[Superfly_FR]

It is NOT a security flaw. It is a setting. You can make it so you can't access Siri if the passcode lock is on.
Why do people not understand this?

Because people who are concerned by privacy and security don't understand why this setting can be on by default. That, you'll never make me agree with. Also because it's user-defined and not administrator (remotely) controlled.

Security is the point RIM cannot be beaten, and AppWorld "pro" and BES Cloud services (that will be privately hosted, not spread over the world) is a key figure of how deliver private apps, CPU power (with 100% operational and compatible software) and highly secure storage. I give you a little of Balance to finish ? No, you're certainly aware of that, too ... and I'ts time (01:21 AM) for me to go to bed.

[hornlovah]

From what I recall, BB isn't above the law neither. The London riot arrests were made because police were asked and were allowed to tap into BBM for evidence to make arrests.

That wasn’t a jab at Apple, the data sharing problem mentioned in the original article is not unique to them. You can only imagine the amount of confidential information stored on cloud services like Google, Dropbox ...etc. My point was that informed businesses will choose a storage method that maximizes the privacy and security of their data in whatever jurisdictions they operate. In the United States, data storage providers don’t even have to notify you if the authorities ask for your old data. If a company’s data is stored on a secure server, under lock and key, then the authorities would presumably need to establish probable cause and obtain a warrant. It’s not a matter of being "above the law" or attempting to hide nefarious activity. It’s about guarding intellectual property and ensuring that all legal requirements are met before data is compromised.

[avt123]

Because people who are concerned by privacy and security don't understand why this setting can be on by default. That, you'll never make me agree with. Also because it's user-defined and not administrator (remotely) controlled.

Because it is a convenience option. If you don't want to unlock your device just to use Siri, you don't have to. If you want to make sure it require a passcode to use, you can.

Password protection isn't on by default as well (on any device). You have to go in and enable that. It is one extra step you have to take to make your device more secure. If security was such a major instant concern, password protection would be required by default.

I don't need to convince you of anything. People are over reacting. Just turn off the setting. Complaining about it isn't going to do **** because you have the option to disable it. Do you not look through the settings when you use a device?

This will only effect those who do not pay attention, and I would wager that most people do NOT password lock their device. For those that do, they are more than likely going to search through other options to make their device more secure as well. Like turning of location sharing within certain apps.

Once again, this is for convenience. You don't want convenience, turn it off. Better yet, just turn Siri off all together. You have the option. No one is forcing you to stick with the default option.

Security is the point RIM cannot be beaten, and AppWorld "pro" and BES Cloud services (that will be privately hosted, not spread over the world) is a key figure of how deliver private apps, CPU power (with 100% operational and compatible software) and highly secure storage. I give you a little of Balance to finish ? No, you're certainly aware of that, too ... and I'ts time (01:21 AM) for me to go to bed.

We'll see. Another user already posted in a different thread that they are in the process of FIPS approving the iPad, and the iPhones will be soon to follow that. Any half way decent IT department will make sure that option is off. If not, you have a bunch of morons managing your data.

[bobauckland]

We'll see. Another user already posted in a different thread that they are in the process of FIPS approving the iPad, and the iPhones will be soon to follow that. Any half way decent IT department will make sure that option is off. If not, you have a bunch of morons managing your data.

We will indeed see. One user posting it on a public forum does not make it true, else my Playbook would have a genie pop out of it when I swipe from bezel to bezel and my phone would already have BBX on it.
I very much doubt the standard issue iDevices will be FIPS approved in their current state.

[qbnkelt]

Make that two users posting that it is undergoing FIPS certification. It has, for years. It's been close before but there have always been impediments.
Apple is really wanting into the secure environment, behind firewalls. They will comply. In doing so there will have to be a new "flavour" of iOS that will allow for its introduction behind firewalls as something more than sandboxed projects, of which there are instances.

Now, that said....BES provides a level of security that is not yet matched by anything that iOS is providing. e-discovery on BES is nearly iron clad, while it's flawed on exchange. It's not about active sync, it's about preservation of evidence and not having the target of an investigation being able to hide files to thwart efforts. It is about the synchronicity of mobile and network communications and the ability to gain access and control of such communications without the possibility of tampering.

[avt123]

We will indeed see. One user posting it on a public forum does not make it true, else my Playbook would have a genie pop out of it when I swipe from bezel to bezel and my phone would already have BBX on it.
I very much doubt the standard issue iDevices will be FIPS approved in their current state.

We will see. I never said that made it true, but it has been said multiple times now from people who work in government positions. I am sure Apple has a special version of iOS they have whipped up for testing. Time will tell, and I think at this point in the game, that time will be coming soon.

[Skeevecr]

Someone said some guy with 4000 or so posts doesn't even belong here....I was like if that's me I appreciate the shout out...damn fools don't even recognize we were on CB before they knew what a BB was...

If somebody has moved onto another type of device, but keep coming back here just to try and annoy current bb owners then it is perfectly reasonable for people to question why you are still on this forum and that has nothing to do with post count which is an idiotic measure of whether or not somebody should be on a forum.

[Skeevecr]

We will see. I never said that made it true, but it has been said multiple times now from people who work in government positions. I am sure Apple has a special version of iOS they have whipped up for testing. Time will tell, and I think at this point in the game, that time will be coming soon.

One issue with any FIPS approved version of ios is that it will come as a shock to the system when people are not able to do many of the things they consider standard on an iphone because it has had to be locked down.

[avt123]

One issue with any FIPS approved version of ios is that it will come as a shock to the system when people are not able to do many of the things they consider standard on an iphone because it has had to be locked down.

Agreed. I doubt most of the users who want it are even considering that.

[Superfly_FR]

Because it is a convenience option. If you don't want to unlock your device just to use Siri, you don't have to. If you want to make sure it require a passcode to use, you can.

Password protection isn't on by default as well (on any device). You have to go in and enable that. It is one extra step you have to take to make your device more secure. If security was such a major instant concern, password protection would be required by default.

I don't need to convince you of anything. People are over reacting. Just turn off the setting. Complaining about it isn't going to do **** because you have the option to disable it. Do you not look through the settings when you use a device?

This will only effect those who do not pay attention, and I would wager that most people do NOT password lock their device. For those that do, they are more than likely going to search through other options to make their device more secure as well. Like turning of location sharing within certain apps.

Once again, this is for convenience. You don't want convenience, turn it off. Better yet, just turn Siri off all together. You have the option. No one is forcing you to stick with the default option.



We'll see. Another user already posted in a different thread that they are in the process of FIPS approving the iPad, and the iPhones will be soon to follow that. Any half way decent IT department will make sure that option is off. If not, you have a bunch of morons managing your data.

I've got your point. But, sorry for designing one user group, most Apple users are quite hermetic to whatever is called parameters (and don't even talk about technique). This is where the flaw is ... they press one button, but don't have a tiny idea of what really appends. Not their fault, I don't even blame them.

[qbnkelt]

One issue with any FIPS approved version of ios is that it will come as a shock to the system when people are not able to do many of the things they consider standard on an iphone because it has had to be locked down.

This is so very true. To get it approved, there would have to be, above anything, no possible way to jailbreak. This would immediately render it less appealing to those who love to mod their phones. FIPS approval would mean compliance with a set standard - hardening, if you will - and this will fly in the face of the customisation folks love.
Devices that are FIPS certified cannot have any downloads, themes, music, third party apps.
So....it will be an iPhone lacking many the features that people love. It will be interesting to see the concessions that Apple will have to make to achieve certification. Because in a fight between Apple and FIPS, Apple will have to comply or not be certified at all.

[Tre Lawrence]

This is so very true. To get it approved, there would have to be, above anything, no possible way to jailbreak. This would immediately render it less appealing to those who love to mod their phones. FIPS approval would mean compliance with a set standard - hardening, if you will - and this will fly in the face of the customisation folks love.
Devices that are FIPS certified cannot have any downloads, themes, music, third party apps.
So....it will be an iPhone lacking many the features that people love. It will be interesting to see the concessions that Apple will have to make to achieve certification. Because in a fight between Apple and FIPS, Apple will have to comply or not be certified at all.

Here the rub... the iPhone has done well as a consumer device. Will a locked down iPhone pull away more Enterprise customers who, arguably, are used to locked-down devices?

[lnichols]

This is so very true. To get it approved, there would have to be, above anything, no possible way to jailbreak. This would immediately render it less appealing to those who love to mod their phones. FIPS approval would mean compliance with a set standard - hardening, if you will - and this will fly in the face of the customisation folks love.
Devices that are FIPS certified cannot have any downloads, themes, music, third party apps.
So....it will be an iPhone lacking many the features that people love. It will be interesting to see the concessions that Apple will have to make to achieve certification. Because in a fight between Apple and FIPS, Apple will have to comply or not be certified at all.

I agree that people won't like a locked down iPad as much as a COTS iPad if it is missing a lot of standard features. However, the Playbook is FIPS approved and has relatively no business apps, and no native e-mail/PIM or exchange integration at this point without the bridge. Also I think that if you have a FIPS approved iPad that is locked down, and a FIPS approved Playbook, then more organizations will go with the iPad because of the reputation of ease of app development and that it is so simple to use. I prefer the Playbook to the iPad, but I know that high level positions in government are wanting iPads badly. RIM needs to pull their head out of somewhere and start throwing mass amounts of money at the OS2.0 and BBX development and get the stuff to market. People are sick of hearing it is coming and the competition isn't standing still.

[Tre Lawrence]

I agree that people won't like a locked down iPad as much as a COTS iPad if it is missing a lot of standard features. However, the Playbook is FIPS approved and has relatively no business apps, and no native e-mail/PIM or exchange integration at this point without the bridge. Also I think that if you have a FIPS approved iPad that is locked down, and a FIPS approved Playbook, then more organizations will go with the iPad because of the reputation of ease of app development and that it is so simple to use. I prefer the Playbook to the iPad, but I know that high level positions in government are wanting iPads badly. RIM needs to pull their head out of somewhere and start throwing mass amounts of money at the OS2.0 and BBX development and get the stuff to market. People are sick of hearing it is coming and the competition isn't standing still.

This is what I suspect may happen.

Dunno how you fix that.

[qbnkelt]

Here the rub... the iPhone has done well as a consumer device. Will a locked down iPhone pull away more Enterprise customers who, arguably, are used to locked-down devices?

Yup...that is the rub. The iPhone has done well in part because of the availability of apps. That will be lost, to an extent. Will the Enterprise customers who want an iPhone be OK with an "iPhone light" kind of device?
It will be interesting to see the response. It will also depend greatly on what remains on the devices from the usual "normal" iPhone that has taken over the world.
Personally, I would prefer the BB. But that's because I genuinely love the platform. I'll see how I feel after I get my iP4S.

[qbnkelt]

I agree that people won't like a locked down iPad as much as a COTS iPad if it is missing a lot of standard features. However, the Playbook is FIPS approved and has relatively no business apps, and no native e-mail/PIM or exchange integration at this point without the bridge. Also I think that if you have a FIPS approved iPad that is locked down, and a FIPS approved Playbook, then more organizations will go with the iPad because of the reputation of ease of app development and that it is so simple to use. I prefer the Playbook to the iPad, but I know that high level positions in government are wanting iPads badly. RIM needs to pull their head out of somewhere and start throwing mass amounts of money at the OS2.0 and BBX development and get the stuff to market. People are sick of hearing it is coming and the competition isn't standing still.

I very much agree with you. There is an aura around the iPad that is hard to beat. It will be interesting to see how the secure community reacts.

[hornlovah]

Bruce Schneier explains what FIPS 140-2 certification actually means here: FIPS 140-2 Level 2 Certified USB Memory Stick Cracked.

The problem is that no one really understands what a FIPS 140-2 certification means. Instead, they think something like: "This crypto thingy is certified, so it must be secure." In fact, FIPS 140-2 Level 2 certification only means that certain good algorithms are used, and that there is some level of tamper resistance and tamper evidence. Marketing departments of security take advantage of this confusion -- it's not only FIPS 140, it's all the security standards -- and encourage their customers to equate conformance to the standard with security.

I agree that Apple should prevent jailbreaking in order to obtain FIPS certification, but FIPS 140-2 requirements will not impede the installation of apps, downloads �etc. The cryptographic modules in our BlackBerry phones and Playbooks are all FIPS 140-2 certified. I�m certainly no crypto expert, but I�m willing to bet that the Cryptographic Key Management requirements of 140-2 are hindering the Apple�s certification process. Hackers/researchers have obtained and exploited Apple�s cryptographic keys in so many different ways.

As far as jailbreaking is concerned, hackers have already discovered that the iPad2 and iPhone 4s share the same version bootrom. Tick tock, tick tock�

[lnichols]

This is what I suspect may happen.

Dunno how you fix that.

Well for starters you don't put Mike L, who has the charisma of a sheet of dry rock, up on stage at DevCon to host the bad informercial that was the keynote this year. Secondly you don't let Jimmy B., who is worse than a used car salesman, say a word cause he'll just state unrealistic times/features etc. that RIM can't deliver on.

The new platform looks like it will be much easier and more flexible to develop for than either iOS or Android. The issue is that it isn't here, and no one knows when it will be here. The Playbook doesn't have anything needed to allow it to properly connect to and work in the Enterprise environment. So you basically have a FIPS approved media consumption device. They have to get the platform out ASAP and fully functional with BES and get at least a few key apps for corporations on it and then they need to prove how their platform is more powerful, and easier to develop for than the competition. Some people on here say that they'd rather RIM take their time and get it right, but guess what, you can both get it here and get it right if you have a competent, and focused group working on things. Unfortunately it appears that RIM is neither competent or focused at this point. Prove me wrong RIM!

[bobauckland]

Here the rub... the iPhone has done well as a consumer device. Will a locked down iPhone pull away more Enterprise customers who, arguably, are used to locked-down devices?

This is the issue. The iPad will have to be significantly locked down to get certain certifications, and once this is done, youre left with a very different device to what people may expect. I have a feeling people wont be clambering to have glass bricks that do not very much apart from the basic stuff, and that too not very well, for example typing on a keyboard vs a touchscreen.
I mean most of the people who have Berries from work have BES policies that have them locked down so you cant get apps like BerryBuzz on and enable a lot of very useful functionality, and if you offer IT heads the option to lock down iDevices in the same manner, Im sure they will go as strict as possible.