| Subcribe via RSS

Troubles w/Kindle And “Consumer Security”

May 6th, 2012 | No Comments | Posted in General, IT Industry, Moble, Networking, Security

I just wanted to provide the results of an two-hourlong trouble-shooting session on a new Kindle brought into my household yesterday.  Not only was it a bit frustrating, but in light of a number of things, quite astonishing as well.  Astonishing that Amazon, Google and even Apple to some extent view and address the consumer market the way that they do.  As a consumer, I have to say it’s frustrating.  As a security professional, I have to say it’s disappointing to say the least.

First the problem: You’d think these days it would be a simple thing to go down, buy a wireless device and throw it on your network in no time flat.  That was exactly what I attempted to do yesterday.  I went down to buy a cheap Kindle for one of my children, throw it on the network and be done.  Two hours and an even exchange later, I finally figured out what the problem was.

For most devices, the act of associating with your wireless network and then using your network are two different things.  So we always get a device onto the network first, then worry about how it’s going to connect to outside services later.  Because, yes, admittedly, I’m not running normal equipment here at home.  We don’t allow full blown access to the outside, polluted internet for a number of reasons.  We have a combination web-filter/proxy server appliance (in the cloud, actually), a commercial grade firewall, a caching DNS server and a few other things sitting inbetween devices on the soft, chewy inside network and the hardened outer shell.

But again, in the past, this was not a problem.  We knew, once devices got on the network, some equipment might have to be visited and settings slightly tweaked into order to get a device to work.

Here Is Why Amazon States Kindles Don’t Work In Enterprise Settings

The thing with Kindle that is different however is… when you are attempting to connect to your wireless network, Amazon, in the name of let-me-hold-your-hand-consumerism (which isn’t necessarily a bad thing — Amazon lives and breathes based on the consumer’s point of view, or tries to anyway), does a little bit more.  The Kindle first tries to connect to your wireless network, utilizing the base amount of information you’ve provided it.  Once successfully connected however, the Kindle doesn’t immediately tell you this.  It tries to connect to a backend somewhere at Amazon first.  If you have a firewall blocking that access, the Kindle doesn’t indicate this is the problem, it merely punts and reports back that… it can’t connect to your wireless network. Which isn’t entirely the case, but that is what is reported.

Now again, as I stated parenthetically above, I understand why Amazon goes through the invisible two-step process, but… what is reported back is not the case and extremely misleading.  It took me some time to discover, after digging through numerous forums, to find that Kindle (Amazon) is going through this transparent, behind-the-scenes two-step process.  Once that was known, I was able to work around it, albeit by taking drastic measures I wouldn’t normally expect to take, but, I was able to register the device.

Which brings me to a major frustration as a consumer and disappointment as a security professional.  If Amazon truly lives and breathes from the consumer’s point of view, I hope they as well as Google and Apple — three of the world’s most major internet “impactors” (at present) — take the following into serious consideration:

Amazon, Apple and Google Seem To Be Ignoring The Obvious

I can’t go off on a complete diatribe right now, but… Amazon and Google and to some extent even Apple don’t seem to realize that the internet they have helped develop has, as a result of their efforts, gotten just a tad bit more sophisticated lately.  With that sophistication, some complexity has necessarily had to be driven down to the consumer level.  It’s not just corporations which utilize firewalls and proxies and other security devices and approaches any longer.  You can go down to Best Buy or buy right off the Amazon “shelves” ironically, any number of mainstream wireless access points and routers and nearly all of them come with a feature set that allows a more sophisticated consumer (shall we say) any number of options for securing their home networks.  Not just from people getting in, but controlling somewhat how people on the inside get out.

Yet, I can’t for the life of me understand why Amazon and Google (and again Apple to some extent) “act like” these kinds of features don’t exist and continue to act like we are still in 2005 when most people simply didn’t or didn’t know how to apply simple WEP, WPA or WPA2 security to their wireless devices or utilize any other security approach.  They act like every WiFi network you attach to has completely 100% free unhindered access to the internet and maybe a couple of devices hooked up to it.

