Reply to Message
You want to what!?
You need a phone "that can log on to a server or my own computer system at my home office..." AND you want to make sure that "flash works on it"? You might want to think about that. What you are carrying is a portable, wireless, and easily hackable entry point to your entire system (if it was set up to do what you are asking for, that is). Seriously, this is the worst case security scenario for you and the business you work for (or own).
Think about it this way:
--First, you want flash, which obviously means that you want to be able to use the phone to view flash content -- a very common attack vector (just google "flash vulnerabilities" and stand back)
--You want to use the phone both on your home network and the network at work. This is already a common IT headache. Your home network is probably less secure than the one at work. This provides for another avenue of attack for a number of reasons: you can more easily be infected by non-targeted mal-ware on your home network (typically); it is usually easier for someone to obtain say, your e-mail password on the home network; I dare say that there will be other non-technical users on your home network... the list goes on. This would normally be just a minor concern for the IT department except...
--YOU WANT ACCESS TO THE SERVER(S) from your phone! The first question is... why? Judging from your comment, I will assume that you are not a sysadmin, so you likely do not want to have remote administrative access from your phone (which, even if it were feasible, would be insane). So what then? Access to a data server? Although it is not always the case (unfortunately), best practices demand as much separation as possible between the data servers and the other servers. It would be bad enough if you had direct access to all of the company data from your desktop at work and then access from your phone via the desktop. But remote access directly from your phone?? Why not just e-mail the data to your competitors to spare them the trouble of taking it off paste-bin.
Look, these are worst case scenarios. But if you are a grandfather, there is a decent chance that you are in some sort of senior position. The more senior the position and the more valuable the data -- the more likely you are to be the victim of a TARGETED attack, which is a huge achilles heel for mobile devices. Don't take my word for it, just check out the results of the 2012 pwn2own mobile contest. Here is a quote from a ZDNET article where Ryan Naraine interviewed the hackers involved: "the big message from these hackers was simple: Do not use your mobile device for *anything* of value, especially for work e-mail or the transfer of sensitive business documents." Not an idle warning, considering that they had just successfully hacked the phones using zero-day exploits.
Finally, as that article and others will reveal, it doesn't make any difference which platform you choose. You will see all sorts of comments in the threads about how much more secure Blackberrys are. People will point out that Obama and government officials use them. But you can bet the farm that there is no sensitive information on them, any more than there would be on their much more secure (relatively) laptops. The only difference is that once it has been exploited, it will take a little more time (the first time around) to get the data from the BB.
So, enjoy your phone but realize what it is really for. We are a long way from the Star Trek future where every device can safely access all the data in the universe without worry (and, ummm, Star Trek is fiction, after all).
By the way, I am not trying to single you out, you just happened to be the first comment I noticed that listed the typical features that folks want and expect from their mobile devices.
Think about it this way:
--First, you want flash, which obviously means that you want to be able to use the phone to view flash content -- a very common attack vector (just google "flash vulnerabilities" and stand back)
--You want to use the phone both on your home network and the network at work. This is already a common IT headache. Your home network is probably less secure than the one at work. This provides for another avenue of attack for a number of reasons: you can more easily be infected by non-targeted mal-ware on your home network (typically); it is usually easier for someone to obtain say, your e-mail password on the home network; I dare say that there will be other non-technical users on your home network... the list goes on. This would normally be just a minor concern for the IT department except...
--YOU WANT ACCESS TO THE SERVER(S) from your phone! The first question is... why? Judging from your comment, I will assume that you are not a sysadmin, so you likely do not want to have remote administrative access from your phone (which, even if it were feasible, would be insane). So what then? Access to a data server? Although it is not always the case (unfortunately), best practices demand as much separation as possible between the data servers and the other servers. It would be bad enough if you had direct access to all of the company data from your desktop at work and then access from your phone via the desktop. But remote access directly from your phone?? Why not just e-mail the data to your competitors to spare them the trouble of taking it off paste-bin.
Look, these are worst case scenarios. But if you are a grandfather, there is a decent chance that you are in some sort of senior position. The more senior the position and the more valuable the data -- the more likely you are to be the victim of a TARGETED attack, which is a huge achilles heel for mobile devices. Don't take my word for it, just check out the results of the 2012 pwn2own mobile contest. Here is a quote from a ZDNET article where Ryan Naraine interviewed the hackers involved: "the big message from these hackers was simple: Do not use your mobile device for *anything* of value, especially for work e-mail or the transfer of sensitive business documents." Not an idle warning, considering that they had just successfully hacked the phones using zero-day exploits.
Finally, as that article and others will reveal, it doesn't make any difference which platform you choose. You will see all sorts of comments in the threads about how much more secure Blackberrys are. People will point out that Obama and government officials use them. But you can bet the farm that there is no sensitive information on them, any more than there would be on their much more secure (relatively) laptops. The only difference is that once it has been exploited, it will take a little more time (the first time around) to get the data from the BB.
So, enjoy your phone but realize what it is really for. We are a long way from the Star Trek future where every device can safely access all the data in the universe without worry (and, ummm, Star Trek is fiction, after all).
By the way, I am not trying to single you out, you just happened to be the first comment I noticed that listed the typical features that folks want and expect from their mobile devices.
Posted by BigWoodchuck
21st Sep
