The vulnerabilities of iPone -> Fact or Fiction?

Apple inc. has launched iPhones to the market since 29 June 2007 in the United States from Apple retail and online stores, and from AT&T Mobility. On September 18, 2007, Apple announced in a special event that the iPhone will be available on November 9, 2007 on the carrier O2 in the United Kingdom; on 19 September 2007, Apple and Deutsche Telekom's T-Mobile announced the iPhone would go on sale 9 November 2007 throughout Germany; on 20 September 2007, France Télécom also announced they would be selling the iPhone in France (Wikimedia Foundation, Inc., 2007). However, there is the rise of concern about the security of iPhone in the IT industry (Wikimedia Foundation, Inc., 2007). By the way, I would like to introduce you a video clip about iPhone that may cheer you up.

http://www.youtube.com/watch?v=1xXNoB3t8vM

First of all, we need to understand the security issues of iPhone in general. Keizer (2007) has consolidated different views from the IT security specialists. Some really worries if one uses iPhone to connect to the corporate network, it will cause the vulnerabilities the network as Apple in the first place did not design iPhone for the enterprise use.

Secondly, it runs Mac OS X means that there is a good possibility that vulnerabilities found on the OS will also affect the iPhone. Hackers may be able to port the hacks they find on one to the other. Especially, recently all the press around the iPhone makes it a very enticing target for hackers.

Thirdly, Lemon (2007) reports that ‘hackers may successfully unlock an iPhone in as soon as three to seven days, according to a representative of one effort that aims to unlock Apple Inc.'s new handset’. They actually crack the activation process of iPhone so that users do not need to use iTunes to carry out the process and hence, no need to pay to AT&T.

Fourthly, Reed (2007) reports that Apple’s CEO Steve Jobs has declared war on iPhone hackers and Apple’s option is to stop hackers from creating new open source programs for its iPhone. It does indicate that the actions of hackers have really created a threat to Apple.
Apart from the above factors, do we really see that iPhone is in particular an unsafe mobile device which will do harm more that other thing else to the enterprise security. Many IT security specialists have the similar view as I have.

Neel Mehta, team lead for Internet Security Systems Inc.'s advanced research group, claims that ‘the iPhone poses the same risks as any other device connected to the network. It's going to be very hard to control who uses it, so the best thing to do is take the defense-in-depth approach’ (Keizer 2007).

Damoulakis (2007) also reports that ‘the boundaries of where data actually resides within an organization now extend well beyond the data centre to desktop computers, remote offices, employees' homes and laptops, USB drives, and, yes, phones. The problem that I have with some of the iPhone alarmism is that it leaves an impression that enterprise data is highly secure and that there aren't lots of other potentially much larger holes on which to focus’.

Finally, the question I post to you again, ‘Is the data protection and security of corporate laptops more akin to the BlackBerry or the iPhone?’ (ibid 2007).

References

Damoulakis J 2007, ‘Is your iPhone more secure than your laptop?’, ComputerWorld Hong Kong Daily, posted 5 July, viewed 6 August 2007, <http://www.cw.com.hk/computerworldhk/article/articleDetail.jsp?id=439492>.

Keizer G 2007, ‘iPhone security: Nightmare for IT or no big deal?’, ComputerWorld Hong Kong Daily, posted 27 June, viewed 6 August 2007, <http://www.cw.com.hk/computerworldhk/article/articleDetail.jsp?id=438058>.

Lemon S 2007, ‘Unlocked iPhones coming in one week or less, hacker says’, ComputerWorld Hong Kong Daily, posted 7 July, viewed 23 August 2007, <http://www.cw.com.hk/computerworldhk/article/articleDetail.jsp?id=439427>.

McMillan R 2007,'With Black Hat approaching, a rush to patch iPhone', ComputerWorld Hong Kong Daily, posted 27 July, viewed 3 August 2007, <http://www.cw.com.hk/computerworldhk/article/articleDetail.jsp?id=444882>.

Wikimedia Foundation, Inc., 2007, iPhone, Wikipedia, The free encyclopedia, last modified 22:00, 25 September 2007, Wikimedia Foundation, Inc., US, viewed 25 September, <http://en.wikipedia.org/wiki/IPhone>.

Reed B 2007, ‘Apple’s options for stopping open source iPhone use‘, NetworkWorld.com, posted 20 September, viewed 22 September, <http://www.networkworld.com/news/2007/092007-apple-stop-open-source-iphone.html?page=1>.

