Comment It isn't 5v, it's 340v! (Score 3, Informative) 457
See the commentary at the top of the page from this link:
http://www.righto.com/2012/03/inside-cheap-phone-charger-and-why-you.html
--Paul
See the commentary at the top of the page from this link:
http://www.righto.com/2012/03/inside-cheap-phone-charger-and-why-you.html
--Paul
Lots of good advice so far, but one more item -- since your father has turned sysadmin tasks over to you, once you wipe and re-install, set up his account on the computer so that it is a restricted user account, not an admin account. If he isn't doing sysadmin tasks then he doesn't need the privs and this limits the amount of damage that a scammer can do to the computer. (Although getting his SSN and other info is still really bad.)
--Paul
I'm a former Apple engineer, current independent consultant, so I'm not going to address the Android side. That's a lot more complicated -- I'll stick with talking about the iOS info that I know about.
That said, wow, there's a lot of snarky comments but not a lot of information posted.
iOS has full-device hardware encryption built-in on the iPhone 3GS and later, activated as soon as you set up a passcode. This top-level encryption layer is for quick device wipes, not for data protection. Each user data file is then encrypted on top of that using its own unique key, then set into a protection class by the app developer:
- Complete Protection - decrypted only when the device is unlocked; file key is removed from memory when the device is locked.
- Protected Unless Open - decrypted when the device is unlocked; if file is open when the device locks, the file stays open/decrypted.
- Protected Until First User Authentication - decrypted on first unlock, stays decrypted until reboot
- No Protection - file system encryption only; no per-file encryption key
Apple has really been on developers cases to tighten down the data protection classes for their apps on iOS.
In addition, iOS has a huge number of remote management options. Apple provides a basic management tool called Profile Manager in Lion Server, and there are third-party Mobile Device Managers (MDMs) that take the basics and go even further. You can force complex passcodes, pre-configure e-mail accounts, restrict usage of features, and so on. The enterpriseios.com site has a pretty complete listing.
One of the cool things about using iOS MDM is that all of the configuration profiles are tied to the management profile that gets installed when the device is first enrolled with the MDM. If you're in a BYOD situation and a user leaves on bad terms, the IT department can retract the management profile, which automatically retracts all of the other configuration profiles. This will delete corporate e-mail accounts, remove in-house apps (and their data!), take away VPN and 802.1X access, and so on, without erasing the person's device entirely. All of the pictures the person took are still there, not blown away as they would be after a complete device wipe.
Anyway, a few links that may help you out:
http://www.apple.com/iphone/business/integration/
http://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf
http://www.enterpriseios.com/
http://consultants.apple.com/index.php - look for consultants with the Mobility specialization
https://help.apple.com/advancedserveradmin/mac/10.7/ - go into "Manage Users" --> "Profile Manager" on the right
Hope this helps.
--Paul
"As part of the settlement, Glik agreed to withdraw his appeal to the Community Ombudsman Oversight Panel. He had complained about the Internal Affairs Division's investigation of his complaint and the way they treated him. IAD officers made fun of Glik for filing the complaint, telling him his only remedy was filing a civil lawsuit. After the City spent years in court defending the officers' arrest of Glik as constitutional and reasonable, IAD reversed course after the First Circuit ruling and disciplined two of the officers for using "unreasonable judgment" in arresting Glik.
This is exactly the design scenario for Podcast Publisher and Podcast Library.
http://www.apple.com/macosx/server/features/all.html#podcasting
While it can take advantage of a whole cluster of servers, it can also run (albeit more slowly) on a single Core i7 Mini Server. For more detailed docs, see:
https://help.apple.com/advancedserveradmin/mac/10.7/#apdEDF248EC-ED8E-473E-8166-E7D0B2A854D7
It's in use at lots of universities and some K-12 schools.
Hope this helps.
--Paul
This is just going through the motions. DigiNotar has been dead since August 30, when Google, Mozilla, and Microsoft all revoked trust in their certificates. Anyone with at least two brain cells (which seems to exclude a large number of managers, unfortunately) could see the writing on the wall. No one would ever buy a new DigiNotar certificate, since it would always pop up a scary warning to the user in a web browser. Why bother with buying a certificate from DigiNotar and dealing with the resulting end-user support issues, when you can buy from someone else and not have to deal with the problem?
More interesting to me is what will happen to DigiNotar's corporate parent, Vasco Data Security? The purchase of DigiNotar is relatively recent (January 10, 2011), so it's not clear how much influence Vasco's management had over DigiNotar's operations. At the very least, Vasco is going to need to pay for an audit of its own systems to reassure its direct customers.
--Paul
http://it.slashdot.org/story/11/08/10/2113246/Feds-Radios-Have-Significant-Security-Flaws
APCO 25 doesn't seem to be very well thought through. Easily jammed at multiple levels and vulnerable in many ways.
--Paul
Folks,
I have detailed info and tools on my website at
http://ps-enable.com/articles/diginotar-revoke-trust
The short story is that it is possible to protect yourself, but it requires deleting the DigiNotar root cert(s), then revoking trust on the two roots plus four intermediates.
--Paul
Apple is behind the curve on this, almost certainly due to a bug in the handling of Extended Validation certificates that needs to be fixed. Until then, I have info and tools on my web page to help users with the problem.
http://ps-enable.com/articles/diginotar-revoke-trust
--Paul
"...announce on the loud speaker in a polite English accent..."
FYI, this will not work. Steve Jobs does not have an English accent.
--Paul
$6 million is pocket change to a company that has $5.2 billion in annual revenue. However, the true cost is really higher, as encrypting everything means that things like disk corruption are no longer repairable, lost passwords can't be reset without losing data, and the like. It'd be interesting to see just what the ongoing costs are.
That said, I would like to compliment Tennessee BC/BS for doing the right thing, in spite of it costing money.
--Paul
Folks,
Does no one remember 2007? Bob Watson presented a paper on exploiting concurrency to break all kinds of things like systrace back then, complete with example code. Vsys is the same kind of thing -- it has processes executing in an outside space where you can have a race condition and force the parameters to change after the clearance check but before it actually does the work. See:
http://www.watson.org/~robert/2007woot/
--Paul
consistently (a) remember a long password and (b) type it without a failure at least 50% of the time, is in the single digits.
This myth needs to end. Most people can memorize phrases hundreds of words long:
You missed the second part -- TYPE them consistently enough that they can get in without getting frustrated. I have no doubt that a large percentage of the general population can memorize long, complex passages at the word level. The number that can get them consistently right at the character level is much lower. The number that can get them consistently right at the character level when they are required to change the phrase every six months drops to near zero.
--Paul
Living on Earth may be expensive, but it includes an annual free trip around the Sun.