The Sys-Security Group

I had written here a lot of things in my blog against the iPhone. And still I stand behind most of them. But after playing several hours with an iPhone yesterday, I can definitely say that Apple had manufactured a very cool phone and a gadget.

Not that it is without issues, but the main advantage of the iPhone is its GUI and the ease of use.

Functionality wise the iPhone has the same functionality as with any other mobile phone on the market, and it does not lack any major features. The integrated iPod even makes it better.

Comparing the iPhone to the latest Windows Mobile 6 phones does an injustice with the iPhone. Simply, in my opinion, the iPhone is far superior to the WM6.

This also holds true when compared to the Blackberry. Some would argue that the Blackberry’s keyboard is better, and therefore business wise they would choose the Blackberry. I think this is all a matter of taste. A lot had been written about the virtual keyboard – too small, hard to use, etc. But after about 15 minutes of using it, the keyboard and the automatic correction it offers worked like a charm.

The iPhone is easy to operate, and intuitive. But here is the problem – this phone is not for my mom and not for my dad. It is for the cool folks who understand to slide their fingers across the beautiful touch screen to get their work done. Not that there are not tone of those out there.

If apple would add a GPS, UMTS/3G support, take security seriously and fix the battery issue (replacement and lifetime) then undoubtedly, in my opinion, they will have the #1 phone on the market (some may argue they already have).

The iPhone makes an excellent example of how a marketing hype and a cool product can turn into a security nightmare. As a product gets more visibility and its number of its users is on the rise the chances of having a security issue found with the product are higher. This holds true not only for the iPhone but also for other products (Oracle DB and David Litchfield for example) and technologies (VoIP).

It is not like Apple was not warn when they shipped the beta versions of Safari for Windows that the product is less then satisfying with regards to its security. It did not take long for people to post security issues they have found. But the warning was not enough to change things at Apple.

You do expect a company at that size to act. But this is not different with any major security issue they had with Mac OS X, which always takes them some time to fix.

The iPhone is extremely popular and it is doubtful that the security issues found with Safari on the iPhone will drive people away from it. But the bad feeling is creeping in. For Apple to resolve all they need is a software update to fix, and not to wait too much.

What would it take now to find issue with the mail.app? and how that would affect Apple’s Mac OS X (i.e. no viruses no Trojans advertisement)? Just curious.

Welcome to the real world.

I will be speaking at Defcon 15 about NAC vulnerabilities and bypass issues.

The talk has a considerable amount of new vulnerability information, which I have collected in the past year and kept quite about. So you should stay tuned for some interesting new stuff.

Don’t be a stranger and come say hello.

Dark Reading had published an interesting article about the “most dangerous and least-discussed” IT security vulnerabilities they have seen in the recent weeks. This list includes NAC vulnerabilities, PHP issues, rogue Anti-Spyware stuff and other interesting issues.

You can read the article here.