The obstacle of Open Sources and Free Software I

Open sources and free software are being used by more than half of fortune 500 companies (Parloff 2007).

Microsoft the software giant has highly patented its software products. Up until 2005, Microsoft has filed around 3,500 and registered over 1,500 patents (Microsoft cited in Parloff 2007, p.51) . As I myself works at a legal firm, I know that patents are very costly and not many sole proprietors can afford to patent their inventions. Many software developers has more or less included Microsoft's patented components in their products. Microsoft demanded them to pay the licence fees. For example, the Microsoft-Novell deal, Microsoft and Novell not only agreed to jointly develop and market products that allow Windows and Linux to work together more smoothly but also, Microsoft agreed to indemnify Novell Suse Linux Enterprise users from patent claims (Lemon 2007). This is definitely not a good news to the users. As a result, free software will not be free anymore. Probably, this is even a bad news to corporate users like AIG, Wal-Mart, AIG, and Goldman Sachs.

In December 2003, Microsoft's new licensing unit opened for business, and soon the company had signed cross-licensing pacts with such tech firms as SUN, Toshiba, SAP and Siemens (Parloff 2007).

Fortunately, Free and Open-source software (FOSS) has been fighting for the free world. Free Software Foundation president Richard Stallman, a talented programmer has dared to challenge the giant. I myself truly think him ground for the battle to Microsoft is very reasonable and widely accepted by free worlders.

To be continued

References

Lemon, S 2007, 'Dell joins Microsoft, Novell in Linux collaboration', ComputerWorld Hong Kong Daily, 7 May, viewd 8 May 2007, .

Parloff, R 2007, 'Microsoft takes on the Free World', Fortune Asia, vol. 155, no.9, Time Asia (Hong Kong) Limited, 28 May, pp. 49 - 55

Ubiquitous Computing

I have discussed before why thin client will be popular again in my previous blog. Nevertheless, probably, Ubiquitous Computing will be the destination. Mark weiser, the father of Ubiquitous Computing has given the idea of 'Ubiquitous Computing' in early 90s. He believes that 'Ubiquitous Computing' will be the third wave of computing after mainframes and PCs (Weiser, 1996). 'Ubiquitous Computing refers to the trend that we as humans interact no longer with one computer at a time, but rather with a dynamic set of small networked computers, often invisible and embodied in everyday objects in the environment' (UbiComp 2007).

Ubiquitous Computing will be the destination. But now how far are we from it?

Mark Templeton, CEO and president of Citrix Systems shared the company's vision of Ubiquitous Computing; he helps customers shift from distributed computing to application delivery service and the IT roles will change dramatically over next five years in response to the forces shaping today's business environment (Ramos 2007 p.26).


He lists out 5 factors driving the IT trends:

Consolidation - workers are required to share all their information

Regulation - governments and industries holding business more information accountable so the organization must find a way to easily control and monitor information access

Disruption & globalisation - high mobility of work force will need the delivery of applications from any endpoint, under every access scenario.

Echo generation - tech-savvy enterprise IT users will demand application access to variety of wired and wireless communication links

Templeton (2007) makes a conclusive statement that '... I guess what really saw us through is increasing relevance of our basic thinking about enabling people to work from anywhere over any type of connection'. This is the desire of people for getting Ubiquitous Computing ready. But there are still many issues waiting to be resolved. Broadband and wireless infrastructures are the basic requirement in the cities. Security is another important issue we can afford to ignore.

To be continued.

References

Ramous, L 2007, ‘Right place, right time’, Network World Asia, vol 3, no 4, pp. 26-27.

UbiComp 2007, 'What is Ubiquitous Computing?', 9th International Conference on Ubiquitous Computing, Innsbruck, Austria, viewed 21 May 2007, <http://www.ubicomp2007.org/scope/>.

Weiser, M 1996, 'Ubiquitous Computing', viewed 15 May 2007, <http://sandbox.xerox.com/ubicomp/>.

Infrastructure II - Data Management

In order to cope with the high volume of transactions and requests from users, we have to upgrade or replace the components of our network infrastructure from the front end to the back end. The most important thing is to identify the bottle neck of our network.

The capacities of the servers need to be upgraded regularly as our data is growing rapidly due to the emails and documents. As I mentioned in the last blog why our emails are eating up the server space, we need to upgrade the email servers nearly every year. Besides, we are now implementing a new document management system (DMS), in the similar fashion, the existing system is in-house developed that is no longer meeting our requirements. In the legal field or other professional fields, documents are the assets to the firms. More correctly, Knowledge management is tremendous to us. We are all now facing the problem of “Information Flooding” and are drown by the information. By the way, I would like to distinguish between “Data” and “Information”.

