* Posts by Internet ToughGuy

20 posts • joined 27 Nov 2007

'Heartbleed-based BYOD hack' pwns insurance giant Aviva's iPhones

Internet ToughGuy

Missing the point

There are a few incorrect conclusions drawn here. Moving to BES will not solve anybody's issues. Neither will they be solved by moving to another MDM solution. In this instance, someone obtained administrator credentials, presumably by exploiting the Heartbleed vulnerability. Using the admin credentials, they then accessed the MobileIron server and sent messages and wiped devices.

Let's say for a second that BES had been in place. Hacker obtains admin credentials, and wipes devices. No difference. The problem is the leaking of admin credentials, which were not obtained through the MobileIron system, just used to access it. If the hacker had used the same credentials to delete/reset the mail server, would this article having been blaming Exchange? It seems that the company didn't patch servers for heartbleed, and got hacked, MobileIron was just a tool on the network that got used, but the failure to secure servers is actually the problem here, and replacing MobileIron will do nothing to resolve that.

Internet ToughGuy

nope, it's an admin/password issue. MobileIron wasn't hacked in this case, it was accessed using admin credentials obtained by some other means. MobileIron isn't susceptible to heartbleed.

Internet ToughGuy

Re: Good to know

Comments like this show a readiness to post, and yet no understanding of what MobileIron, or other MDM solution, offer. MDM solutions can wipe devices, partially or fully, without the admin being able to see the data being removed. If I uninstall outlook from your PC, that doesn't mean I can read your email. MobileIron allows admins to see what apps are installed on a device, but not the data within those apps. Certain apps can be pushed/removed, but the data from them is not "extracted", it's just wiped. In this instance, it seems that the hacker used acquired admin credentials (MobileIron has LDAP integration, so it's also possible that these credentials had access to other systems).

The article makes it sound like MobileIron was compromised by the heartbleed vulnerability. MobileIron isn't vulnerable to this. However, like any system, if somebody logs in with administrator credentials, they are free to perform administrative tasks, which can include messages and wiping of devices. If they wanted to access corporate data, this isn't the way to see it. all they did was prevent mobile users from seeing theirs. However, if the credentials they used also had administrative privileges for mail/file servers, that's where their data could be at risk, and this risk is neither enhanced nor hindered by MobileIron or any other MDM being installed onsite. The story here is that admin credentials were compromised and used to wreak havok. the system they accessed is almost irrelevant, and replacing their current MDM solution with another one simply shows that nobody seems to actually understand what happened. The replacement MDM solution will still require admin credentials, and anyone with those credentials will be able to do exactly the same.

Samsung brandishes quad-core Galaxy S5, hopes nobody wants high specs

Internet ToughGuy

Re: Cue the selective amnesia

@jecrawford - you've obviously tried it then? Let's be honest here, if everyone wanted fingerprint readers, the Motorola would have been a success. The fact that fingerprint readers are a must-have after Apple implemented one has nothing to do with Apple's implementation being better (which would imply that everyone had Motorolas and ditched them when the better reader came along). What actually happened is that people who had older iPhones bought newer ones, and then liked their fingerprint reader. Anyone who had an Atrix and then iPhone 5s, please feel free to correct me. Any other downvoters, well, you're just doing your fanboi duty.

Internet ToughGuy

Re: Cue the selective amnesia

so now you're saying that Apple's sensor is better than Samsung's, even though the latter has only just been announced and you've not had a chance to test it (nor do I suspect that you would, unless someone stuck an apple logo on it). Odd that you chose to sign off with a reference to zealots, you maintain that Apple's fingerprint security is a major step forward, even though there are numerous methods posted openly online on how to bypass it. Also, you say that you and at least 50% of people you know didn't bother with a passcode as they were inconvenient. this screams that security was not a priority for you or your ilk, which would play back to the fact that these fingerprint readers are a gimmick.

Internet ToughGuy

Re: Excellent review; but "flaunting"?

I think your downvotes will come from just being wrong. Motorola (on an android phone) released a fingerprint reader back in January 2011. So if someone looks at your "apple did it first" comment and downvote it, it won't be because they are droid zealots, but because you just assume that anything Apple do is something they invented without taking even a second to look up the facts. Apple isn't "teh evil", but they certainly aren't the above-reproach-perfect-jobswasjesus phone that the fans claim they are. SSL=USL?

Internet ToughGuy

Re: Excellent review; but "flaunting"?