Beyond that even, they seem to be pushing for this to be the normative setup in a day in age where security has to be taken into consideration even down to the consumer level. These devices weren’t designed with that in mind and in fact the companies seem to thumb their noses a little at any consumer who has taken security a little bit more seriously than most. And that is disappointing and annoying. (That is, their explanations read between the lines as “Yeah, we know that, but we don’t care; our devices were purposefully designed to only work on wide-open wireless networks — deal with it.”)
More »

Tags: , , , , , , , , ,

iPad Remote App Uses HTTP

October 25th, 2011 | No Comments | Posted in Moble, Networking

I’ve only recently gotten around to getting any semblance of order and imported CDs into my iTunes on my Macbook Pro. No need to run Apple‘s iPad Remote until now. I usually just use Teleport (highly recommended by the way) to move my mouse onto my wife’s Mac Mini screen which has some nice Bose speakers and play tunes through her computer anyway from our centralized MP3 share on the household file server.

But anyway, this afternoon I was trying to connect to my iTunes library using Remote and wasn’t getting anywhere. Apple has a link built into Remote that takes you to a page on Safari in their support forums that has detailed help on how to trouble-shoot Remote connectivity issues, but everything on my Macbook Pro and iPad 2 seemed to be setup just fine.

I got the notion however that Remote might be using HTTP to access shared iTunes libraries on the local LAN. Sure enough. And that did the trick. We’re using a proxy server on the premises and apparently my entries in iPad networking for ignoring proxy requests for .local domains isn’t working. (It’s time to get away from .local anyway… this is being utilized more and more behind the scenes — I’ve been warned.)

So if you’re having issues with iTunes home sharing in any way and you’re behind a proxy server, this could be the source of your grief. Try turning your proxy server settings off and see what happens.

Tags: , , , , , , , , , ,

iOS 5 Update Review

October 14th, 2011 | No Comments | Posted in Moble

So, a quick review of my twin iOS 5 upgrade. I have two iPad 2 devices. One for me, consulting (just invaluable for reading!), and one for the wife, homemaking. Which of the two is more “business critical”? :-) I’m not saying outright but let’s just say, I’m the CEO and she’s the COO at home. Everything starts at home, and she runs a tight ship, so… I’ll let you go figure from there. :-)

My CEO Upgrade

My upgrade may be of some interest because… for sake of simplicity, when I originally bought my iPad 2, I didn’t yet have a Mac. I still had a company owned PC and I didn’t want to sync to that. So I sync’d to her Mac with her id. Maybe a bad decision at the time, with the completely inexplicable need to have the original iPad 2 even have to plug in to get started in the first place, but that drove that decision. (We were completely taken back and absolutely amazed at the time that Apple actually made you plug in a cable to wake up a mobile device — to this day, that still amazes me, and then later the belated capability was touted as a “check this out” feature by Apple when talking about iOS 5… Really?! :-))

So I decided for the iOS 5 upgrade, I would get back on my own Apple ID. I half expected my backup to backup all the apps “we” had bought and restore them to my iPad 2 and still be maintained. I was 50/50 on this. Ehhht. No dice. So I have to buy my own copy of Pages and whatnot. But… The upgrade did retain all my settings for apps like Mint.com, Box.net, Dropbox, etc. (Hey Mint!! When are you going to get with the program and release your iPad 2 application!!?? C’mon!! Way overdue!!)

Needless to say, my Cydia jailbreak was going to be toast. But I was prepared to live with that. The biggest asset for having a rooted device previously was extending the number of sites I could have open at one time in Safari and the geek factor of being able to SSH into the iPad 2 from a command line on my Mac. And some Springboard modifications and features, but… No big deal losing on any of those fronts and the new iOS 5 Safari was going to fix that, so… we’ll see what happens with Cydia comes out with a jailbreak for iOS 5.
More »

Tags: , , , , , , ,