Security warning with the iphone

[w1z4rd]

This is the single biggest problem with propriety software... the dishonesty and covering up of security flaws and lack of disclosure to the relevant bodies. I think its pretty obvious by now that Apple are darn dishonest (re Google vs Apple).. how anyone who cares about security can use their products with any kinda of peace of mind is beyond me. My guess is that either you dont have the technical ability to understand the risk or you dont have sensitive data you need to protect. Anyways.. heres the latest. Not a biggy for most people here I would imagine.

I've been called everything from stupid to a Microsoft fanboy in recent days for an opinion article criticizing Apple's handling of a bug fix in the iPhone OS. While there's legitimate argument over how damaging Apple's decisions were, many e-mails, comments, and blog posts show how few users really understand the issues around access policies when connecting to corporate servers. And many bloggers are telling users that there's a simple fix to this issue. There isn't. For many enterprises that allowed or were planning to allow iPhone access to their networks, Apple's handling of this situation is, in some measure, a betrayal.

[ Read the article that set off the controversy over Apple's handling of the iPhone's Exchange policy support. | Learn how this is not the first time Apple had quietly fixed a policy bug in the iPhone. ]

First, a recap: A bug fix in the iPhone OS 3.1 update now ensures that iPhones and iPod Touches accurately report back to Microsoft Exchange servers whether they have on-device encryption enabled. Prior to Version 3.1, iPhone OSes reported to Exchange that the devices had on-device encryption despite the fact that no device prior to the iPhone 3G S included that functionality. Because of this, Exchange servers set to allow connections only from devices with encryption enabled -- a federal and state requirement for many organizations -- have been accepting connections from unencrypted iPhones for more than a year.

Somewhere along the line, Apple figured this out. And by not telling IT of this issue earlier, Apple has put many organizations at risk of noncompliance. To add insult to injury, Apple's quiet bug fix suddenly and unexpectedly caused encryption-requiring Exchange servers to block iPhone and iPod Touch users, except for those with iPhone 3G S and the late-2009-model iPod Touch devices. This has caused headaches for many IT support staffs and embarrassed those IT admins who had convinced their companies to allow Apple's technology into their sacrosanct networks.

iPhone users and IT admins dealing with this issue would be wise to avoid falling prey to the following myths circulating widely on the Web.

Read more: http://www.infoworld.com/d/mobilize/7-myths-about-iphone-exchange-policies-367

Bottom line imho, if you work with sensitive data.. dont use Apple products unless you want the Chinese or Russians to pull the data.

If you dont work with sensitive data and do art projects.. then Apple products are fine for you. Just dont use them on sensitive networks.

 

[The_Unbeliever]

I said it before, and will say it again : Open Source FTW!!!

 

[bwana]

I said it before, and will say it again : Open Source FTW!!!

I've said it before and I'll say it again - if there was an open source solution for what I need to do I'd consider it.

Open source does not necessarily mean good software

 

[VertigoZA]

I buy apple products because I'm a home user and I don't give a flying f**k about things like this.

 

[limnos]

^

+1

 

[remybfg10k]

I'm confused a bit, does this mean ActiveSync using the Iphones should be blocked?