Tag Archive for AAPL

| September 1, 2015
Comments Off on Cisco Loves Apple

Cisco Loves Apple

Cisco Loves AppleApple has announced a new partnership with network giant Cisco. If you believe Fortune, the goal is to sell more iPhones and iPads to business customers. The move is intended to make it easier for businesses to use Cisco products like its video, chat, and web conferencing services on Apple‘s (AAPL) mobile devices. Fortune says that no new products have been announced under the partnership.

New partnership between Apple and CiscoIn fact, this collaboration seems to be a deal looking for a plan. Rowan Trollope, Cisco’s senior vice president and general manager of Cisco’s collaboration technology group, told the author that both Cisco (CSCO) and Apple sales teams would soon meet with business leaders at other companies to discuss their technology needs. The conversations are intended to help give Cisco and Apple ideas about the products they will develop together. He also declined to confirm if any Cisco or Apple engineers are engaged or any timeline for when the new products will hit the market.

Even though there are no plans, the Cisco VP claimed that customers will be able to prioritize mobile traffic on their networks so that workers watching YouTube videos on their iPhones won’t hog all of a company’s bandwidth. Apparently, Cisco and Apple engineers will work on updating iOS Apple’s mobile operating system, to prioritize network traffic from Apple devices, which “would be difficult without a joint engineering project,” according to the article.

Prioritization would be a good start, iOS updates have crushed networks in the past. The number of hoops you have to jump through to make AppleTV’s Bonjour work on an enterprise network is stupid. Just proof that Apple is not ready for the enterprise.

TelepresenceCisco has tried to create new product lines outside of its core networking and switching businesses to help boost its sales. Sales of its collaboration products are so stagnant that the firm has resorted to 85% discounts on telepresence gear.

Cisco has a history of buying consumer-orientated businesses like Apple, destroying the business, and then jettisoning the remains. Linksys and Flip Video come to mind.

Apple has also buddied up to IBM (IBM). The plan seems to be to add an IBM markup to overpriced Apple mobile devices. And then sell them to firms that have too much money. The combination has developed pushed-based apps that target specific industries, like healthcare or law enforcement.

rb-

add an IBM markup to overpriced Apple mobile devicesThe fanboyz are drooling over this deal – Apple Will Change the World (again?) – Maybe if they clean up their proprietary non-routable protocols.

It has been a while since Cisco has done something notable. Maybe new CIO Chuck Robbins will shake things up at Cisco now that King Chambers has mostly moved on.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| August 18, 2015
Comments Off on Prevent Pervy Pics

Prevent Pervy Pics

Prevent Pervy PicsFrom the world of unintended consequences, iPhone users have become the victims of a new phenomenon known as cyber-flashing. Reports out of London state that Apple iPhone users are being sent pervy pics. The pervy pics are unsolicited and indecent photographs. The pics are being sent over a new Apple feature in iOS called AirDrop.

BluetoothAirDrop is a feature on the iPhone, iPad, and Mac computers. AirDrop allows users to send files, such as images, to each other at a close range. The pics can be sent up to 33 feet (10 m) via a Bluetooth connection. Apparently, even if the receiver rejects the photo, they are still shown an uncensored preview of the image.

AirDrop initially establishes a connection over Bluetooth. It then uses a direct Wi-Fi connection between the two iPhones to send files. This makes the transfer much quicker.  It’s supported by devices from the iPhone 5 onwards with iOS 7 released back in 2013.

How to prevent the pervy pics

Pervy pics appearing on your iDeviceTo prevent the pervy pics from appearing on your iDevice, you need to take action. Mark James, a security specialist at ESET UK, explains. You have to set your AirDrop settings to “Contacts Only” which will only permit AirDrop file transfers from people in your address book or disable AirDrop entirely. He explains that AirDrop is not turned on by default, but it’s easy to set AirDrop to receive from Everyone, and then forget all about it.

ESET explains how to prevent cyber flashing:

  1. On the home screen of your iPhone, swipe up to open the Control Center.
  2. Tap on AirDrop, below the media playback and volume controls.
  3. Tap ‘Off’ or ‘Contacts Only’ to prevent files from being sent from strangers.

Apple Airdrop settings

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| August 13, 2015
Comments Off on Mobile Apps Leaking Your Info

Mobile Apps Leaking Your Info

Mobile Apps Leaking Your InfoJust in time for Blackhat, San Francisco-based Appthority released its Q2 2015 Enterprise Mobile Threat Report. The big headline from the Appthority report is that enterprise mobile apps are leaking your info. They are sending personally identifiable information (PII) and other sensitive information all over the world often without the enterprise’s knowledge. Your phone is leaking your info all over the web.

