Apple turn iPhone security issue into 'Nothing to see here move along'
 

http://news.cnet.com/8301-13579_3-10354209-37.html

So this issue originally was:

iPhone OS 3.0 did not identify itself properly to Exchange 2007 on any iPhone. This means that if you had a 3G and Exchange 2007 was configured to require hardware encryption, you could still login, even though the device does not have hardware encryption.

Apple's response to the fact that all previous iPhones were essentially breaking the security of any company using them:

"iPhone OS 3.1 is working properly with Exchange Server 2007," Apple representative Natalie Harrison told CNET News. "We added device encryption information to the data that can be managed by IT administrators using Exchange Server 2007. The policy of whether to support iPhone 3G, in addition to iPhone 3GS, which always has on-device encryption, on Exchange Server 2007 is set by the administrator and can be changed at any time."

The only way to continue to use the older iPhones - which were sold with 'Exchange support' - is to turn off the hardware encryption rule for those devices.

I'm pretty sure if this was any other company then people would be down on them like a ton of bricks

Re: Apple turn iPhone security issue into 'Nothing to see here move along'
 

lol I know this reply is a tad 'off course' but since no-one seems to be able to get hold of an Iphone for love nor money, wont be an issue for most :-P

Sorry cheeky answer I know - Ive been trying to get one for ages now!

Re: Apple turn iPhone security issue into 'Nothing to see here move along'
 

Apple are the most anti-consumer, anti-competitive, anti-trust company out there but slick marketing and image handily means they can side step any judgements that may land on..... oh, let's say Microsoft.

The sooner the FTC, FCC et al. start coming down on the consumer instead of Jobs, the better.

Re: Apple turn iPhone security issue into 'Nothing to see here move along'
 

Completely agree, they only get away with it because they aren't MS and quite often MS only get judged against because they are MS. It's one thing to attempt to level a playing field but when you end up tilting it in favour of everyone else then you aren't doing the job right.
Encourage competition but deal with all parties in the same way.

Re: Apple turn iPhone security issue into 'Nothing to see here move along'
 

:tu:

---------- Post added at 13:30 ---------- Previous post was at 13:29 ----------

Agreed! But again who has the ear of whom in these matters.Lobbyists are the devil...

Re: Apple turn iPhone security issue into 'Nothing to see here move along'
 

And whilst we are talking about Apple security:

http://apple.slashdot.org/story/09/0...unity?from=rss

Hmmm

Lobbyists tend to be industry-based rather than company-based. There is something about Apple and the way its marketed and PR is handled. You know its an evil company but everyone ends up liking it. I mean the term "fanboy" was banned on here solely because of the Apple fans. That's nto a coincidence.

The regulatory bodies really need to step up against them. For example the FCC aren't investigating allegations that Apple are denying apps that hurt AT&T's (their main benefactor) bottom line.

Apple are finally being investigated... but nothing to do with their products. They have agreements with other like-minded companies [cough]Google[/cough] not to hire their workers. Its considered an anti-trust matter and the US DOJ is investigating. Of course, nothing will come of it.

Re: Apple turn iPhone security issue into 'Nothing to see here move along'
 

I found this interesting...

http://www.saurik.com/id/12

I think he makes some good points about Apple.

Re: Apple turn iPhone security issue into 'Nothing to see here move along'
 

A SF author, Charlie Stross, has his own view on why Apple is the way it is - Link - as part of a rant on so-called mobile technology.

Re: Apple turn iPhone security issue into 'Nothing to see here move along'
 

I quite like the 'new' Microsoft as I see it. They have become better, opened out, are more interested in cross platform compatibility. Somewhat forced on them by conditions in the industry but impressive none the less. Development wise their decision to include jQuery in a the ASP.Net MVC platform is very positive.

I agree they are sometimes unfairly targeted.

I don't think this incident proves anything about Apple, I think the market for exchange is too small for many people to have been affected and they resolved the bug.

Re: Apple turn iPhone security issue into 'Nothing to see here move along'
 

It's worth noting that there is supposed a major security flaw to do with the way Windows handles message passing. It's not easy to use, but Microsoft had not attempted to fix it in XP (don't know about Vista and 7) because to do so would have broken a lot of apps.

Actually I don't think the term is banned. We (the CFT) didn't like it being used for a while because it was being used primarily as an insult in arguments between PS3 fans and Xbox 360 fans. Nothing to do with Mac or PC fanboys..

That, I will admit, stinks. I think Apple need to be a little more transparent (and consistant) in their approval standards. But it's worth noting that they aren't the first (and certainly not the largest) phone manufacturer to restrict certain things because the mobile networks say so. That honour goes to Nokia. Having said that, there is no reason (at least on a lot of nokias) that you can't just go and download your own software.

---------- Post added at 21:44 ---------- Previous post was at 21:36 ----------

For the average consumer, this would not be a problem (chances are they wouldn't even have access to exchange). If Apple are going to market the phone as a business phone, however, then they should correct the problem rather than asking you to lower your security to get it to work.

Having said all that, it doesn't affect me. While we are gradually introducing Exchange at work, I personally find it to be crap, so I am fighting to keep my email account on our Unix based IMAP server for as long as possible.

In fairness, it's not exchange that's crap. It's Outlook 2007. How on earth any program can be slow on a Core 2 Duo with 4 gig of Ram and connected to the server via Ethernet (only 100 meg though) is beyond me.

Re: Apple turn iPhone security issue into 'Nothing to see here move along'
 

Agree with that 100%

It's as bad as all those programs (including V Stuff at times) that say 'please turn off X,Y,Z security protection to make our program work' rather than working out how to make it work with the security in place

But the main thing with Apple doing it is they are the first to jump down Microsoft's throat for security issues, yet they make sysadmins change their settings to work with the older iPhones

Re: Apple turn iPhone security issue into 'Nothing to see here move along'
 

http://www.appleinsider.com/articles...ers_grief.html

An interesting article. Not least because it explains the exact problem. It's also worth noting that a *lot* of Windows Mobile phones (specifically all those with OSes earlier than WinMo 6) fail to provide the full security required by exchange.

So, Apple are joined in their action of not providing fully secured access to Microsoft's Exchange on anything but the latest hardware by, er, Microsoft.

Before you all jump down my throat and say it is possible to upgrade to Windows Mobile 6m I'll say this:

It's quite rare that it's possible to legally upgrade windows mobile on your mobile phone. The iPhone can legally be upgraded to the latest iPhone OS, it's just that the earlier models do not have the necessary encryption hardware.

So, to legally upgrade your Windows Mobile 5 (or earlier) phone to Windows Mobile 6 (legally), the chances are, you'd need to change your phone. Much as you would to get the encryption hardware on the iPhone.

I am not defending Apple. Far from it. They should not advertise a phone as having access to exchange and as being ideal for business if people need to lower the security on their exchange server to allow the iPhone to connect.

---------- Post added at 23:11 ---------- Previous post was at 22:57 ----------

Reminds me of something that happened when I first started my current job. I was preparing installations of software for student use, and one major package I support (I honestly can't remember which) was causing problems. I spent nearly an hour on the phone to their tech support line, who, seriously, suggested that we give the students admin rights on the machines where this software was installed. For security reasons, we would not usually consider doing that on a general access machine. In my experience, where we have had to give students admin rights over machines, they've lasted one week before needing a reformat/reinstall.