| Subcribe via RSS

Troubles w/Kindle And “Consumer Security”

May 6th, 2012 | No Comments | Posted in General, IT Industry, Moble, Networking, Security

I just wanted to provide the results of an two-hourlong trouble-shooting session on a new Kindle brought into my household yesterday.  Not only was it a bit frustrating, but in light of a number of things, quite astonishing as well.  Astonishing that Amazon, Google and even Apple to some extent view and address the consumer market the way that they do.  As a consumer, I have to say it’s frustrating.  As a security professional, I have to say it’s disappointing to say the least.

First the problem: You’d think these days it would be a simple thing to go down, buy a wireless device and throw it on your network in no time flat.  That was exactly what I attempted to do yesterday.  I went down to buy a cheap Kindle for one of my children, throw it on the network and be done.  Two hours and an even exchange later, I finally figured out what the problem was.

For most devices, the act of associating with your wireless network and then using your network are two different things.  So we always get a device onto the network first, then worry about how it’s going to connect to outside services later.  Because, yes, admittedly, I’m not running normal equipment here at home.  We don’t allow full blown access to the outside, polluted internet for a number of reasons.  We have a combination web-filter/proxy server appliance (in the cloud, actually), a commercial grade firewall, a caching DNS server and a few other things sitting inbetween devices on the soft, chewy inside network and the hardened outer shell.

But again, in the past, this was not a problem.  We knew, once devices got on the network, some equipment might have to be visited and settings slightly tweaked into order to get a device to work.

Here Is Why Amazon States Kindles Don’t Work In Enterprise Settings

The thing with Kindle that is different however is… when you are attempting to connect to your wireless network, Amazon, in the name of let-me-hold-your-hand-consumerism (which isn’t necessarily a bad thing — Amazon lives and breathes based on the consumer’s point of view, or tries to anyway), does a little bit more.  The Kindle first tries to connect to your wireless network, utilizing the base amount of information you’ve provided it.  Once successfully connected however, the Kindle doesn’t immediately tell you this.  It tries to connect to a backend somewhere at Amazon first.  If you have a firewall blocking that access, the Kindle doesn’t indicate this is the problem, it merely punts and reports back that… it can’t connect to your wireless network. Which isn’t entirely the case, but that is what is reported.

Now again, as I stated parenthetically above, I understand why Amazon goes through the invisible two-step process, but… what is reported back is not the case and extremely misleading.  It took me some time to discover, after digging through numerous forums, to find that Kindle (Amazon) is going through this transparent, behind-the-scenes two-step process.  Once that was known, I was able to work around it, albeit by taking drastic measures I wouldn’t normally expect to take, but, I was able to register the device.

Which brings me to a major frustration as a consumer and disappointment as a security professional.  If Amazon truly lives and breathes from the consumer’s point of view, I hope they as well as Google and Apple — three of the world’s most major internet “impactors” (at present) — take the following into serious consideration:

Amazon, Apple and Google Seem To Be Ignoring The Obvious

I can’t go off on a complete diatribe right now, but… Amazon and Google and to some extent even Apple don’t seem to realize that the internet they have helped develop has, as a result of their efforts, gotten just a tad bit more sophisticated lately.  With that sophistication, some complexity has necessarily had to be driven down to the consumer level.  It’s not just corporations which utilize firewalls and proxies and other security devices and approaches any longer.  You can go down to Best Buy or buy right off the Amazon “shelves” ironically, any number of mainstream wireless access points and routers and nearly all of them come with a feature set that allows a more sophisticated consumer (shall we say) any number of options for securing their home networks.  Not just from people getting in, but controlling somewhat how people on the inside get out.

Yet, I can’t for the life of me understand why Amazon and Google (and again Apple to some extent) “act like” these kinds of features don’t exist and continue to act like we are still in 2005 when most people simply didn’t or didn’t know how to apply simple WEP, WPA or WPA2 security to their wireless devices or utilize any other security approach.  They act like every WiFi network you attach to has completely 100% free unhindered access to the internet and maybe a couple of devices hooked up to it.