Whatis.com defines that ‘Information is stimuli that have meaning in some context for its receiver. When information is entered into and stored in a computer, it is generally referred to as data. After processing (such as formatting and printing), output data can again be perceived as information. When information is packaged or used for understanding or doing something, it is known as knowledge.’

Definitely, data, information and knowledge are interrelated. If we don’t have the good systems to convert our data to information and the tools to retrieve information, they will never be the knowledge we need. I always believe too much information is actually no information. With this in mind, we need to have powerful servers (i.e. high CPU speed and high capacity) to process and store our data. We are replacing the old servers with Rack Mount system that can stack up many servers and also, expanded the size of the data centre.

More powerful servers require more electricity supply and cooling control. Therefore, the power supply and the air conditioning system for the data centre were upgraded accordingly. Actually we should look into the design of the server itself. Researchers at Purdue University have demonstrated an ionic wind engine that promises to reduce the heat generated by semiconductors at a substantially faster rate that is possible with traditional cooling technologies. The logic behind is to activate the electrons and ions on the surface of the chips and the ions hit the air molecules and hence, increases the airflow which can cool the chip quicker (Lemon 2007). Details of this development has been published in the Sept. 1 issue of the Journal of Applied Physics. Anyway, I don't want to sidetrack you.

Currently, we are using multiple backup devices including magnetic tapes and optical disks. They just barely meet our needs and are still manageable. Penn (2007) in particular have reservations on optical technology despite ‘the recent claims of optical disk supremacy and the rapid rise from burnable CDs to DVD-Rs and onto Blu-ray and/or HD-DVD.’

Apart from that, everyday we used up a few backup tapes and optical disks and as time gone by we have accumulated a huge volume of them. Therefore, the metadata of tapes and disks are getting more and more important, which highly affects the recovery process. We all know that the recovery of data is very time consuming and never an easy task. However, we are usually required to fulfil the requests from users with a tight time frame. As a result, this is crucial to implement an effective backup and recovery solution with holistic view.

To be continued.

References

Hammond, S 2007, 'Metadata, data, and migration', Computerworld Hong Kong Daily, posted 1 August 2007, viewed 5 August 2007, <http://www.cw.com.hk/computerworldhk/TechWatch/Metadata-data-and-migration/ArticleStandard/Article/detail/447187>.

Lemon 2007, 'Researchers use ionic wind to keep chips cool', ComputerWorld Hong Kong Daily, viewed 19 August 2007, <http://www.cw.com.hk/computerworldhk/article/articleDetail.jsp?id=449851>.

Whatis.com 2005, ‘What is information', last updated 1 April 2005, Whatis.com, viewed 6 August 2007, <http://searchsqlserver.techtarget.com/sDefinition/0,,sid87_gci212343,00.html>.

Infrastructure I - Data Management

It has been a concern of data management in my firm. Our data has been growing exponentially even though the number of users has varied less than 15 % throughout the years. I believe it would also happen to other businesses or industries. According to Graham Penn, Associate VP, Storage Asia Pacific for research firm IDC, the amount of data requiring business-level storage is escalating at 40 – 50% (Hammond 2007).

Nowadays data is increasing and accumulating in the offices. Probably, people have changed their mindsets so that they are accepting the softcopy and willing to eliminate the hardcopy, of the documents. Take my firm as an example, our senior partners or consultants are adopting the technologies such as wireless devices, emails or remote access etc. I can say that the email system is crucial to our business. There was an experience that our email system was down for nearly two days. It was really a chaotic situation to the firm even though it happened over 6 years ago. If it happened today, it would be even worse. More users are using Outlook (i.e. email client) as their personal file system due to its mobility and availability, and they can use Outlook Web Access (OWA) to access their mailbox anytime as long as they have access to the Internet. Alternatively, they can use the mobile devices including Smart Phone and Black Berry even though those devices might not be able to view many file types.

To users, truly this is a convenient way to store and retrieve their documents. The negative impact of this is keeping multiple copies of a single document at different locations. In other words, it would consume a lot of network resources, disk space to store the files, systems to backup and retrieve the files. For our email system, we have made full efforts to attain these tasks.