Appthority logoFierceMobileIT says that the Appthority Enterprise Mobile Threat Team (EMTT) collected and analyzed security and risky behaviors in three million apps. They found that the top iOS apps sent data to 92 different countries, while the top Android apps are leaking your info to 63 different countries.

Zombie apps are leaking your info

The report found another threat to all data. Appthority’s all-in-one App Risk Management service shows that 100% of enterprises surveyed have zombie apps in their environments. Zombie apps are apps that have been revoked by the app stores and are no longer getting security updates. Zombie apps can give attackers a conduit into the enterprise.

zombie appsThe report estimates that 5.2% of the Apple (AAPL) iOS apps on employee devices in an enterprise are dead apps, and 37.3% are stale Apps. On Google (GOOG) Android devices, 3.9% are dead apps and 31.8% are stale apps.

Zombie apps can leak your info. Appthority explains that malicious third parties could use a man-in-the-middle attack to hijack the update mechanism for these apps to install new malware on user devices.

Threat to the enterprise

Despite the threats, app stores run by Apple, Google, and Microsoft (MSFT) are under no regulatory obligation to tell users of revoked apps anything after release. Including copyright infringements or serious security/privacy concerns.  The report points out. Domingo Guerra, president, and co-founder of Appthority classified this as a stealthy risk; “The ongoing threat of zombie apps and stale apps continues to be an ‘under the radar’ threat to the enterprise.

programmersA third risk to the firm’s data comes from their own programmers according to the venture capital-backed Appthority. The firm says over-taxed enterprise app development teams are increasingly relying on third-party libraries and software development kits. Vulnerabilities in the third-party packages can put enterprise data at risk when they get baked into a corporate app.

The company told CSO that few mobile devices have security applications installed. In particular, only 4 percent of Android devices in use within enterprises had on-device scanning solutions.

Rb-
Firms that depend on mobile solutions as part of a Bring Your Own Device (BYOD) effort need to look after their apps as well as connectivity and hardware and data and governance and reimbursements. Bring your own device hardly seems like a cost saver to me.

I have said this repeatedly, it seems like costs are just being moved around. From spending on a PC in the office that is very less likely to be lost and that can be controlled to a bunch of new enterprise applications like EMM, mobile anti-malware to app monitoring.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| July 21, 2015
Comments Off on Apple favors IPv6 as IPv4 Dries Up

Apple favors IPv6 as IPv4 Dries Up

Apple favors IPv6 as IPv4 Dries UpThe American Registry for Internet Numbers (ARIN) has reported that the IPv4 well is just about dry in North America. On 01 July 2015, ARIN had to refuse a request for a block of IPv4 addresses. The ARIN statement says that there are still a few IPv4 numbers available in smaller block sizes. But for all intents and purposes, there are no more unassigned public IPv4 addresses. As of July 18, 2015, the ARIN IPv4 Deletion page reports only 335 /24 IPv4 address ranges are available. It is time to start looking at IPv6.

Will have an impact on the large enterprisesThe good news, according to FierceEnterpriseCommunications, is the IPv4 drought isn’t yet affecting most of the internal networks of enterprises. But it’s just a matter of time before it starts to have a greater impact on the largest of enterprises. Microsoft (MSFT), for instance, found it was out of IPv4 addresses a few weeks ago. And for the first time in ARIN’s history, they denied a company that requested a large block of IPv4 addresses. Tom Coffeen, chief IPv6 evangelist at Infoblox, in a statement to FierceEnterpriseCommunications explained:

Though the IPv4 well has run dry and threatens service providers, the sky hasn’t yet landed on enterprise networks … Most enterprises still rely on private IPv4 for their internal networks. The small number of public, routable IPv4 addresses required to connect enterprise networks to the Internet is typically provided by the ISP, making IPv4 much more critical for Internet services providers.

IPv6One company that is reacting to IPv4 scarcity is Apple (AAPL). Apple’s latest operating systems – iOS 9 for iPhones and iPads and OS X El Capitan for Macs are designed to take advantage of IPv6. The new operating systems select the fastest connection with the lowest latency, whether IPv4 or IPv6, using the Happy Eyeballs algorithm, explained David Schinazi, the CoreOS networking engineer at Apple. Devices use the Happy Eyeballs algorithm to decide which protocol to use, as many applications use a “dual-stack” approach to networking, making available both IPv4 and IPv6 connections.

FierceMobileIT says this worked out to be a 50/50 split between IPv4 and iPv6 in iOS 8 and OS X Yosemite, but for the new OSes, IPv6 will be chosen by the algorithm around 99 percent of the time, according to Apple beta testing. Apple’s Schinazi wrote in a post on the Internet Engineering Task Force mailing list that Apple considers IPv6 mainstream.