Beyond that even, they seem to be pushing for this to be the normative setup in a day in age where security has to be taken into consideration even down to the consumer level. These devices weren’t designed with that in mind and in fact the companies seem to thumb their noses a little at any consumer who has taken security a little bit more seriously than most. And that is disappointing and annoying. (That is, their explanations read between the lines as “Yeah, we know that, but we don’t care; our devices were purposefully designed to only work on wide-open wireless networks — deal with it.”)
More »

Tags: , , , , , , , , ,

Travel Electronics: FAA and Airlines Need To Bend a Bit

December 26th, 2011 | No Comments | Posted in Moble, Travel

I recently read this article from ABC News on electronics, airline travel and FAA federal safety regulations which is about the third or fourth article I’ve read on this topic. It seems the opinions are split evenly down the middle with individuals of a conservative bent taking a “better safe than sorry” approach, while others feel it’s just downright ridiculous.

I’m firmly camped in the middle. On the one hand, having had previous informal training in electronics and radio frequencies, I do know it’s definitely possible for electronic devices to emit interference. The ABC News link above is interesting because the editorial piece seems to take the “it’s ridiculous” slant, whereas the video attached to the article claims a recent new study provides evidence that interference is possible. With the proliferation of devices and especially reading devices such as the Kindle, Kobo, Nook and Sony Readers, the regulations have become an annoyance at best. It’s hard not to feel they are out and out ridiculous. I’ll be one to admit I’ve left my cell phone on (eg. not in airplane mode, so therefore, it’s still sending and receiving cell phone signals) and I’ve even sent a final “love you!” text to the wife while just lifting off the runway. Shame on me, I know.

Here’s the deal however. I don’t mind the FAA and airlines taking a precautionary stance on electronic devices. It’s merely WHEN the stance is taken that I have a hard time with and feel it’s in the nonsensical, ridiculous category.

If you’ve flown very much at all, you know that when the cabin crew asks you to “extinguish all cell phone, electronics and portal devices by placing them in the ‘off’ position,” it’s well before even leaving the gate. I’ve had this request come while sitting at the gate for another 15-20 minutes, and I’m not exaggerating.
More »

Tags: , , , , , ,

IdM Demand In 4th Quarter Kills Blogging (and everything else)!

What kind of blogger would I be if there weren’t blatantly long periods of time where I’m not blogging?! There are a lot of people, especially in IT, who commit to blogging who, get off to a good start, and then taper off to nothing. I’m in danger of being such a person, but I’m aiming to change that here soon.

It’s just been the busiest 4th quarter (and especially December) I’ve ever had in my entire 20+ year career. Business and demand in the Identity Management space is just booming, and there have been more concurrent end-of-year projects (of any sort) than I can ever remember. Qubera gigs at a major software house, a major US investment firm and a leading California educational institution have had me absolutely hopping. 2012 is quite frankly looking ominous and scary. Identity Management is in high demand and with new, innovative products like Sailpoint IIQ v5.5 out in the 4th quarter and more IdM product movement in the magic quadrant, the demand is high in the industry right now.

That being said, here’s what’s coming up, and not necessarily in this order:

  • Branding Your SailPoint IIQ Site – If you’ve got your eyes on Sailpoint IIQ or already have it in house and want/need to rebrand your site for internal L&F purposes, I’ll lead you through how to do it. It’s quite simple actually.
  • It’s Time To Change Travel Regulations around electronics – Recently I’ve read a number of articles on just how far behind the FAA is on the (non-existant) “dangers of electronic devices on airplanes.” As a consultant who does a fair amount of travel (not a ton, but enough), I have some thoughts on this. It’s definitely time for some changes.
  • Managing Your Vendor Relationships – I recently read a great article from Gigaom on some of the big-time vendors which happen to operate (most of them) in the Identity Management space. The article brought up some great points and as a Solutions Architect and Technical Engagement Manager who has to advise clients on these relationships, I had a few insights and comments to make which may be helpful.
  • iPhone versus Android Comparison – I recently had the opportunity, thanks to purchasing a new iPhone 4S for a family member, to side by side compare the iPhone with an upper-end Android device, the HTC EVO 4G which I carry. Hint: There is no comparison. I was truly blown away. I’ll let you know which device wins as I throw my lot into the “smart phone wars.”

