We’ve noticed two key issues that have bloggers talking this week:
“Man in the Middle” Attacks
From Vulnerability Assessment & Penetration Testing…
Hacking Online Banking and Credit Card Transactions – And How to Prevent It
Daniel Hoffman explains, step-by-step and with diagrams, how a “man in the middle” attack works by exploiting SSL vulnerabilities. Our perspective is that there are some technologies that have taken this risk into account – stay tuned for a separate post on this topic.
From Schneier on Security…
Meanwhile, Bruce Schneier discusses why MITM attacks are so successful online, and takes the security and web browser industry to task for not doing more to help users protect themselves.
iPhones in the Enterprise
From 360 Security…
5 Reasons Why the iPhone 2.0 is still not Enterprise 1.0 Ready
Andrew Storm builds his case against the iPhone as suitably secure enterprise tool. A well-reasoned sets of points, with a well-reasoned set of counterpoints to be found in the comments.
From DarkReading…
iPhone Smackdown: Security vs. Consumerization
Rich Mogull, on the other hand, discusses the entry of the “business iPhone” as a matter of a larger scale consumerization of IT, and offers practical advice for organizations trying to reconcile their security processes and policies with this disruptive device.