The Law of Moore says computing power will roughly double every 18 months. The logic is illustrated in the graph below:

Gordon Moore's original graph from 1965

‘The complexity for minimum component costs has increased at a rate of roughly a factor of two per year ... Certainly over the short term this rate can be expected to continue, if not to increase. Over the longer term, the rate of increase is a bit more uncertain, although there is no reason to believe it will not remain nearly constant for at least 10 years. That means by 1975, the number of components per integrated circuit for minimum cost will be 65,000. I believe that such a large circuit can be built on a single wafer’ (Moore 1965).

Moore’s Law is well adopted and recognised by Intel. It is claimed that now we put 1.7 billion silicon transistors on one single chip (Intel Corporation 2005). What I actually want to illustrate the growth of technologies in another aspect. Probably, I should come back to my actual application of technologies.

To be continued


References

Hammond, S 2007, 'Metadata, data, and migration', Computerworld Hong Kong Daily, posted 1 August 2007, viewed 5 August 2007, <http://www.cw.com.hk/computerworldhk/TechWatch/Metadata-data-and-migration/ArticleStandard/Article/detail/447187>.

Intel Corporation 2005, video transcript, ‘Excerpts from A Conversation with Gordon Moore: Moore’s Law’, US, <ftp://download.intel.com/museum/Moores_Law/VideoTranscripts/Excepts_A_Conversation_with_Gordon_Moore.pdf>.

Moore, Gordon 1965, ‘Cramming more components onto integrated circuits’, Electronics Magazine, vol. 38, no.8.

Networking Infrastructures OSI and TCP/IP models

The Open System Interconnection (OSI) reference model was developed by the International Organisation for Standardisation (ISO) as a model for a computer protocol architecture and as a framework for developing protocol standards. The OSI Model includes 7 layers which are Physical, Data Link, Network, Transport, Session, Presentation and Applications (Ince 2004 p.41).

The TCP/IP Protocol Architecture is a result of protocol research and development conducted on the experimental packet-switched network, ARPANET, funded by the Defense Advanced Research Projects Agency (DARPA), and is generally referred to as the TCP/IP protocol suite. It has 5 independent layers which are Application, Transport, Internet, Network Access and Physical (Stalling 2005 p.106).

Stalling (2005) points out that the overall OSI model has been never flourished due to the following reasons:

• The key TCP/IP protocols were mature and well tested at a time when similar OSI protocols were in the development stage.
• When business began to recognize the need for interoperability across networks, only TCP/IP was available and ready to go.
• Compared with the TCP/IP Protocol Architecture, the OSI model is unnecessarily complex with 7 layers.

Today Internetworking has highly adopted the TCP/IP architecture. The TCP/IP network has been dominating the market while there are many communications choices available, standardising on one particular protocol can make administration easier and reduce costs and complexity. Reduced complexity can also translate into increased up time and reduced configuration time. Sometimes we would still maintain more than one protocol in a network owing to some legacy systems and applications. For examples, keeping TCP/IP, AppleTalk and IBM Systems Network Architecture (SAN) protocols in a network will incur a lot of costs for translating data which can be accepted and communicated among all of them.

References

Ince D 2004, ‘Developing Distributed and E-commerce Applications’, 2nd edn, Pearson Education Limited, Edinburgh Gate Harlow Essex CM20 2JE, pp.41-42.

Stallings W 2005, ‘Business Data Communications’, International Edition, 8th edn, Pearson Education, Inc., Upper Saddle River, NJ 07458, pp.97-128.

This is my first blog in my life

I have been working as an IT specialist for 13 year+ in a legal firm. I can really witness the growth of IT in the legal industry. It has changed the old practice of the lawyers. All the while, the legal practitioners are very conservative but they have adapted the IT trends. Besides, IT has successfully advanced the legal industry. The large legal firms invest substantially in the development /employment of IT to promote their businesses and make them more competitive by providing on-line services to their clients such as extranets and e-billing. Take my firm as an example, throughout the years the IT staff have been expanded greatly over last decade regardless of the economic downturns from late 90's to early millennium. I am part of the team of 20 which are supporting around 600 people in six different locations.

Burstiner (2006, p.57) reports that the big US legal firms are spending more to upgrade their technology and expand their staff and, in general the technology capital expenses increased 3.5% over last year but the operating expenses declined 2.6%. It indicates that the technology can increase the firmwide efficiencies. Wireless access and data storage are the main areas being invested. I believe IT has also moved other industries and businesses.

Reference

Burstiner, M 2006, ’Making It Better’, AMLAW Tech, pp.55-59