Phasor Burn

I must remember to heed my gut instinct in the future. My first 5 seconds evaluation of “run! don’t agree to that!” has proven correct once again.

Why didn’t I listen to it, 6 months ago?

Got to finish what I started but then no more.

My 5-second-eval has worked amazingly well for judging character of people I might be working with/for as well. I almost always listen to that kind at least.

Grumble bumble. Happy stabby Wednesday, everyone!

Wally is still so my hero.

“As soon as attackers are in the possession of an iPhone or iPad and have removed the device’s SIM card, they can get a hold of e-mail passwords and access codes to corporate VPNs and WLANs as well,” said the researchers in a statement. “Control of an e-mail account allows the attacker to acquire even more additional passwords: For many web services such as social networks the attacker only has to request a password reset.”

The attack has particular significance for companies that allow employees to use iPhones on corporate networks, because it can reveal network access passwords.

“Owner’s of a lost or stolen iOS device should therefore instantly initiate a change of all stored passwords,” said Fraunhofer SIT. “Additionally, this should be also done for accounts not stored on the device but which might have equal or similar passwords, as an attacker might try out revealed passwords against the full list of known accounts.”

Full Article Here

It’s well known that once you have physical access to a computing device, just about anything is recoverable given time and appropriate tools.

The interesting thing here is the network access passwords (and I would presume as well, vpn access info). This makes it clear that you must consider changing your vpn, network, ldap, email, etc passwords enmass asap after losing a smart phone.

Ever since the finance, hr, and other related groups moved into the other half of the floor, I’ve noticed non-flushing going on. Nice.