Fair enough. :)
William J. Robbins Enterprise Infrastructure Operations Office of Information Management Deloitte Touche Tohmatsu Limited On Feb 10, 2011, at 14:00, "Ziots, Edward" <ezi...@lifespan.org> wrote: > Yes, once… > > > > But I agree doing the “right thing” sometimes is very much frowned upon in > corporate America. > > > > Z > > > > Edward E. Ziots > > CISSP, Network +, Security + > > Network Engineer > > Lifespan Organization > > Email:ezi...@lifespan.org > > Cell:401-639-3505 > > > > From: William Robbins [mailto:dangerw...@gmail.com] > Sent: Thursday, February 10, 2011 2:53 PM > To: NT System Admin Issues > Subject: Re: IPhone attack reveals passwords in six minutes > > > > Just out of personal curiosity, have you been able to do that with any > success? I'm X number of levels below the CIO, who is levels below the CEO. > When these requests for shiny devices come from on high my manager would look > at me like a two headed baboon if I asked him to sign a memo from me, and HR > would be telling me my stuff would be mailed to my home address on file. > > But that's just me. :) > > - WJR > > > On Thu, Feb 10, 2011 at 13:48, Ziots, Edward <ezi...@lifespan.org> wrote: > > I recommend that you put in a memorandum format and make the boss > actually sign it with his own hand, if he won't then forward to your > legal department/compliance department if you have one. I agree, always > CYA yourself first. > > > Z > > Edward E. Ziots > CISSP, Network +, Security + > Network Engineer > Lifespan Organization > Email:ezi...@lifespan.org > Cell:401-639-3505 > > > -----Original Message----- > From: John Cook [mailto:john.c...@pfsf.org] > > Sent: Thursday, February 10, 2011 2:41 PM > To: NT System Admin Issues > Subject: Re: IPhone attack reveals passwords in six minutes > > We all know you can't solve stupid! That being said I can document that > I told them to follow the protocol, my a$$ get's covered first! > John W. Cook > Systems Administrator > Partnership for Strong Families > > ----- Original Message ----- > From: Ziots, Edward <ezi...@lifespan.org> > To: NT System Admin Issues <ntsysadmin@lyris.sunbelt-software.com> > Sent: Thu Feb 10 14:33:23 2011 > Subject: RE: IPhone attack reveals passwords in six minutes > > John, but you know how much users, follow directions, <=0, we been in > this game far too long to know better. Its basically trying to stop > stupid, but even trying to remote wipe, if they have slipped the sim > card or batter, u aren't getting a wipe, and the data ( unencrypted) is > gone, which in some states is a breach notification time. > > So how comfortable in a risk-based proposition do we all feel about this > going forward, hopefully not good enough that some careful thoughts and > discussions about the risks they are taking ( Bussiness/Management) ( if > they accept them, they do, its the business choice) but the financial > fallout could be the undoing, along with the liability and tarnished > company image, etc etc. > > Make the business accept the risk ( in writing) after a carefully > discussing the issues and documenting them, which is your CYA if things > go wrong, it will be only the folks that accepted the risk in a court of > law answering for the lack of due care and due diligence with company > resources and peoples critical information when all is said and done. > > Word to the wise, I see this and things like it as the next new > "ticking" timebomb just waiting to go off... > > Z > > Edward E. Ziots > CISSP, Network +, Security + > Network Engineer > Lifespan Organization > Email:ezi...@lifespan.org > Cell:401-639-3505 > > > -----Original Message----- > From: John Cook [mailto:john.c...@pfsf.org] > Sent: Thursday, February 10, 2011 2:23 PM > To: NT System Admin Issues > Subject: RE: IPhone attack reveals passwords in six minutes > > We give each user explicit directions to call us first then the Police > so we have a shot at wiping it ASAP. > > -----Original Message----- > From: Ziots, Edward [mailto:ezi...