Security-Protocols

So I ended up getting an iPhone and now I must wait up to 24 hours for my previous phone # to transfer in order for this thing to activate. I was currently with sprintpcs, so I guess this could be why. So I guess the fun will start sometime tomorrow…. Blah.

*** UPDATE #2 ***

Well, its 3:29pm here right now and my iPhone still has not been activated…

*** UPDATE #3 ***

9:17pm here and my iPhone still is not activated!! Apple and AT&T sure did drop the ball on the activation part. Seems they were way to focused on making sure everyone got an iPhone rather than the activation part. I started the activation process at about 12:00pm last night.

*** UPDATE #4 ***

Its 12:57am and my iPhone has finally been activated! What a pain in the ass this has been.

Apple released iTunes version 7.3 today which unfortunately does not address any security issues, but is mainly for the release of the iPhone. iTunes 7.3 also allows you to wirelessly share your photos from any computer to your Apple TV. Below is the official description from Apple on the 7.3 release:

“With iTunes 7.3, you can now activate iPhone service and sync it with your music, TV shows, movies and more. Also, you can now wirelessly share and enjoy your favorite digital photos from any computer in your home with Apple TV.”

This update does not require a reboot.

Below is a guest post from Gretchen Hellman at Voltage Security. This was written for Security-Protocols.com

——–

There’s been a lot of talk about the need for data-centric protection recently. Interestingly enough though, whenever I hear about data-centric protection I also hear data being divided into three categories—data in motion, in use, and at rest. The two notions of data centric protection and securing data at points are completely at odds. If you follow the definition of data-centric protection, it indicates the protection of data at its source rather than in containers and pipes. It would no longer matter if the data is in motion, in use or at rest. It’s simply protected! So then, why are we still talking about the same three categories we’ve been talking about since 1999?

First, it requires a change in thinking. When I look at data-centric protection, I see only two categories: (1) data that is user-controlled, and (2) data that is machine-controlled. User-controlled is important because the way it is accessed is very free-form, and user systems have access to the internet and are difficult to monitor and control. Machine-controlled information requires different protections to ensure that the information can flow seamlessly through them despite the encrypted format.

Getting to the heart of why the industry is still focusing on motion, use and storage as key areas of protection, while simultaneously talking about data-centric protection, is the question. I believe this is because the primary barriers for key management and encryption haven’t yet been solved—at least by the majority of vendors in the industry.

Implementing data-centric protection for the end-user world requires asymmetric key management to be efficient. You all may be thinking, “How can asymmetric key management be efficient?” … especially if you’ve been burned by PKI before. Identity-Based Encryption (IBE) can solve this problem by providing all the benefits of PKI without the headaches. To implement data-centric protection in the end-user world, encryption needs to be enforced based on policies (roles, groups etc.). IBE is designed to do just that in dynamic organizations.

Moving to the next problem. With machine-controlled information, the major barrier to data-centric protection means that you need to redesign all systems to accept encrypted formats. This is a major and often impossible effort. To truly encrypt data at its source and keep it encrypted as it’s collected, transmitted, stored, etc. (regardless of where it resides), I.T. needs to look towards new solutions to the problem, such as Format Preserving Encryption (FPE).

Data-centric protection is a true nirvana and it’s going to take a while to get there. Changing our thinking about the way we look at encryption—user and machine controlled verses containers and pipes—as well as looking towards the key management and encryption techniques that solve the problem, is the first step to actively getting there.

[youtube]gtCJHyFhB48[/youtube]

A post over that Cult of the Mac blog is stating that this weekend was marked at the iPhone’s coming out party for Apple employess. Apparently some Apple employees decided it was a smart idea to take their iPhones out into the world a week early… Nice! Two people had ran into Apple folks breaking out their revolutionary devices in San Francisco on Saturday night.

One works in a retail store and saw the iPhone-bearer pull out the device when he couldn’t remember the name of a book he was looking for. He was very careful not to show the screen. It was a discrete way to show off.

Someone told me not to do it bc he could get in trouble… Well maybe he shouldn’t be flashing it around at a party! I refuse to jock even though it’s a research op.

Im sure the Apple HR and or legal department will be looking for the culprits.

Source: cultofmac.com