This morning I read an article on Good HouseKeeping (don’t make fun, it was a link on one of the news links that get pushed in your face on my start page. I think it was Bing. I hate the news links but like the pictures). It’s interesting to see what security items make it into …
Continue reading ‘Siri Lock Screen Bypass in news your non security friends read’ »
SANS is reporting a PDF exploit for iOS 7.1.x has been released. While this is patched in iOS 8, the adoption rate for this new iOS version has been slower than previous versions. Businesses have been in front, cautioning their users that upgrades should not occur until business apps have been tested. Additionally, the 5 …
I was asked recently if Macs are being targeted more and as a result do they need to be managed at the same level as Windows computers. If you have something of value, e.g. Government, Fortune 500, China is made at you, it doesn’t matter if it is being targeted more in general. Skillful attackers with …
The New York Times had an article on the use of iPads by Baltimore Ravens and the Tampa Bay Bucs to replace their playbook. They briefly mention some of the security involved. The article mentions the following security 1. Device username Password 2. The playbook app also has a separate password. 3. Some data is kept …
Continue reading ‘Ravens Embrace iPad – Belichick Rejoices’ »
A month ago I posted an article titled Jailbreaking – Unsafe at Any Speed. That was about the need for companies to have policies against jailbreaking on corporate phones. Now I find myself in the position of writing policy to allow personal phones to connect to the Good server. I want to bring the same …
Did you see this breathless post by David Gewirtz at ZDNet? He noticed that the hardware address was listed on the retail packaging of an Apple server he just bought. Personally I think that would be quite convenient. In a corporate environment, that may need to be updated in an asset tracking database. From the comments on the …
The latest iOS software update is out containing multiple security fixes. Certificate Trust Policy libxslt Quicklook WebKit Exploitation of the most severe of these vulnerabilities may lead to remote code execution. Isn’t this the 3rd update in the past five or six weeks? Does your corporation account for iPhone patching?
Apple has released Quicktime 7.6.9 to address multiple security vulnerabilities. Viewing a maliciously crafted file could lead to arbitrary code execution. Apple’s writeup of the security vulnerabilities is posted at this link. Quicktime can be updated through Apple Software Update or via download at www.apple.com/quicktime/download. Quicktime was last updated 2.5 months ago.
When Quicktime 7.6.7 came out, I wanted to deploy it with Microsoft System Center Update Publisher (SCUP). I’d recently used SCUP to deploy Flash (for IE) and the Dell Inventory Agent. It made sense to look at using SCUP and SCCM Software Updates to deploy patches rather than continuing to use the old Software Distribution …
Good released a minor update to their app for the iPhone. Release notes are on their site. Companies that don’t want to use ActiveSync but still feel pressured into making the iPhone an option are looking to Good to do so. From the release notes: • Complete landscape view – Including email list view, calendar, …