"Speed of update is a real strength of IOS" - This vulnerability has been known in many circles for months, and Apple sat on it until they had a fix. It effects IOS 6 as well, so let's not pretend that it just popped up recently, it's likely to have been there for years. For any other vendor, a flaw this gaping would have been a fatal blow. Apple however, have managed to bring out a mobile phone that drops signal when you hold it in your hand, non-secure communications, bypass-able locksreens. There are also emerging reports now that the 7.0.6 update is bricking iPhone 5s and iPad Air models internationally. And despite this, the fanbois will still tell you how fantastic iPhones are, and will automatically vote down any comments that don't praise them. They have a fantastic marketing machine, but speed of updates is simply not one of their strengths.

Internet ToughGuy

Re: Cue the selective amnesia

Oh!! The Irony. Your selective amnesia (although I suspect that as a fanboi you actually just never bothered to look it up and assumed that Apple invent everything they have made) has forgotten the Motorola Atrix released in 2011, long before Apple ever "invented" it, or made their screens bigger, or made their OS look more like Android. Check your footing before taking the high ground.

Internet ToughGuy

Re: Excellent review; but "flaunting"?

"Samsung are now advertising a feature Apple have had for two generations" True, but let's not forget that it's only yesterday that they finally developed SSL that works (on mobile only, still unpatched on OSX) Apple are also taking a lot of credit for a fingerprint scanner, even though Motorola brought one out in January 2011.

In truth, neither Samsung nor apple have innovated significantly in their last few iterations, but I would see the waterproof phone (Sony also announcing similar), NFC, and some of the camera technologies still putting Samsung very far ahead of Apple. IOS also has many failings when it comes to MDM (users can uninstall management unless the phone is put into supervised mode which requires physical connection to device).. Samsung Knox, on the other hand, shows that they are taking business seriously, and the new child-zone container shows advances in use as a personal device.

I'm not saying you were wrong in anything you said, but it's taking a very narrow view of the technologies.

Apple's GOLDEN BLING MOBE still the top selling US handset

Internet ToughGuy

@anon - do you work for Apple marketing, or just swallow everything they say?

The in an effort to justify the bigger screen still being smaller than the majority of phones, they brought out their "size of your thumb" ad, to show how the phone was designed for use with one hand. Oddly enough, every other ad they've ever brought out shows the phone being used with two hands, as people tend to do.

The iPhone 5 might be outselling every other single model of phone, but these figures are skewed by the lack of choice offered by Apple/ abundance of different android models. Android is still outselling IOS, and the gap is increasing year-on-year.

The simple truth is that the brand fans don't care that their phone doesn't have NFC. They will tell you how handy the fingerprint reader is, even though Motorola offered one in their phones in January 2011, and the fans didn't see the need for it then. The fanbois talk about the design elegance. It's not just a slightly stretched iPhone 4 at all, they seem to think. The iPhone 5c looks almost exactly like the Nokia Lumia 620, but the latter didn't carry the all-important apple on the cover.

It's fine if you're an Apple fanboi. But you're trying to convince people that you went out, evaluated everything on the market, and found the phone that had the best weight, the best size, the best features etc, when in all honesty, if Apple released a phone next year that was bigger and heavier, you'd start posting about how flimsy the competition was. If you want to get yourself an iPhone 7 right now, just get the HTC one or the Galaxy s4, and turn off all the good features. Then in a few years, when Apple "invent" swipe-typing, smartstay screens, NFC etc, you can turn them on and get yourself a free upgrade. All you need now is to find yourself a sticker with an Apple logo on it, so you can still gain acceptance amongst your peers.

Dell feels cold probe of US Dept of Justice amid Syria PC sales claims

Internet ToughGuy
Big Brother

Outdated rules

Dell are in trouble for selling to a reseller who in turn sold to the Syrian government. I used to work at Dell, and every year we had to take export compliance training which covered embargoed countries, and additionally told that every sales person has to ask for end user details before proceeding with any order. Even non-sales staff have to take these courses every year. If the reseller lied to Dell about the end destination of the devices, then Dell are in the clear, but if Dell sold to the Syrian government, even through a third party, then they are subject to fines and possibly (although it'll never happen) suspension of their export licence.

Why I think the rules are outdated is that Dell now sell through not just channel partners, but through retail outlets, so Syria could easily have walked into the equivalent of Dixons and picked laptops off the shelves, paid cash, and nobody would be any wiser.

Magpie Apple plunders the competition for cosmetics, as egos run wild

Internet ToughGuy
Thumb Up

Aren't Apple awesome? This new innovative operating system is going to put them years ahead of the competition. I reckon the Android fans are already trying to find petty excuses to slate it because they are so insecure. And just you wait. Apple haven't just invented flat graphics. I reckon over the coming years they'll invent removable batteries, expandable memory, and even invent a bigger screen. They're so innovative that they released the iPhone 5 with a screen just the right size for using with one hand. then they innovated AGAIN, this time releasing their photo advert in which pretty much everyone uses their iPhone 5 with........two hands. How wonderful. Can't wait till they invent NFC either. Oooh, this announcement's got me all excited. I just know 2010's going to be great.

