security - page 19

The number of personally-owned iPads, iPhones, and other mobile devices that professionals bring into office is expected to more than double between now and 2014. That means the businesses that have so far been lax about considering or planning an official bring your own device (BYOD) program and/or establishing security policies around BYOD are going to need to play catch up – and they’ll need to get started as soon as possible.

In the continuing saga of Mat Honan’s digital life getting hacked to pieces, Apple has stopped accepting over-the-phone AppleID password resets indefinitely. In a statement today, Apple confirmed that the freeze it put on over-the-phone password change requests last night will remain in effect until tighter security can be implemented on Apple’s end. For now, all AppleID password resets will have to be done online.

Last week, Wired columnist Mat Honan’s digital life was destroyed by hackers who were able to connect to his Apple ID and remotely erase all of the data on his iPhone, iPad, and MacBook.

Apple responded today to Honan via a spokesperson, Natalie Kerris. In a statement to Wired, where Honan posted an account of his experiences, Apple promised to look into how users can protect their data and security better when they need to reset their account passwords.

1Password by AgileBits is a an incredible tool for keeping your data safe. More than just a password manager, 1Password allows you to encrypt and organize a wide range of data (website passwords, non-web digital accounts, credit/debit card numbers and financial account details, software licenses, and files containing confidential information.

Those features are all well and good, but the biggest feature is 1Password’s ability to keep all that data secure in the face of brute force attacks – the kind of attacks where a piece of software simply tries combination after combination of possible passwords. Password cracking software that rely on such attacks can easily try thousands of potential passwords each second.

To find out whether or not 1Password can withstand such attacks, AgileBits tested one 1Password against John the Ripper, one of the most well-known password cracking tools.

In the aftermath of a data breach that it announced this week, Dropbox says that it will begin implementing new security measures. Those measures include new automated techniques for spotting suspicious behavior, a page where you can examine all active logins to your account, password update requirements, and two-factor authentication.

All of those are reasonable steps to take. That Dropbox hasn’t implemented most of those items before is a bit surprising. Only one of those items – two factor authentication – really puts a burden onto Dropbox users, but it could put a very big burden on iOS users and app developers.

The number of companies investing in mobile management and security solutions related to bring your own device (BYOD) programs is growing, but not nearly as fast as the number of companies that are actually offering BYOD to their employees. The result is that many companies are putting themselves and their data at risk by jumping onto the BYOD bandwagon too quickly and without properly securing employee iPhones, iPads, and other devices or the business data that is stored on them.

Mountain Lion includes over 200 new features. Some of them are dramatic and hard to miss while others are minor conveniences that don’t stand out immediately. Many of those big and small new features and improvements have a lot of appeal for business users.

Here’s a list of the many new features in Mountain Lion that can help professionals in almost any industry work smarter, more efficiently, and more effectively.

Many Mountain Lion apps will function normally under Mountain Lion, but many won’t. Of particuar concern are the various utilities that help keep Mac systems secure, scan for viruses and malware, integrate with enterprise systems in businesses and schools, and dianose and repair problems.

These tools often require much deeper integration with OS X than other apps. That means that developers need to ensure they function as intended and don’t damage any documents, files, OS X system components, or other apps. That can sometimes delay releases of key utilities.

Here’s a list of Mac utilities and enterprise tools that have confirmed Mountain Lion Compatibility

Apple’s fight against Russian hacker Alex Borodin, who took advantage of an in-app purchasing exploit to provide users with paid content for free, has paid off. The Cupertino company has developed a fix that will make its debut in iOS 6, which is almost impossible to bypass, according to Borodin.

In putting together the various features of Mountain Lion, Apple may end up encouraging business and enterprise customers to actually make their Macs less secure instead of ratcheting up security as some key Mountain Lion capabilities are intended to do.

There are a handful of technologies involved, but they center around iCloud and Apple’s requirement that apps sold in the Mac App Store support Apple’s application sandboxing technique.

Antivirus software specialist Bitdefender has found that nearly 19% of iOS apps access your address book without your knowledge — or your consent — when you’re using them, and 41% track your location. What’s most concerning is over 40% of them don’t encrypt your data once it has been collected.

That’s all going to change when iOS 6 makes its debut later this year, however.

Email and messaging continue to be core business requirements for mobile professionals. Business messaging can also present a mobile security challenges. Ensuring communications sent over a carrier network or Wi-Fi are secure and only read by intended recipients is sensible for any company. In certain industries, secure messaging is required by law or regulation.

There are a range of ways to ensure secure messaging. One of which is TigerText, a multi-platform solution for secure messaging that meets industry-specific security and privacy require like HIPAA in the healthcare industry or SOX compliance in business/finance. TigerText offers more than just secure texting, however. The platform also includes group messaging and the ability to recall messages after they’ve been sent.

As of today, it also include Dropbox integration. That allows users to not only exchange messages securely, but also to share files securely with some attractive business and security features.

Copying files to a new Mac? Perhaps one of them newfangled MacBook Pros? While most of us use Migration Assistant to move our files from one Mac to a new one, it may not be an option in your particular case. I’ve definitely wanted to move just the bare minimum of files over to a new Mac before, and today’s tip should help with just that.

The Keychain is a place to store passwords and login information, and it’s fairly easy to move your Mac’s Keychain to a new one. Here’s how.

One of the things that can frustrate mobile users when using an iPhone or iPad for work is needing to repeatedly enter passcodes other user account credentials like a user name and password. Often because of a mobile device’s size and virtual keyboard, this process can seem more onerous than it does while using a Mac or PC in the office.

