Siri Lock Screen Bypass in news your non security friends read

This morning I read an article on Good HouseKeeping (don’t make fun, it was a link on one of the news links that get pushed in your face on my start page.  I think it was Bing. I hate the news links but like the pictures).  It’s interesting to see what security items make it into …

Continue reading ‘Siri Lock Screen Bypass in news your non security friends read’ »

Ravens Embrace iPad – Belichick Rejoices

The New York Times had an article on the use of iPads by Baltimore Ravens and the Tampa Bay Bucs to replace their playbook.   They briefly mention some of the security involved. The article mentions the following security 1.   Device username Password 2.  The playbook app also has a separate password. 3.  Some data is kept …

Continue reading ‘Ravens Embrace iPad – Belichick Rejoices’ »

Jailbroken Phones and Corporate Access

A month ago I posted an article titled Jailbreaking – Unsafe at Any Speed.  That was about the need for companies to have policies against jailbreaking on corporate phones.    Now I find myself in the position of writing policy to allow personal phones to connect to the Good server.   I want to bring the same …

Continue reading ‘Jailbroken Phones and Corporate Access’ »

Did you see this breathless post by David Gewirtz at ZDNet? He noticed that the hardware address was listed on the retail packaging of an Apple server he just bought.   Personally I think that would be quite convenient.   In a corporate environment, that may need to be updated in an asset tracking database.   From the comments on the …

Continue reading ‘’ »

iPhone 4.3.2

The latest iOS software update is out containing multiple security fixes. Certificate Trust Policy libxslt Quicklook WebKit Exploitation of the most severe of these vulnerabilities may lead to remote code execution. Isn’t this the 3rd update in the past five or six weeks?   Does your corporation account for iPhone patching?

Quicktime 7.6.9 released

Apple has released Quicktime 7.6.9 to address multiple security vulnerabilities.  Viewing a maliciously crafted file could lead to arbitrary code execution. Apple’s writeup of the security vulnerabilities is posted at this link. Quicktime can be updated through Apple Software Update or via download at Quicktime was last updated 2.5 months ago.

Quicktime and SCUP

When Quicktime 7.6.7 came out, I wanted to deploy it with Microsoft System Center Update Publisher (SCUP).   I’d recently used SCUP to deploy Flash (for IE) and the Dell Inventory Agent.   It made sense to look at using SCUP and SCCM Software Updates to deploy patches rather than continuing to use the old Software Distribution …

Continue reading ‘Quicktime and SCUP’ »