Honestly, if its portable, light and popular ( Iphone, Ipad, I "don't need this version 1,2,3,4") its going to be a target, and given the lack of controls and encryption available for these devices is just a big problem that everyone is dealing with and it has little solutions at this time, which is unfortunate for all of us.
As for laptops there are more controls, some of them, when implemented properly, comply with state and federal regulations and provide additional protection against information disclosure/theft. Is it fool proof (nope), but it's the best we have right now. Honestly, I would rather see virtual desktops with no data residing on them after they are destroyed, and a secure method to access them, even if it was on a Tablet, IPAD etc etc. Again a lot to think about from a lot of different angles and what works for one customer in one country might not even begin to cut the mustard in another, so mileage will vary. EZ Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 -----Original Message----- From: Ken Schaefer [mailto:[email protected]] Sent: Friday, February 11, 2011 2:40 AM To: NT System Admin Issues Subject: RE: IPhone attack reveals passwords in six minutes We've been giving people laptops for years. They typically have even more data on them than phones. Why aren't you railing against that? Cheers Ken -----Original Message----- From: Ziots, Edward [mailto:[email protected]] Sent: Friday, 11 February 2011 3:13 AM To: NT System Admin Issues Subject: RE: IPhone attack reveals passwords in six minutes Two more words, "NO Battery" = NO remote Wipe, therefore dispense with that fallacy that its going to save you, because it doesn't do a secure wipe of the drive itself, which allows an attacker with the phone to basically hook it up to a device offline and download the information on the phone and do what they want with it. Aaron Turner of the IANS faculity is a subject matter expert in these areas and have put on a lot of talks, and the news is pretty grim atm. Basically storing any type of sensitive information on the BB, Android, Iphone, etc etc is like playing Russian roulette with a loaded gun pointed straight at your face, one of these times it isn't going to go well for you. But this is the risk that business continue to take over and over again, because the users are clammering for these devices, and the functionality they bring, but are clearly blind to the security and information disclosure aspects and how the loss, theft of data could be the business undoing. Sincerely, EZ Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 -----Original Message----- From: S Powell [mailto:[email protected]] Sent: Thursday, February 10, 2011 12:10 PM To: NT System Admin Issues Subject: Re: IPhone attack reveals passwords in six minutes two words. remote wipe. Yep, big security issue, but if someone has physical control of your device, any device, you should always consider it compromised. @THIS STATMENT IS VERIFIABLY INCORRECT On Thu, Feb 10, 2011 at 08:40, David Lum <[email protected]> wrote: > What I don't know is if this phone OS is any worse than anything else > in use. Anyone care to comment?: > > > > "Among passwords that could be revealed were those for Google Mail as > an MS Exchange account, other MS Exchange accounts, LDAP accounts, > voicemail, VPN passwords, WiFi passwords and some App passwords" > > > > http://www.computerworld.com/s/article/9208920/IPhone_attack_reveals_p > asswords_in_six_minutes?taxonomyId=85 > > > > David Lum // SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 503.548.5229 // (Cell) 503.267.9764 > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