IPv6 is now mainstream instead of being an exception, there are less broken IPv6 tunnels, IPv4 carrier-grade NATs [network address translations] are increasing in numbers, and throughput may even be better on average over IPv6

The author reports that testing performed by Apple shows that the new OSes should use IPv6 addresses around 99 percent of the time. Apple operating systems have supported IPv6 by default for Mac users as part of the OS X 10.2 Jaguar release in May 2002.

Mr, Schinazi cautioned that both OSes are in beta so things might change for the final versions. “If this behavior proves successful during the beta period, you should expect more IPv6 traffic from Apple products in the future,” he added.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| May 26, 2015
Comments Off on Another Hole in Internet Armor

Another Hole in Internet Armor

Another Hole in Internet ArmorAnother hole in our Internet armor has been discovered. The hole is in the Diffie-Hellman key exchange, a popular cryptographic algorithm that allows Internet protocols to agree on a shared key and negotiate a secure connection. It is fundamental to many protocols including HTTPS, SSH, IPsec, SMTPS, and protocols that rely on TLS.

Diffie-Hellman key exchangeResearchers from the University of Michigan, Inria, Microsoft Research, Johns Hopkins University, and the University of Pennsylvania have uncovered several weaknesses in how Diffie-Hellman key exchange has been deployed. In what they are calling the Logjam attack the DF flaw allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and change any data passed over the connection.

The problem, according to the researchers, is that millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key exchange. Practitioners believed this was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field sieve—the most efficient algorithm for breaking a Diffie-Hellman connection—is dependent only on this prime. After this first step, an attacker can quickly break individual connections.

prime numberTo prove this hypothesis, the researchers carried out this computation against the most common 512-bit prime number used for TLS and demonstrated that the Logjam attack can be used to downgrade connections to 80% of TLS servers supporting DHEEXPORT.

They also estimated that an academic team can break a 768-bit prime and that a nation-state can break a 1024-bit prime. Breaking the single, most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18% of the Top 1 Million HTTPS domains. A second prime would allow passive decryption of connections to 66% of VPN servers and 26% of SSH servers.

VPN attackThere is speculation that this “flaw” was being exploited by nation-state bad actors. A close reading of published NSA leaks shows that the agency’s attacks on VPNs are consistent with having created, exploited, harnessed the Logjam vulnerability.

What should you do?

1 – Go to the researcher’s website https://weakdh.org/ to see if your browser is secure from the Logjam flaw. (It reported that Google Chrome Version 43.0.2357.81 (64-bit) on OSX 10.10.3 was not secure}

2 – Microsoft (MSFT) patched the Logjam flaw on May 12 with security bulletin MS15-055. A Microsoft spokesperson told eWEEK;

Customers who apply the update, or have automatic updates enabled, will be protected. We encourage all customers to apply the update to help stay protected.

3 – Google (GOOG) fixed the issue with the Chrome 42 update, which debuted on April 15. Google engineer Adam Langley wrote;

We disabled TLS False-Start with Diffie-Hellman (DHE) in Chrome 42, which has been the stable version for many weeks now.

patch for Firefox4 – Mozilla’s patch for Firefox isn’t out yet, but “we expect it to be published in the next few days,” Richard Barnes, cryptographic engineering manager at Mozilla, told eWEEK.

5 – DarkReading reports that on the server-side, organizations such as Apache, Oracle (ORCL), IBM (IBM), Cisco (CSCO), and various hosting providers have been informed of the issue. There has been no response from these tech titans.

The researchers have also provided guidance:

  1. If you have a web or mail server, they recommend  – disable support for export cipher suites and generate a unique 2048-bit Diffie-Hellman group. They have published a Guide to Deploying Diffie-Hellman for TLS with step-by-step instructions.
  2. If you use SSH, you should upgrade both your server and client installations to the most recent version of OpenSSH, which prefers the Elliptic-Curve Diffie-Hellman Key Exchange.
  3. If you’re a sysadmin or developer, make sure any TLS libraries you use are up-to-date, that servers you support use 2048-bit or larger primes, and that clients you maintain reject Diffie-Hellman primes smaller than 1024-bit.

rb-

Finally, get involved. Write someone, your representative, senator, your favorite bureaucrat, the president, your candidate, and tell them to get out of the way. 

Ars Technica notes that Logjam is partly caused by export restrictions put in place by the US government in the 1990s, to allow government agencies the ability to break the encryption used in other countries. “Logjam shows us once again why it’s a terrible idea to deliberately weaken cryptography, as the FBI and some in law enforcement are now calling for,” said Michigan’s J. Alex Halderman to the report. “Today that backdoor is wide open.”

 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , , ,
« Older Entries   Recent Entries »