My CEO saw another CEO with an IPad in a meeting and instantly sent an email to our IT VP that he wanted one. This little tidbit might slow him down but only for a while.
From: Ben Schorr [mailto:[email protected]] Sent: Thursday, February 10, 2011 2:10 PM To: NT System Admin Issues Subject: RE: IPhone attack reveals passwords in six minutes No doubt, but the PHBs want their shiny toys. Security is like insurance. Everybody thinks they have too much of it until they discover they have too little. Ben M. Schorr Chief Executive Officer ______________________________________________ Roland Schorr & Tower www.rolandschorr.com<http://www.rolandschorr.com/> [email protected]<mailto:[email protected]> From: Ziots, Edward [mailto:[email protected]] Sent: Thursday, February 10, 2011 12:07 To: NT System Admin Issues Subject: RE: IPhone attack reveals passwords in six minutes This is why you expect company information to stay in a encrypted, protected state that will comply with State and Federal regulations how? This is the risk when you use a personal use device for corporate use, and the fallout from it, will soon be known, abiet painfully. Remember if we 0wn your device, its not your device anymore, and all that means is I need to get a piece of malware on your phone, IPAD, BB, and it doesn't matter if the traffic is encrypted, because I get to see and inspect and capture it before if even is encrypted, and the user probably is none the wiser. I see the dream scenario when people buy into the "Marketechture" of the "Hey scan you check into your phone and deposit it in your account" which I believe BOA and others are touting right now. Malware gets your routing numbers, and the attacker starts the fun on your back accounts with a modified banking Trojan, until there is nothing left, and moves on to the next victim. Food for thought, mileage will vary, Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 From: Martin Blackstone [mailto:[email protected]] Sent: Thursday, February 10, 2011 12:36 PM To: NT System Admin Issues Subject: RE: IPhone attack reveals passwords in six minutes You are correct. The device is not encrypted. Just the traffic. From: William Robbins [mailto:[email protected]] Sent: Thursday, February 10, 2011 9:34 AM To: NT System Admin Issues Subject: Re: IPhone attack reveals passwords in six minutes But that's just net traffic to and fro correct? I thought we were discussing encryption on the device itself, which is not on by default. - WJR On Thu, Feb 10, 2011 at 11:32, Martin Blackstone <[email protected]<mailto:[email protected]>> wrote: All BB traffic is encrypted by default. From: William Robbins [mailto:[email protected]<mailto:[email protected]>] Sent: Thursday, February 10, 2011 9:31 AM To: NT System Admin Issues Subject: Re: IPhone attack reveals passwords in six minutes The big if on Berry's is Encryption has to be turned on. :) - WJR On Thu, Feb 10, 2011 at 11:25, Paul Hutchings <[email protected]<mailto:[email protected]>> wrote: Normally I'd agree but what about devices such as Blackberry where they use AES encryption and if you enter the password X times incorrectly, it erases itself? I ask as Blackberry have some pretty decent government certification which suggests that unless you have some hefty resource at your disposal (i.e. agency or state) you're not likely to get far. (awaits the link showing how an encrypted and password protected blackberry has been compromised in 5 minutes) -----Original Message----- From: S Powell [mailto:[email protected]<mailto:[email protected]>] Sent: 10 February 2011 17:10 To: NT System Admin Issues Subject: Re: IPhone attack reveals passwords in six minutes two words. remote wipe. Yep, big security issue, but if someone has physical control of your device, any device, you should always consider it compromised. @THIS STATMENT IS VERIFIABLY INCORRECT On Thu, Feb 10, 2011 at 08:40, David Lum <[email protected]<mailto:[email protected]>> wrote: > What I don't know is if this phone OS is any worse than anything else > in use. Anyone care to comment?: > > > > "Among passwords that could be revealed were those for Google Mail as > an MS Exchange account, other MS Exchange accounts, LDAP accounts, > voicemail, VPN passwords, WiFi passwords and some App passwords" > > > > http://www.computerworld.com/s/article/9208920/IPhone_attack_reveals_p > asswords_in_six_minutes?taxonomyId=85 > > > > David Lum // SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 503.548.5229 // (Cell) 503.267.9764 > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected]> > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin -- MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 100 1464 84 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ________________________________ CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
