BYOD Blues

A recent article on Network World introduced the IT hand of mobile god, Enterasys mobile management software. The purpose of the Mobile IAM appliance (hardware) and virtual appliance software is to provide support to 3,000-10,000 devices for services such as: automatic device discovery; context-based policy management, authentication, identify-based access management, and; auditing. This makes sense considering a significant rise in total device usage at the workplace being user owned, and the similar/dependent correlation to trouble tickets generated due to device interoperability with current local services and processes. That said, this issue is still bringing me a bit of heartache.

Unlike any other device, smartphones and tablets have just the right form factor to make them physically accessible. That is, prior to these devices, I highly doubt business professionals were carrying in their 15-17" home laptops; not to mention, at this point in time, carrying a laptop was similar to carrying around a set of dumbbells. We can also scoff at the image of an executive carrying a desktop from home to the office everyday, it just wasn't going to happen. Intro the iPhone/iPad, and suddenly everyone sees some utility in using HIS/HER mobile device to get work done efficiently. That's all well and good, but wait… do those things support a firewall?

Oh, and do they have an anti-virus scanner?

Oh, and are they susceptible to malware?

Oh, I wonder if they have thought about the confused deputy problem?

Oh, and does the user download from untrusted markets; has he/she rooted/jailbroken their device?

Oh… shit.

So the above does sound really interesting to me. In fact, it will greatly increase the productivity and support that IT can provide to these BYODs, but at what cost. I mean, are we not making our internal networks more vulnerable by bringing these devices in? What-if you are the biggest security-guru-employee-guy out there, haven't you ever lent your device to your kids or kid brother. My opinion, the devices should stay at home… take a queue from the DoD. If you want the increased accessibility and utility that a "smart device" brings, wouldn't a more cost effective solution be to purchase enterprise devices and disseminate that way? I realize the cost is great upfront, but perhaps down the road due diligence would pay off. That said, I'll link a few papers that help stir up the controversy:

• Consider dealing with the Android update trap. Note that when a manufacturer moves onto the next phone, you may stop receiving updates to the device at all (the case of my Mom's HTC Droid). Buggy software will kill battery performance, security holes are not plugged, and ultimately your Market app will force quit with a 99.9% chance. 
• Consider research on the special case of confused deputy problem.
• Consider government procurement of exploits.
• The business perspective of BYOD.

Smishing your LovePhone & Steam or Boil my Video Games

A rather crafty title for a mostly non-technical blog post. I've had a few tabs open on my browser for about a month, and I think it's time to finish the post off and move on to the long list of things I want to talk about! The cult of mac had an interesting post about how apple has already owned the gaming market. The brief summarization of this article is as follows: Apple is a game changer for how video content is delivered and managed. Specifically, the article highlights headlines which tout, "Apple is set to change gaming… How apple can conquer the gaming industry without firing a shot." Mostly silly puffery, such as my blog title, but this sets the stage for the rest of the article, which has a much more serious undertone.

Mike Elgan makes a compelling argument that Apple's approach to gaming is much like Starbucks. The intent was not to replace the elite moguls, rather provide elite, accessible (i.e., # of Starbucks on one street and saturation of apple product ownership) products to the non moguls. I find that this is spot on, Apple's Market has provided an incredibly accessible and usable market - a proverbial cash mCow. Couple that with a free review service, albeit one full of children and adults that cannot effectively provide accurate information, and there is a true ecosystem that is to be admired.

So, I haven't really said anything different than the article. What gives?! Well, I just wanted to knock Apple down a notch because we all seem to push Apple up on the pedestal ;). Intro Apple Bandai Pippin. A multimedia platform designed by Apple Computer in 1995 featuring a 66 MHz PPC, a 14.4 kb/s modem, and 16 bit video support via S-Video and Composite. Sexy, how could I get one of those? Well, you paid a mere $599, and you enjoyed 1 to 18 titles. The Jaguar sounded more promising than this!

Speaking of obscure gaming platforms such as Jaguar, how is our favorite penguin  doing in terms of gaming? Well, not too bad actually. A recent post on slashdot brought to my attention that Steam is coming to Linux (yes, only like k-debatable years in the making with plenty of rumors)! Apparently this time it was confirmed by Gabe Newell himself. This certainly beats my attempts of just running a Windows VM for games (and I'm not going to mention Wine… that's really hit or miss).  This deviation of conversation aside, let us return to the point.

Point. Mobile devices, markets, and the overuse of app is kind of nice. BUT, don't forget where we started from, where we are, and where we want to be.

Not so much of a point. Until I have a six core processor in my phone, a sliding joystick, and a multicore mobile GPU --- I still won't be playing with my phone unless I'm in the bathroom or stuck on a road trip.

GREAT TRANSITION POINT [sarcasm... I didn't have enough material for a full post, so it was dumped here].

Speaking of phones, the other part of this blog title was smishing. Apparently SMS phishing is on the rise (not really sure why, the last time I looked smart phones were gaining rapid market share over feature phones [http://en.wikipedia.org/wiki/Smartphone#Market_share]). Not down with the smishing buzzword? Me neither. It's effectively a phishing attack executed via text message. So let me point out the obvious - ignore the spam, and don't be tempted by the possible wiles of an unknown mate.

That being said, if you want to smish someone, try the blackmail approach! Text >> "Your wireless carrier has recently created a text audit log for a subscriber on your plan, to preempt the package from being sent - because it contains dirty texts from your mistress - please access our audit portal at verizon.txt-audit.com." Scandalous!