Actually according to the article they are using AES and RSA standards, which are available to public scrutiny (I agree if encryption was proprietary and not open to public scrutiny I wouldn't be advising using it)
The Anti-Forensics capabilities might be a blessing and a curse in the age of BYOD in the enterprise. One way if you can guarantee that data has been wiped from endpoint devices in a forensically sound manner then internal data from the company that would be on the phone ( PCI/PHI/ etc etc) would not be available for recovery, but at the same token if there is evidence that incriminates someone of a crime and its digitally wiped from the system, then the evidence that would be needed in a court of law to prosecute is also gone. And do we still think BYOD with corporate information is a good idea? (IMHO:NO) Z Edward Ziots CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected] -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Thursday, June 28, 2012 10:02 AM To: NT System Admin Issues Subject: Re: Wickr on corporate iPhones? On Thu, Jun 28, 2012 at 9:43 AM, David Lum <[email protected]> wrote: > http://news.cnet.com/8301-1009_3-57462189-83/wickr-an-iphone-encryptio > n-app-a-3-year-old-can-use/?tag=mncol;txt From the app page: http://itunes.apple.com/us/app/wickr/id528962154?ls=1&mt=8 "The security is based on a proprietary, patent pending, Digital Security Bubble(TM) (DSB) algorithm that combines military grade and propriety encryption algorithms and does not rely on a key distribution center (KDC)." That sets off all my snake oil alarms. * Crypto which is brand-new and proprietary is by definition unproven * Crypto which is proprietary can't be reviewed and almost always proves to be broken * The phrase "military grade" applied to crypto is basically automatically bullsh!t * The crytpo the US military does use is never commercial proprietary Also, they spelled "proprietary" wrong. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
