iPhones now 'safe' for Restricted UK.gov info, but not Secret UK government departments have a green light to use iPhones and other iOS 6 devices for handling sensitive emails. The move may encourage civil servants and ministers to toss their BlackBerries to the wind, provided they don't have to read anything that's more than mildly important. For years RIM's BlackBerry handsets were the …
I can/can't believe that someone would write something positive/negative about an OS/phone/tablet that I hate/use/have no interest in. Why do/don't these idiots/geniuses/fanbois/fandroids just agree with me and do what I do, which is obviously the best idea? I can see totally/no reason whatssoever why someone might/might not have different requirements to myself.
Please comment using the above form, deleting as applicable.
... they've been genetically altered to be incapable of saying 'Yes' to anything.
The best you'll ever get is "well, I won't set the dogs on you just yet if you choose to store or transmit your sensitive electronic information in that way."
To get this grudging statement on iOS6 means that they've repeatedly put it through the penetration test wringer and were mightily disappointed that it didn't fail for the level of impact (i.e. degree of difficulty of penetration) they've specified.
Yeah, my mother accidentally left her hand luggage at Melbourne airport a few days ago. It contained a passcode-protected iPad running iOS 6. The Australian Federal Police rang her to tell her they had it.
So how did they get her number? They told her they opened a "back door" on the iPad using some special software they've got and then went through her contacts app.
Now if law enforcement can do that then you can bet there's a whole heap of other people out there who can pull off the same trick. Let's hope MPs don't accidentally leave their devices in the cloakroom at some Embassy function, eh?
Footnote: The Feds apparently told her "Apple are very obliging". I'll bet they are!
This post has been deleted by its author
CESG is working so hard on this because MPs keep fapping over new Apple kit and kick up a stink when they're not allow to get their grasping little paws on it.
And you can bet that an iOS6 device that is cleared to IL3 is a long long way away from being fresh out the box.
So you can bet your CEO will still be less than happy to find that his shiny iOS toy doesn't let him download Hentai dress up from the app store.
< Nuclear, which is what the CEO will go when he finds his shiny goodness is still hobbled.
"And you can bet that an iOS6 device that is cleared to IL3 is a long long way away from being fresh out the box."
That'll certainly be the case. What Apple, Google and Microsoft haven't worked out is that security = lockdown (by and large), and lockdown means content blocking. The shiniest of mobiles is as dull as ditch water without content. No matter how big an app store is, it might as well not exist at all if users aren't allowed to install anything.
The problem for the security guys is that lockdown will encourage some users to jailbreak their device to get some fun back, and that's the security measures well and truly screwed.
BB10 looks different. BB Balance separates the user's stuff from the company's stuff - ideal! Shininess and security in a single box.
.. boy oh boy, did you fall for it..
I'll ask you just ONE question: prove it.
Now for some facts:
Silent Circle is a US company. It is spectacularly irrelevant where they have their data - one finger in the US and they're subject to the Patriot Act and other creative coercion as we have become used to from the US.
Their MX record points to somewhere in the US (74.207.233.131, Geolocates to Atlanta).
Their prices versus:
- the amount of people allegedly involved
- the amount of effort involved in developing, maintaining a truly secure service and *prove* it safe
- the amount of lawyering involved for any US company to keep the Feds/NSA and any other 3 letter club out of their business. It simply does not add up *at all*.
Possible conclusions:
- Naive effort
- Honeytrap banking on Phil Zimmermann's name.
I really *hope* I am wrong, but there is just no way I can get the currently available facts to add up to anything I would even remotely invest trust in. I'm literally not buying it..
Silent Circle talks a good game, but there is absolutely no in-depth, independent information about what they're doing, who they're doing it for, or how they're doing it.
"Blind trust" is a thing of the past. If you don't have total control over it, or if the encryption method isn't Open Source, it is not secure. Period.
You're right, but it's not just about the technology used. Wrong place, wrong approach, and, most interestingly, wrong price.
I *know* how expensive it is to do it right, and not because I give it away to lawyers and consultants. Their numbers do not add up in any way that I can work them..
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
