Hmm, remember a mess of things like this from Microsoft years ago. It's a design flaw if you can't change the behavior. Otherwise it's a user configurable setting. It's #1 a consumer device, we may be shoehorning apps which access the enterprise onto it. It's still a consumer device.
On Sat, Nov 12, 2011 at 5:10 PM, James Hill <[email protected]>wrote: > What kind of good security design has “less security” as the default?**** > > ** ** > > It’s a security design flaw, simple as that.**** > > ** ** > > *From:* Jonathan Link [mailto:[email protected]] > *Sent:* Saturday, 12 November 2011 1:30 PM > > *To:* NT System Admin Issues > *Subject:* Re: Stupid iPhone 4S Security Loophole**** > > ** ** > > Fine disagree. It is a huge stretch to call something a design flaw if a > setting can be changed by the user. Not your first, though. > > On Friday, November 11, 2011, Kurt Buff <[email protected]> wrote: > > I disagree. The reason I think it's a design flaw, IMO, is that > > settings with security implications should be set to the more secure > > setting by default. I suppose you could get all airy about it and say > > that their approach to design is flawed - that is, Apple seem to be in > > favor of ever feature turned on out of the box so that users are > > fooled into believing they don't have to make decisions. > > > > The basic stance should be: Turn off almost everything by default, and > > let the user choose to turn on what they want afterward. > > > > Microsoft is learning this lesson. Apple hasn't yet. OpenBSD has > > mastered this lesson, and FreeBSD pretty much has it down pat, too. > > > > I will say that I think that this particular issue isn't of > > Earth-shattering proportions, but it seems to be in line with Apple's > > general outlook... > > > > Kurt > > > > On Fri, Nov 11, 2011 at 15:56, Jonathan Link <[email protected]> > wrote: > >> No. It is user configurable. > >> At worst, Apple didn't disclose the security implications. Since it is a > >> consumer device I am unsurprised. > >> On Friday, November 11, 2011, Kurt Buff <[email protected]> wrote: > >>> that's not a bug, that's a design flaw. > >>> > >>> On Fri, Nov 11, 2011 at 14:40, Micheal Espinola Jr > >>> <[email protected]> wrote: > >>>> Ah, but that's not a bug - its a feature. > >>>> > >>>> -- > >>>> Espi > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> On Fri, Nov 11, 2011 at 2:15 PM, Stu Sjouwerman > >>>> <[email protected]> > >>>> wrote: > >>>>> > >>>>> You may have missed this, but there is a hole in Siri, the > much-touted > >>>>> iPhone 4S personal assistant. The default setting for the new A.I. is > >>>>> "On", which means that even when a user's phone is locked, anyone > >>>>> could pick it up, hold down the home button and tell Siri to send > >>>>> texts and emails. OUCH! > >>>>> > >>>>> There's an easy fix though, if you don't want Siri to work when the > >>>>> phone is locked, simply change the default setting from "Allow access > >>>>> to Siri when locked with a passcode" to "Off." Just make sure it's > done. > >>>>> > >>>>> Warm regards, > >>>>> Stu > >>>>> > >>>>> > >>>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > >>>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >>>>> > >>>>> --- > >>>>> To manage subscriptions click here: > >>>>> http://lyris.sunbelt-software.com/read/my_forums/ > >>>>> or send an email to [email protected] > >>>>> with the body: unsubscribe ntsysadmin > >>>>> > >>>> > >>>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > >>>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >>>> > >>>> --- > >>>> To manage subscriptions click here: > >>>> http://lyris.sunbelt-software.com/read/my_forums/ > >>>> or send an email to [email protected] > >>>> with the body: unsubscribe ntsysadmin > >>> > >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >>> > >>> --- > >>> To manage subscriptions click here: > >>> http://lyris.sunbelt-software.com/read/my_forums/ > >>> or send an email to [email protected] > >>> with the body: unsubscribe ntsysadmin > >>> > >>> > >> > >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >> > >> --- > >> To manage subscriptions click here: > >> http://lyris.sunbelt-software.com/read/my_forums/ > >> or send an email to **** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