@lifespan.org] > Sent: Thursday, February 10, 2011 2:13 PM > To: NT System Admin Issues > Subject: RE: IPhone attack reveals passwords in six minutes > > Two more words, "NO Battery" = NO remote Wipe, therefore dispense with > that fallacy that its going to save you, because it doesn't do a secure > wipe of the drive itself, which allows an attacker with the phone to > basically hook it up to a device offline and download the information on > the phone and do what they want with it. > > Aaron Turner of the IANS faculity is a subject matter expert in these > areas and have put on a lot of talks, and the news is pretty grim atm. > > Basically storing any type of sensitive information on the BB, Android, > Iphone, etc etc is like playing Russian roulette with a loaded gun > pointed straight at your face, one of these times it isn't going to go > well for you. > > But this is the risk that business continue to take over and over again, > because the users are clammering for these devices, and the > functionality they bring, but are clearly blind to the security and > information disclosure aspects and how the loss, theft of data could be > the business undoing. > > Sincerely, > EZ > > Edward E. Ziots > CISSP, Network +, Security + > Network Engineer > Lifespan Organization > Email:ezi...@lifespan.org > Cell:401-639-3505 > > -----Original Message----- > From: S Powell [mailto:powe...@gmail.com] > Sent: Thursday, February 10, 2011 12:10 PM > To: NT System Admin Issues > Subject: Re: IPhone attack reveals passwords in six minutes > > two words. > > remote wipe. > > Yep, big security issue, but if someone has physical control of your > device, any device, you should always consider it compromised. > > > > > @THIS STATMENT IS VERIFIABLY INCORRECT > > > > On Thu, Feb 10, 2011 at 08:40, David Lum <david....@nwea.org> wrote: > > What I don't know is if this phone OS is any worse than anything else > in > > use. Anyone care to comment?: > > > > > > > > "Among passwords that could be revealed were those for Google Mail as > an MS > > Exchange account, other MS Exchange accounts, LDAP accounts, > voicemail, VPN > > passwords, WiFi passwords and some App passwords" > > > > > > > > > http://www.computerworld.com/s/article/9208920/IPhone_attack_reveals_pas > swords_in_six_minutes?taxonomyId=85 > > > > > > > > David Lum // SYSTEMS ENGINEER > > NORTHWEST EVALUATION ASSOCIATION > > (Desk) 503.548.5229 // (Cell) 503.267.9764 > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > --- > > To manage subscriptions click here: > > http://lyris.sunbelt-software.com/read/my_forums/ > > or send an email to listmana...@lyris.sunbeltsoftware.com > > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > CONFIDENTIALITY STATEMENT: The information transmitted, or contained or > attached to or with this Notice is intended only for the person or > entity to which it is addressed and may contain Protected Health > Information (PHI), confidential and/or privileged material. Any review, > transmission, dissemination, or other use of, and taking any action in > reliance upon this information by persons or entities other than the > intended recipient without the express written consent of the sender are > prohibited. This information may be protected by the Health Insurance > Portability and Accountability Act of 1996 (HIPAA), and other Federal > and Florida laws. Improper or unauthorized use or disclosure of this > information could result in civil and/or criminal penalties. > Consider the environment. Please don't print this e-mail unless you > really need to. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > CONFIDENTIALITY STATEMENT: The information transmitted, or contained or > attached to or with this Notice is intended only for the person or > entity to which it is addressed and may contain Protected Health > Information (PHI), confidential and/or privileged material. Any review, > transmission, dissemination, or other use of, and taking any action in > reliance upon this information by persons or entities other than the > intended recipient without the express written consent of the sender are > prohibited. This information may be protected by the Health Insurance > Portability and Accountability Act of 1996 (HIPAA), and other Federal > and Florida laws. Improper or unauthorized use or disclosure of this > information could result in civil and/or criminal penalties. > Consider the environment. Please don't print this e-mail unless you > really need to. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin