Data on phones.
Barringtonia
25-09-2008, 03:20
I thought this was quite interesting...
It's almost impossible for the average person to wipe a mobile phone clean: unlike a PC, which has an open architecture, mobile phones are closed books in terms of where data resides. "It has taken us over a year to get talks going with Nokia that now allows us to wipe their phones," says Jon Godfrey, director of Sims Lifecycle Services, which recycles mobiles. "We have to go through a different process with each manufacturer. To wipe it, you have to be able to access all the memory – and manufacturers don't want you to do that for all sorts of commercial reasons."
So?
Yet every six months 63,000 phones and around 6,000 PDAs are left in cabs in London alone. At Heathrow airport, 10 phones are handed in every day; one in four has no security and can be turned on by staff. Furthermore, the security of the data on those devices is the responsibility of the person who put it on the phone. It is not illegal to read it; it is up to you to protect it.
I'd never really thought about the data on my phone...
Just how personal those relationships can be was shown by one BlackBerry recovered in Australia. It revealed that its owner, a businessman, lived in an upmarket part of Sydney. It also contained the details of his various businesses, including bids and contracts under negotiations, uncomplimentary comments about employees, an extensive list of contacts and a complete log of phone calls and diary commitments. It even held extensive and lurid exchanges between the man and a woman he was conducting a clandestine affair with.
"The point of this work is really to bring that across to people the risks that mobile phones present to their personal data." Of the devices in the survey, 7% had enough personal data on them for the individual concerned to have their identity stolen, and 7% would have allowed a corporate fraud to have taken place. Another 2% still had Sim cards in them, while 27% of the BlackBerrys in the survey had company data and 16% carried personal information.
Most of the phones from recycling companies are destined for Africa and Asia - areas that are rapidly gaining a reputation for ID theft. Do you know where your last mobile phone is now? And whether it was wiped clean before you got rid of it?
Are we becoming increasingly careless through technology, or at least ignorant of the dangers?
H N Fiddlebottoms VIII
25-09-2008, 03:22
Whenever I'm done with a phone, I hit it with an axe. And then a sledgehammer. And then back with the axe. Then the sledgehammer again. Axe. Hammer. Axe. Hammer. Axe. Penis. Axe.
Let's see someone get my identity off that!
EDIT: "Done with" means, "permanently, as in I have moved to a new phone." I don't do this every time I hang up a phone.
Zombie PotatoHeads
25-09-2008, 03:25
one of the reasons I've held off getting a superduper iphone (or similar) is the fact it combines everything. So if I lose it, not only would I lose my phone + all my contacts, I'd also lose my mp3 player, camera and anything else I'd stored on it.
That, and my current phone lost two buttons recently. I figured this was prob delibrate use of low quality glue on Nokia's part to force a person into upgrading. So I'm not on principal. The two Motorolas I had previous both failed from the battery charger connection. I don't think that's a coincidence.
Barringtonia
25-09-2008, 03:26
Whenever I'm done with a phone, I hit it with an axe. And then a sledgehammer. And then back with the axe. Then the sledgehammer again. Axe. Hammer. Axe. Hammer. Axe. Penis. Axe.
Let's see someone get my identity off that!
EDIT: "Done with" means, "permanently, as in I have moved to a new phone." I don't do this every time I hang up a phone.
Ah ha, we now have your penis imprint!
Also, poll question meant to say - do you care?
Not - do you are?
That would be stupid.
I haven't lost a phone. Or given one away.
I also don't handle business transactions through my phone. That's just stupid. I wouldn't so much as open my bank's webpage on my phone, much less access my account, assuming I could surf the net on it.
Barringtonia
25-09-2008, 03:34
I haven't lost a phone. Or given one away.
I also don't handle business transactions through my phone. That's just stupid. I wouldn't so much as open my bank's webpage on my phone, much less access my account, assuming I could surf the net on it.
Well you're quite the superstar aren't you?
Well you're quite the superstar aren't you?
Turns out I'm actually David Hasselhoff.
H N Fiddlebottoms VIII
25-09-2008, 03:42
Ah ha, we now have your penis imprint!
There is only one solution, and it involves my axe and sledgehammer.
Not - do you are?
That would be stupid.
But I do are, I are very much.
How hard can it be to wipe one? Put it between a couple neodymium magnets.
How hard can it be to wipe one? Put it between a couple neodymium magnets.
The problem is that anything you can do to wipe a phone without going to the manufacturer is going to destroy the phone, so you can't wipe it, say, every day for users who use it for sensitive information, or less often for those who just want to be safer. Unlike a computer, which you can re-format as often as you want and it still runs. Granted, with the right equipment you can still pull information off the HDD, but it's significantly more difficult.
Barringtonia
25-09-2008, 03:52
Turns out I'm actually David Hasselhoff.
I think it's called Hoffbook, a version of Facebook created by, owned by and featuring, well yourself I suppose - stop doing it, the Hoff fad ended in '01.
There is only one solution, and it involves my axe and sledgehammer.
I think if you check the label on that axe it says 'Do not use in conjunction with penis', one of those labels but seems they really do have their uses for some people.
How hard can it be to wipe one? Put it between a couple neodymium magnets.
I love these answers - hey, how hard it is to lineup the ESPOS satellites at a corresponding angle of 45 degrees, hack into the NASA database and centrifuge the solar panels to create a dioxytin ray that wipes the hard drive?
Umm...
I think it's called Hoffbook, a version of Facebook created by, owned by and featuring, well yourself I suppose - stop doing it, the Hoff fad ended in '01.
You're hassling the Hoff. Don't hassle the Hoff.
I think if you check the label on that axe it says 'Do not use in conjunction with penis', one of those labels but seems they really do have their uses for some people.
Swedish chainsaw: Do not attempt to stop chain with hands or genitals.
I love these answers - hey, how hard it is to lineup the ESPOS satellites at a corresponding angle of 45 degrees, hack into the NASA database and centrifuge the solar panels to create a dioxytin ray that wipes the hard drive?
Umm...
That would be effective. And impressive.
Barringtonia
25-09-2008, 04:05
Hey, you're hassling the Hoff. Don't hassle the Hoff.
His name would be better if he dropped the H and added an 'ho' in the middle.
Swedish chainsaw: Do not attempt to stop chain with hands or genitals.
Well quite.
That would be effective. And impressive.
...and with a little luck, it might just work.
His name would be better if he dropped the H and added an 'ho' in the middle.
I will consider making those changes...
I will also consider sicking KITT on you.
UpwardThrust
25-09-2008, 04:11
I thought this was quite interesting...
So?
I'd never really thought about the data on my phone...
Are we becoming increasingly careless through technology, or at least ignorant of the dangers?
I disagree with some of the direction this goes there ARE ways to clear much of the personal data on the phones (at least some)
For example windows mobile phones can have a forced password policy applied that will wipe the phone after a set number of bad password attempts (this is primarily exchange data ... which is common)
They also have a way to force a clear of all exchange data from the exchange server on next phone sync
While I am sure a lot of standard phones are pretty much black boxes a lot of areas there is at least SOME control over sensitive data, we have had to do it a few times
Barringtonia
25-09-2008, 04:13
I will consider making those changes...
I will also consider sicking KITT on you.
*dusts off KARR*
Bring it.
Honestly, the reason why I call the business guy an idiot is because most businesses will issue you a business phone, which, presumably, if they're intelligent, they've contracted with the phone company and manufacturer to be more secure. I know a lot of businesses issue business laptops and forbid you from doing any business on any computer other than your office computer or the laptop they give you.
UpwardThrust
25-09-2008, 14:11
Honestly, the reason why I call the business guy an idiot is because most businesses will issue you a business phone, which, presumably, if they're intelligent, they've contracted with the phone company and manufacturer to be more secure. I know a lot of businesses issue business laptops and forbid you from doing any business on any computer other than your office computer or the laptop they give you.
How would the phone company make it more secure?
I mean we as an IT company ensure things like password policy (with the exchange wipe feature) is enabled. And that we use certificate based encrypted channels for all email data
But I am not entirely sure what more the cell phone company can/will do to make it more secure
UpwardThrust
25-09-2008, 14:13
The problem is that anything you can do to wipe a phone without going to the manufacturer is going to destroy the phone, so you can't wipe it, say, every day for users who use it for sensitive information, or less often for those who just want to be safer. Unlike a computer, which you can re-format as often as you want and it still runs. Granted, with the right equipment you can still pull information off the HDD, but it's significantly more difficult.
Flashed based memory can be formatted without being recoverable ... sensitive information at least in the exchange and active sync world can be stored on your flash based memory which can be regularly formated
At least with windows based mobiles
UpwardThrust
25-09-2008, 14:14
How hard can it be to wipe one? Put it between a couple neodymium magnets.
Non magnetic storage ... that will not work
Roone bodimon
25-09-2008, 17:28
turns out my phone is a piece-o-crap tracfone from wall-mart, all it can do is txt and make calls
yay?
and i also hit my phone with my penis...to turn it off
Rubiconic Crossings
25-09-2008, 17:49
Turns out I'm actually David Hasselhoff.
http://img.photobucket.com/albums/v427/vonbek/waterhoff.gif
Dude...really....
Rubiconic Crossings
25-09-2008, 17:54
How would the phone company make it more secure?
I mean we as an IT company ensure things like password policy (with the exchange wipe feature) is enabled. And that we use certificate based encrypted channels for all email data
But I am not entirely sure what more the cell phone company can/will do to make it more secure
Depends on the phone as well...
I just splurged on a Nokia E90 and the first thing I put on was f-secure mobile firewall.
/this part pissed me off though..
After I had turned off Bluetooth, WLAN scanning and Mobile internet access off...all of which were on by default http://img.photobucket.com/albums/v427/vonbek/tard.gif
UpwardThrust
25-09-2008, 19:17
Depends on the phone as well...
I just splurged on a Nokia E90 and the first thing I put on was f-secure mobile firewall.
/this part pissed me off though..
After I had turned off Bluetooth, WLAN scanning and Mobile internet access off...all of which were on by default http://img.photobucket.com/albums/v427/vonbek/tard.gif
I had a HTC Dash and a HTC mogul and they both had all but mobile internet disabled
Which I wanted enabled anyways ... (the dash was mobile 5 mogule 6.1)
http://img.photobucket.com/albums/v427/vonbek/waterhoff.gif
Dude...really....
What can I say? I'm pretty bad ass.
Rubiconic Crossings
25-09-2008, 20:44
I had a HTC Dash and a HTC mogul and they both had all but mobile internet disabled
Which I wanted enabled anyways ... (the dash was mobile 5 mogule 6.1)
Yeah I've got a crackberry for work...its ruling my life at the moment
That mogul device looks pretty neat...
My beef is that by default my phone security is at risk. It is not going to be long before we see more attacks on mobile devices...
UpwardThrust
25-09-2008, 20:59
Yeah I've got a crackberry for work...its ruling my life at the moment
That mogul device looks pretty neat...
My beef is that by default my phone security is at risk. It is not going to be long before we see more attacks on mobile devices...
Not a big fan of blackberry ... having to have Blackbery enterprise server to sync with exchange effectively is a big downer and a hell of an expense for small to medium companies
More a windows mobile fan myself
And do like the mogul ... specially cause it is free :)
put a goddamn lock on your goddamn phone then
UpwardThrust
25-09-2008, 22:21
put a goddamn lock on your goddamn phone then
And this prevents any serious threat to data security how? I mean sure your personal cell fine it does alright but with the idea of email syncing with phones and the like the risk shoots through the roof ... its no longer simply your data but could be hundreds of peoples personal data
A 4 digit all number built in password protection scheme pails in comparison
Rubiconic Crossings
25-09-2008, 22:24
Not a big fan of blackberry ... having to have Blackbery enterprise server to sync with exchange effectively is a big downer and a hell of an expense for small to medium companies
More a windows mobile fan myself
And do like the mogul ... specially cause it is free :)
I hate the blackberry...well the model I have anyway...its a nightmare when you need to reply to a customer and you are typing a long email with your thumbs.
yuck
UpwardThrust
25-09-2008, 22:30
I hate the blackberry...well the model I have anyway...its a nightmare when you need to reply to a customer and you are typing a long email with your thumbs.
yuck
The dash was alright ... and if you have access to a blackbery enterprise server they can be powerful tools (dont know bout your model)
But it is 2999 a server (with only 1 licence) or 3999 with 20 licences.
And licences cost about 100 per user
Rubiconic Crossings
26-09-2008, 19:25
The dash was alright ... and if you have access to a blackbery enterprise server they can be powerful tools (dont know bout your model)
But it is 2999 a server (with only 1 licence) or 3999 with 20 licences.
