No doubt, but the PHBs want their shiny toys.
Security is like insurance. Everybody thinks they have too much of it until they discover they have too little. Ben M. Schorr Chief Executive Officer ______________________________________________ Roland Schorr & Tower www.rolandschorr.com <http://www.rolandschorr.com/> [email protected] <mailto:[email protected]> From: Ziots, Edward [mailto:[email protected]] Sent: Thursday, February 10, 2011 12:07 To: NT System Admin Issues Subject: RE: IPhone attack reveals passwords in six minutes This is why you expect company information to stay in a encrypted, protected state that will comply with State and Federal regulations how? This is the risk when you use a personal use device for corporate use, and the fallout from it, will soon be known, abiet painfully. Remember if we 0wn your device, its not your device anymore, and all that means is I need to get a piece of malware on your phone, IPAD, BB, and it doesn't matter if the traffic is encrypted, because I get to see and inspect and capture it before if even is encrypted, and the user probably is none the wiser. I see the dream scenario when people buy into the "Marketechture" of the "Hey scan you check into your phone and deposit it in your account" which I believe BOA and others are touting right now. Malware gets your routing numbers, and the attacker starts the fun on your back accounts with a modified banking Trojan, until there is nothing left, and moves on to the next victim. Food for thought, mileage will vary, Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 From: Martin Blackstone [mailto:[email protected]] Sent: Thursday, February 10, 2011 12:36 PM To: NT System Admin Issues Subject: RE: IPhone attack reveals passwords in six minutes You are correct. The device is not encrypted. Just the traffic. From: William Robbins [mailto:[email protected]] Sent: Thursday, February 10, 2011 9:34 AM To: NT System Admin Issues Subject: Re: IPhone attack reveals passwords in six minutes But that's just net traffic to and fro correct? I thought we were discussing encryption on the device itself, which is not on by default. - WJR On Thu, Feb 10, 2011 at 11:32, Martin Blackstone <[email protected]> wrote: All BB traffic is encrypted by default. From: William Robbins [mailto:[email protected]] Sent: Thursday, February 10, 2011 9:31 AM To: NT System Admin Issues Subject: Re: IPhone attack reveals passwords in six minutes The big if on Berry's is Encryption has to be turned on. :) - WJR On Thu, Feb 10, 2011 at 11:25, Paul Hutchings <[email protected]> wrote: Normally I'd agree but what about devices such as Blackberry where they use AES encryption and if you enter the password X times incorrectly, it erases itself? I ask as Blackberry have some pretty decent government certification which suggests that unless you have some hefty resource at your disposal (i.e. agency or state) you're not likely to get far. (awaits the link showing how an encrypted and password protected blackberry has been compromised in 5 minutes) -----Original Message----- From: S Powell [mailto:[email protected]] Sent: 10 February 2011 17:10 To: NT System Admin Issues Subject: Re: IPhone attack reveals passwords in six minutes two words. remote wipe. Yep, big security issue, but if someone has physical control of your device, any device, you should always consider it compromised. @THIS STATMENT IS VERIFIABLY INCORRECT On Thu, Feb 10, 2011 at 08:40, David Lum <[email protected]> wrote: > What I don't know is if this phone OS is any worse than anything else > in use. Anyone care to comment?: > > > > "Among passwords that could be revealed were those for Google Mail as > an MS Exchange account, other MS Exchange accounts, LDAP accounts, > voicemail, VPN passwords, WiFi passwords and some App passwords" > > > > http://www.computerworld.com/s/article/9208920/IPhone_attack_reveals_p > asswords_in_six_minutes?taxonomyId=85 > > > > David Lum // SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 503.548.5229 // (Cell) 503.267.9764 > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 100 1464 84 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
