Ah.... No.
"The security is based on a proprietary, patent pending, Digital Security Bubble(TM) (DSB) algorithm..." Snakeoil. Kurt On Thu, Jun 28, 2012 at 9:30 AM, Ziots, Edward <[email protected]> wrote: > Actually according to the article they are using AES and RSA standards, > which are available to public scrutiny (I agree if encryption was > proprietary and not open to public scrutiny I wouldn't be advising using > it) > > The Anti-Forensics capabilities might be a blessing and a curse in the > age of BYOD in the enterprise. One way if you can guarantee that data > has been wiped from endpoint devices in a forensically sound manner then > internal data from the company that would be on the phone ( PCI/PHI/ etc > etc) would not be available for recovery, but at the same token if there > is evidence that incriminates someone of a crime and its digitally wiped > from the system, then the evidence that would be needed in a court of > law to prosecute is also gone. > > And do we still think BYOD with corporate information is a good idea? > (IMHO:NO) > > Z > > Edward Ziots > CISSP, Security +, Network + > Security Engineer > Lifespan Organization > [email protected] > > > -----Original Message----- > From: Ben Scott [mailto:[email protected]] > Sent: Thursday, June 28, 2012 10:02 AM > To: NT System Admin Issues > Subject: Re: Wickr on corporate iPhones? > > On Thu, Jun 28, 2012 at 9:43 AM, David Lum <[email protected]> wrote: >> http://news.cnet.com/8301-1009_3-57462189-83/wickr-an-iphone-encryptio >> n-app-a-3-year-old-can-use/?tag=mncol;txt > > From the app page: > > http://itunes.apple.com/us/app/wickr/id528962154?ls=1&mt=8 > > "The security is based on a proprietary, patent pending, Digital > Security Bubble(TM) (DSB) algorithm that combines military grade and > propriety encryption algorithms and does not rely on a key distribution > center (KDC)." > > That sets off all my snake oil alarms. > > * Crypto which is brand-new and proprietary is by definition unproven > * Crypto which is proprietary can't be reviewed and almost always proves > to be broken > * The phrase "military grade" applied to crypto is basically > automatically bullsh!t > * The crytpo the US military does use is never commercial proprietary > > Also, they spelled "proprietary" wrong. > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