And licences cost about 100 per user
yeah its a full on enterprise system....but I am not doing infrastructure stuff like that anymore...I'm on post sales support...so I have no idea what the set up is.
Still on the plus side I've been tasked to work with our IT dept to secure our support infrastructure which is cool :)
So I'm basically looking for hot/cold sites for DR and lots of resilience for BCS...
anyway back to the phones...how do you get those phones? are they contract or do you buy it and pay as you go?
I'd never really thought about the data on my phone...
Are we becoming increasingly careless through technology, or at least ignorant of the dangers?
I have. which is why I still have my old cell phones. and the only way I get rid of them is by taking them apart and smashing each board and chip then running them through a bulk eraser (thank you dad!)
UpwardThrust
26-09-2008, 19:52
yeah its a full on enterprise system....but I am not doing infrastructure stuff like that anymore...I'm on post sales support...so I have no idea what the set up is.
Still on the plus side I've been tasked to work with our IT dept to secure our support infrastructure which is cool :)
So I'm basically looking for hot/cold sites for DR and lots of resilience for BCS...
anyway back to the phones...how do you get those phones? are they contract or do you buy it and pay as you go?
Ok as this is my area of specialty I cant resist a slight asside
If you are looking at some SERIOUS high availability if you combine a high availability Vmware ESX cluster (vmotion can move the virtual servers between the host on failure or load based conciderations) with them hosted on something like an ISCSI SANS you would be able to live Vmotion a virtual to an off site live COLO ON THE FLY ... meaning t he servers would stay up as they transitioned between locations any distance apart
We do that now ... 200 virtual servers can migrate to our secondary rack located 64 miles away from us in under 10 min and run live from there for as long as necessary
Pretty sweet technology (ok thats as much as I will go into it but if you have questions I would be happy to explain some of the tricks to make it work right)
As for the phones work contract they simply buy the phone and give it to me and pay for it :)
Rubiconic Crossings
26-09-2008, 19:59
Ok as this is my area of specialty I cant resist a slight asside
If you are looking at some SERIOUS high availability if you combine a high availability Vmware ESX cluster (vmotion can move the virtual servers between the host on failure or load based conciderations) with them hosted on something like an ISCSI SANS you would be able to live Vmotion a virtual to an off site live COLO ON THE FLY ... meaning t he servers would stay up as they transitioned between locations any distance apart
We do that now ... 200 virtual servers can migrate to our secondary rack located 64 miles away from us in under 10 min and run live from there for as long as necessary
Pretty sweet technology (ok thats as much as I will go into it but if you have questions I would be happy to explain some of the tricks to make it work right)
As for the phones work contract they simply buy the phone and give it to me and pay for it :)
hehe...well...thats pretty much what I am doing these days...we flog SAN & NAS solutions...you probably have some of our kit LOL
UpwardThrust
26-09-2008, 20:15
hehe...well...thats pretty much what I am doing these days...we flog SAN & NAS solutions...you probably have some of our kit LOL
Maybe ... if you provide an end solution no but if you provide hardware possibly :)
Snafturi
26-09-2008, 20:19
Meh, there's nothing of interest on my phone. I mean, I guess the calendar could be exciting. I know there's people dying to know the date of my dental appointments and my brother's birthday. Or read my oh, so exciting text messages, "call me when you're off work". And my friend's numbers are highly classified. Everyone wants Michelle's number (yes, I have it!!) or Alfredo's number (oh yeah, you just wish I'd lose my phone now).
Rubiconic Crossings
26-09-2008, 20:26
Maybe ... if you provide an end solution no but if you provide hardware possibly :)
yep...you have some of our kit :)
And no...I don't work for EMC....
Rubiconic Crossings
26-09-2008, 20:32
But I can help you with a toaster :)
UpwardThrust
26-09-2008, 20:38
yep...you have some of our kit :)
And no...I don't work for EMC....
Good cause we dont use emc :)
Rubiconic Crossings
26-09-2008, 20:44
Good cause we dont use emc :)
yeah...did you hear that the designer of the symetric system has moved to IBM?
Pure Metal
26-09-2008, 22:14
until my phone has some kind of super-easy authentication technology (like fingerprint scanning while i'm using the touchscreen, or an RFID handshake between the phone and a transmitter somehow always on my person) then i can't be bothered. typing in a pin code every time i want to check the time or make a call is a pain in the ass