld.com/14808/apple_shovelware_problems_again_iphone_configuration_utility http://www.computerworld.com/s/article/9138620/Apple_pushes_unnecessary_software_to_Windows_PCs ________________________________ From: Mayo, Bill [mailto:[email protected]] Sent: Friday, October 02, 2009 11:48 AM To: MS-Exchange Admin Issues Subject: RE: iPhone experience Again, source? I feel just fine. ________________________________ From: Steve Ens [mailto:[email protected]] Sent: Friday, October 02, 2009 12:12 PM To: MS-Exchange Admin Issues Subject: Re: iPhone experience Another question - how do all the iphone lovers feel now that they know the security on their precious devices is crap and that Apple lied about the included encryption? On Fri, Oct 2, 2009 at 11:06 AM, Sam Cayze <[email protected]> wrote: "So how many of you that have deployed the iPhone have had to deal with physical damage" I have, but this guy breaks any phone he touches. Many of my friends have them, and they seem to hold up quite well. The problem is that At&t's excludes Assurion Insurance on the iPhone. (All other carries offer a damage insurance for smartphones, with a $50 or so deductable). A MUST IMO. That will leave you high and dry when someone breaks an iPhone. 1. Get 3rd party Insurance on the iPhone (http://www.squaretrade.com <http://www.squaretrade.com/> ), or check your Ins policy at work. You might be able to add a policy rider. (It was a rip off where I worked, I opted for square trade) 2. Keep a spare on hand. (Or at least a dumbphone), in case the user's phone breaks, and needs one ASAP. Another reason for 3rd Party coverage: Apple and At&t are NOT offering replacements to users that have bricked iPhones during an upgrade to say OS 3.1. (Ridiculous, I know, don't get me started). Sam ________________________________ From: Martin Blackstone [mailto:[email protected]] Sent: Friday, October 02, 2009 10:36 AM To: MS-Exchange Admin Issues Subject: RE: iPhone experience So let me pose an iPhone question. Compared to a BB, how does it physically hold up. I have guys here that just beat the living hell out of their phones and of course they are also the ones who want iPhones and the iPhone just looks too delicate for day to day usage by a lot of folks. The BB can take a hell of a beating and short of the occasional track ball replacement, I rarely have to replace them unless someone has dropped it in a toilet or some other catastrophic issue. But that glass front on the iPhone scares me. So how many of you that have deployed the iPhone have had to deal with physical damage? From: Micheal Espinola Jr [mailto:[email protected]] Sent: Friday, October 02, 2009 8:25 AM To: MS-Exchange Admin Issues Subject: Re: iPhone experience OK, so my reply to you: I didnt say to pin it on anything. I said it can be done; which is true. I didnt say to do it or not to; only that its possible. I really dont know how I could have written a more neutral statement about it originally or in my reply to you. I dont think its fair to say I'm being disingenuous because of my intentional neutrality. Touché on the open source bits of router firmware, which opens the door wide for any modifications. My mistake for neglecting to take that into consideration. But, these forums have not been quick to uphold Microsoft's licensing when it comes to phone firmware/software customization. Theft, sure. Customization? No. Jailbreaking is not theft. Your comparison to BitTorrent use was disingenuous - for real. -- ME2 On Fri, Oct 2, 2009 at 12:24 AM, Ben Scott <[email protected]> wrote: On Thu, Oct 1, 2009 at 8:38 PM, Micheal Espinola Jr <[email protected]> wrote: > I don't see what was "disingenuous" about my reply to Bob. Not your reply to Bob, you reply to me. Which I read along the lines of, "Oh, I didn't mean you should actually *do* what I was talking about, I was just saying it's theoretically possible." You want to argue you don't think it's a big deal, or you interpret the license different, or something like that (which you did, now), okay. I might not agree, but I can respect that. But playing language lawyer to try and dodge ownership of what you say -- that is bogus. I have no respect for that. Maybe that's not what you intended to mean, in which case, I apologize. > Its funny, because whenever someone wants to get better access control with > a home router, there are plenty of recommendations for DD-WRT. The license agreements with those routers don't prohibit third-party firmware. Indeed, in many cases, they're specifically required to release the source under the GPL. Some even advertise their compatibility with third-party firmware as a feature, e.g., WRT54GL. Apple/AT&T forbids it in their licenses, release updates to counter it, and threatens legal action. See the difference? > Apple is not special. No, they're not. And these forums are usually pretty quick to uphold Microsoft's licenses. So why not Apple's? -- Ben