Now even MORE 'interns' make iPhones - Chinese labour watchdog

Internet ToughGuy

Re: So when Applie do respond to El Reg it's to do this.

Yep, remember the faulty antennae in iphone 4? First they said it didn't happen. then they said it did happen but you're holding it wrong. Then Jobs hosted a press conference where he tried to say that it's ok for them to have phones that drop calls, because he found ways you could hold competitors phones that made them under-perform as well. (http://www.youtube.com/watch?v=IorfYuF4gMM)

I'm not saying that other companies don't have to be held accountable, but Apple are responsible for what Apple do, and when they are caught having children contracted to build their equipment, the only acceptable response it to ensure that it stops. Saying that other people employ children does not make it right, and trying to smear their competitor is just a cheap dig to avert their responsibility. If it's already in a newspaper, then it would appear that the competitor is already being investigated by the media. It's not for Apple to lead the charge, especially while their own hands are still dirty.

Yay for iOS 6.1, grey Wi-Fi iPhone bug is fix- AWW, SNAP

Internet ToughGuy

Re: What?

"I'd imagine if the problem was more wide-spread Apple might be working harder to fix it (see Antennagate) doesn't mean it's not an issue, though."

Regarding Antennagate, Apple's first reaction was not to try to fix the issue. It was to deny it. Their second reaction was to tell users that they were holding the phone incorrectly. Their third reaction was to try to tell the world that if you held competitors' phones certain ways that you might have the same problem, so therefore it was ok. After that, they went with bumpers as opposed to re-engineering their faulty products.


So I wouldn't imagine at all that Apple would feel compelled to fix an issue regardless of the sample size. Not having 4g on the iPhone 4 didn't stop the masses flocking, and the utter failure of the iPhone 5 to innovate doesn't seem to have had such a negative impact on sales either. If the consumer will buy the product regardless of the quality and innovation, then there is no incentive for the manufacturer to perfect their model. Just make it shiny and stick the Apple logo on the back, and the cult will buy.

Hey, Apple and Google: Stop trying to wolf the whole mobile pie

Internet ToughGuy

Re: Tripe...

well put. Let's not forget either than IOS is designed to run on one type of hardware, and this led to limitations for IOS apps on the larger screens of the iPhone5, where apps that weren't recoded for the larger screen simply had black bands either side of them to fill in the gaps. That's hardly better, intuitive etc. Andriod has more comprehensive hardware support, higher adoption, and in the more recent versions has introduced features that leave Apple far behind. In my opinion, Apple have not innovated in a few years, and the iPhone5 is just a Galaxy SIII with a smaller screen and all the cool features turned off. And crap maps.

Welder in DIY penis enhancement nut mishap

Internet ToughGuy

Name him

No way a story like this broke without somebody knowing what the guy's name is. And if I'd done it, I know my name would be in the article.

Dell hit by class action over unpaid overtime

Internet ToughGuy
Paris Hilton

Just pay them

I'm surprised they didn't sweep it under the rug and try to settle. I know Dell is on a major cost-reduction mission at the moment, but if work needs doing, then hire people to do the work, or pay those that stay behind to do it.

Paris because she didn't officially get paid for her best work either.

Son of 419 victim contacts El Reg

Internet ToughGuy

What did you expect

The only good things about 419 scams is that they target the greedy. This guy obviously thought he could get paid a hundredfold for nothing, and got caught. I'm sorry his family feel so bad about it, but if you win a lottery you never entered, or try to assist someone doing something you know to be dodgy, then you can't really expect sympathy when it bites you.

I wouldn't park there, mate - Honda adds sat nav warnings

Internet ToughGuy

@ Ralph B

Honda's are prime targets for theft because their owners abandon them to steal more expensive models.

Blu-ray discs outsell HD DVDs almost 3:1 in Europe

Internet ToughGuy

Skewed Figures

I find that HD-DVD's are harder to find, but would certainly buy more if I could get them. Frequently I visit video stores that "have decided not to stock HD-DVD". This isn't a battle that is being won by consumer choice, rather by deals that were negotiated before the formats were released, and manipulation of supply chains. The only true way to measure the popularity of either format is to measure the sales by format of those movies that have been released in both Blu-ray and HD-DVD.


Biting the hand that feeds IT © 1998–2021