A growing number of apps and mobile management tools are becoming available that make it relatively easy to safely store business data in an encrypted and secure container on an iPhone or iPad. Realizing that security requires verifying a user’s identity when accessing specific apps or content after the device has been unlocked. Advantages to this include significant increases in mobile data security and the ability to wipe just the business data off of a device if it is lost or stolen.

The downside is the need for mobile users to repeatedly enter credentials – a downside that one mobile developer is helping iOS users sidestep

Dice’s monthly report of the IT job market continues to show that developers remain the most in-demand jobs. Fully half of the top ten jobs listed are for various kinds of developers with mobile app development ranking as the second most in-demand skill.

That’s not too surprising all things considered. As we noted this morning, a recent Symantec study notes that 59% of companies are actively working to create mobile versions of their internal line of business. That doesn’t even take into account customer-facing apps, which are more and more seen as a requirement.

Other in-demand development skills include Java, Microsoft .NET, web, and the rather generic software developer. Java stole the number one slot. With one exception, development skills make up the top five skill sets. The one non-developer position was related to data and network security.

It’s getting almost painful to read reports about RIM. The ongoing hype about how great BlackBerry 10 will be mixed with the reports of layoffs, inventory sitting around warehouses, the company’s share price plummeting – it all reminds me of the time one of my high school friends broke her ankle in gym class and hobbled around for nearly half a day trying to convince herself that she’d only sprained it.

Among all that news, however, is a question – can organizations that need incredible security manage in a world without RIM and the manageability made possible by its BlackBerry Enterprise Server (BES)? Is iOS up to that challenge? Is Apple up to or interested in making a major play for the enterprise market?

The bring your own device (BYOD) movement and the broader trend of increased mobile solutions are driving a very ambivalent dialog in most business, schools, and government agencies. On one hand, iPhones, iPads, and other mobile technologies are increasing user productivity and satisfaction (often while improving customer engagement). On the other hand, many devices contain sensitive data and are far from being truly secure.

A handful of studies released over the past few days highlight the often-schizophrenic nature of the discussions taking place in many workplaces – including on experiment that showed 83% of individuals finding a lost corporate smartphone would attempt to access corporate data on it.

You know your product is successful when somebody starts selling accessories for it. But what about when people start selling accessories for accessories, which work together with the original product? This happens: the New iPad Credit Card Dock, a perspex frame which holds both and iPad and a Square credit card reader.

In an effort to create the thinnest, lightest MacBook Pro it has ever released, Apple did away with a number of features that MacBook Pro users have become accustomed to, including the Kensington security lock. That means, of course, that you can no longer secure your $2,800 notebook to a table in Starbucks, and that it could easily be stolen from right under your nose the second you get up to order another cappuccino.

But Maclocks has a solution: the world’s first MacBook Pro security case and lock.

No matter how careful you think you are, there’s always a chance that when you send an e-mail, text message, or make a call on your iPhone, someone could intercept it. For those who are concerned about security on their phones, a new suite of applications called Silent Circle will provide just the peace of mind you need to use your iPhone without worry.

BYOD and ever-increasing mobility are business trends that are forcing many organizations to take a fresh look at security. The idea of employees connecting from home, coffee shops, and even planes has led to an overall increasing awareness of the need to secure remote connections. At the same time, business data residing on the iPhones, iPads, and other mobile devices of those employees is causing the IT industry to take a fresh look at mobile device security.

That is, of course, a good thing. With the focus on mobile security, however, many IT organizations are letting the security and overall design of their core networks to become outdated – and exposing their companies to incredible risks in the process.

Following the Flashback malware scare this spring, Apple is stepping up its focus on security and malware protection in Mountain Lion. The release notes for the latest Mountain Lion developer preview include references to a “new Mountain Lion Security Updates system” that checks for security updates on a daily basis, uses a more secure connection when communicating with Apple’s update servers, and can install required updates automatically when a Mac is restarted.

Based on the release notes for the system, Apple is making the security update process automatic and has designed it to  runs as a system process rather than a user task. Presumably that means it will function without a user logged in or while non-admin users are logged in. All in all, that’s similar to Microsoft’s Windows update feature and a good thing for users.

That doesn’t mean that this setup will be great fit for businesses, schools, and other organizations with large Mac populations.

Apple has increased the security of its fourth OS X Mountain Lion developer preview by introducing a number of new security features that will presumably become part of the software’s public release next month. 

Despite its continuing downward spiral, many IT professionals continue to acknowledge that RIM’s BlackBerry platform — or more accurately its BlackBerry Enterprise Server (BES) — remains the most secure mobile platform on the market. That’s a fact RIM hypes every chance it gets. Usually RIM points out that BES supports over 500 security and management policies. That’s roughly ten times the number of discrete management options that Apple has built into iOS.

While that number sounds impressive, the real difference between BlackBerry management and iOS management isn’t really about the number of policies. In many ways, it isn’t even about what IT can or can’t manage. The real difference is a cultural divide in the way mobile devices and mobile management is perceived.

Many IT departments are under intense pressure to develop and implement a range of mobility initiatives. Those initiatives often span a range of IT disciplines. There’s the effort to develop internal apps, provide access to new and legacy systems from mobile devices like the iPhone and iPad, the need to manage and support users devices as part of BYOD programs, and the need to develop customer-facing solutions like mobile-oriented sites and native apps.

With so many pressures hitting IT organizations at the same, compromises are being made because of tight deadlines and budgets. According to security expert Jeff Williams, that push to get solutions out as quickly as possible may result in solutions that have major security flaws in them.