Thread: Apple turn iPhone security issue into 'Nothing to see here move along'
View Single Post
Old 17-09-2009, 23:11   #12
Stuart
-
 
Stuart's Avatar
 
Join Date: Jun 2003
Location: Somewhere
Services: Virgin for TV and Internet, BT for phone
Posts: 26,546
Stuart has a lot of silver blingStuart has a lot of silver blingStuart has a lot of silver blingStuart has a lot of silver blingStuart has a lot of silver bling
Stuart has a lot of silver blingStuart has a lot of silver blingStuart has a lot of silver blingStuart has a lot of silver blingStuart has a lot of silver blingStuart has a lot of silver blingStuart has a lot of silver blingStuart has a lot of silver bling
Re: Apple turn iPhone security issue into 'Nothing to see here move along'
Quote:
Originally Posted by BenMcr View Post
http://news.cnet.com/8301-13579_3-10354209-37.html

So this issue originally was:

iPhone OS 3.0 did not identify itself properly to Exchange 2007 on any iPhone. This means that if you had a 3G and Exchange 2007 was configured to require hardware encryption, you could still login, even though the device does not have hardware encryption.

Apple's response to the fact that all previous iPhones were essentially breaking the security of any company using them:

"iPhone OS 3.1 is working properly with Exchange Server 2007," Apple representative Natalie Harrison told CNET News. "We added device encryption information to the data that can be managed by IT administrators using Exchange Server 2007. The policy of whether to support iPhone 3G, in addition to iPhone 3GS, which always has on-device encryption, on Exchange Server 2007 is set by the administrator and can be changed at any time."

The only way to continue to use the older iPhones - which were sold with 'Exchange support' - is to turn off the hardware encryption rule for those devices.

I'm pretty sure if this was any other company then people would be down on them like a ton of bricks
http://www.appleinsider.com/articles...ers_grief.html

An interesting article. Not least because it explains the exact problem. It's also worth noting that a *lot* of Windows Mobile phones (specifically all those with OSes earlier than WinMo 6) fail to provide the full security required by exchange.

So, Apple are joined in their action of not providing fully secured access to Microsoft's Exchange on anything but the latest hardware by, er, Microsoft.

Before you all jump down my throat and say it is possible to upgrade to Windows Mobile 6m I'll say this:

It's quite rare that it's possible to legally upgrade windows mobile on your mobile phone. The iPhone can legally be upgraded to the latest iPhone OS, it's just that the earlier models do not have the necessary encryption hardware.

So, to legally upgrade your Windows Mobile 5 (or earlier) phone to Windows Mobile 6 (legally), the chances are, you'd need to change your phone. Much as you would to get the encryption hardware on the iPhone.

I am not defending Apple. Far from it. They should not advertise a phone as having access to exchange and as being ideal for business if people need to lower the security on their exchange server to allow the iPhone to connect.

---------- Post added at 23:11 ---------- Previous post was at 22:57 ----------

Quote:
Originally Posted by BenMcr View Post
Agree with that 100%

It's as bad as all those programs (including V Stuff at times) that say 'please turn off X,Y,Z security protection to make our program work' rather than working out how to make it work with the security in place
Reminds me of something that happened when I first started my current job. I was preparing installations of software for student use, and one major package I support (I honestly can't remember which) was causing problems. I spent nearly an hour on the phone to their tech support line, who, seriously, suggested that we give the students admin rights on the machines where this software was installed. For security reasons, we would not usually consider doing that on a general access machine. In my experience, where we have had to give students admin rights over machines, they've lasted one week before needing a reformat/reinstall.
Stuart is offline   Reply With Quote