Receive new posts as email.
RSS 0.91 | RSS 2.0
RDF | Atom
Podcast only feed (RSS 2.0 format)
Get an RSS reader
Get a Podcast receiver
| Sun | Mon | Tues | Wed | Thurs | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 | 31 |
This site operates as an independent editorial operation. Advertising, sponsorships, and other non-editorial materials represent the opinions and messages of their respective origins, and not of the site operator or JiWire, Inc.
Entire site and all contents except otherwise noted © Copyright 2001-2006 by Glenn Fleishman. Some images ©2006 Jupiterimages Corporation. All rights reserved. Please contact us for reprint rights. Linking is, of course, free and encouraged.
Powered by
Movable Type
« RIM Releases Blackberry with Wi-Fi, EDGE, Converged Calling, GPS | Main | JiWire Scores Microsoft Hotspot Ad Deal, Spills Some Numbers »
Over at Macworld.com, you can read my rundown of what Apple’s done right and wrong with securing data in transit from the iPhone over Wi-Fi: The iPhone is, so far, widely regarded as a tremendously secure device in terms of putting data on it, and it’s ability to be updated as exploits or other bugs are revealed. But once data leaves the iPhone, or is en route to it, the picture changes entirely.
In brief, Apple doesn’t provide tools that make encrypting traffic over services other than email a reliable, consistent, and straightforward affair, despite their success in building such tools into Mac OS X. This includes a lack of a globally configurable Web proxy; Apple bizarrely set it up as a per-network option. Apple did, however, make its four branded email connection partners—the ones with logos and automated setup—default to SSL for POP, IMAP, and SMTP, and any new email connection you add tries to use SSL for its connections, too.
Apple’s VPN implementation is rather slim and buggy. The only time I’ve crashed the iPhone so far was when trying to re-establish a VPN connection. Boom, went the iPhone, but it restarted just fine. I report on two separate bugs in password handling, one reported to me by a rent-a-VPN firm. The VPN password is sometimes forgotten, and if you’ve chosen to enter the password each time, the keyboard presented is a dial pad (numbers and some punctuation) not a full keyboard, making it impossible to enter a strong password.
Apple notes on their Web site how they only support the most basic versions of PPTP and IPsec/L2TP connections: PPTP plus a password, and IPsec/L2TP plus a shared secret and password. Two-factor authentication where you use a token (a key fob or other card) that generates a timed password isn’t supported, and that’s a must-have for many corporate networks.
All the problems and frustrations I document in the Macworld.com article can be fixed through software updates.
Posted by Glennf at July 18, 2007 8:26 AM
Categories: Security
TrackBack URL for this entry:
https://db.isbn.nu/mt3/mt-tb.pl/4693