I’m going to whip out that FAA airline article now, but stay tuned for more.

Tags: , , , , , , , ,

iPad Remote App Uses HTTP

October 25th, 2011 | No Comments | Posted in Moble, Networking

I’ve only recently gotten around to getting any semblance of order and imported CDs into my iTunes on my Macbook Pro. No need to run Apple‘s iPad Remote until now. I usually just use Teleport (highly recommended by the way) to move my mouse onto my wife’s Mac Mini screen which has some nice Bose speakers and play tunes through her computer anyway from our centralized MP3 share on the household file server.

But anyway, this afternoon I was trying to connect to my iTunes library using Remote and wasn’t getting anywhere. Apple has a link built into Remote that takes you to a page on Safari in their support forums that has detailed help on how to trouble-shoot Remote connectivity issues, but everything on my Macbook Pro and iPad 2 seemed to be setup just fine.

I got the notion however that Remote might be using HTTP to access shared iTunes libraries on the local LAN. Sure enough. And that did the trick. We’re using a proxy server on the premises and apparently my entries in iPad networking for ignoring proxy requests for .local domains isn’t working. (It’s time to get away from .local anyway… this is being utilized more and more behind the scenes — I’ve been warned.)

So if you’re having issues with iTunes home sharing in any way and you’re behind a proxy server, this could be the source of your grief. Try turning your proxy server settings off and see what happens.

Tags: , , , , , , , , , ,

iOS 5 Update Review

October 14th, 2011 | No Comments | Posted in Moble

So, a quick review of my twin iOS 5 upgrade. I have two iPad 2 devices. One for me, consulting (just invaluable for reading!), and one for the wife, homemaking. Which of the two is more “business critical”? :-) I’m not saying outright but let’s just say, I’m the CEO and she’s the COO at home. Everything starts at home, and she runs a tight ship, so… I’ll let you go figure from there. :-)

My CEO Upgrade

My upgrade may be of some interest because… for sake of simplicity, when I originally bought my iPad 2, I didn’t yet have a Mac. I still had a company owned PC and I didn’t want to sync to that. So I sync’d to her Mac with her id. Maybe a bad decision at the time, with the completely inexplicable need to have the original iPad 2 even have to plug in to get started in the first place, but that drove that decision. (We were completely taken back and absolutely amazed at the time that Apple actually made you plug in a cable to wake up a mobile device — to this day, that still amazes me, and then later the belated capability was touted as a “check this out” feature by Apple when talking about iOS 5… Really?! :-))

So I decided for the iOS 5 upgrade, I would get back on my own Apple ID. I half expected my backup to backup all the apps “we” had bought and restore them to my iPad 2 and still be maintained. I was 50/50 on this. Ehhht. No dice. So I have to buy my own copy of Pages and whatnot. But… The upgrade did retain all my settings for apps like Mint.com, Box.net, Dropbox, etc. (Hey Mint!! When are you going to get with the program and release your iPad 2 application!!?? C’mon!! Way overdue!!)

Needless to say, my Cydia jailbreak was going to be toast. But I was prepared to live with that. The biggest asset for having a rooted device previously was extending the number of sites I could have open at one time in Safari and the geek factor of being able to SSH into the iPad 2 from a command line on my Mac. And some Springboard modifications and features, but… No big deal losing on any of those fronts and the new iOS 5 Safari was going to fix that, so… we’ll see what happens with Cydia comes out with a jailbreak for iOS 5.
More »

Tags: , , , , , , ,