First, do you have a decent relationship with your former company? If so, good, reach out to someone there who might be able to get you authorization to contribute them back to the project
Second, if they won't or if you can't, reach out to the project and at least notify them of the bugs and I would assume you can provide the details of where they are located. You're already providing more than a bug report at that point which helps them more than nothing at all.
Third, work with another person to develop a clean-room patch so it isn't your exact work and therefore not your former company's work product.
Taking your analogy a bit further.....
While you may have a more secure door without the lock, you also have what is commonly referred to as a wall. Without a way to use the door it is no longer serving it's intended purpose. The most secure computer is one that is not on a network and cannot be physically accessed. Once you actually need to access it you are now weighing the tradeoff between usability and security. The picture password is intended to provide a way for users who wouldn't otherwise protect their device with a low impact way of doing so.
The question was asked as "should the BES be in the U.S. or the foreign country." Given those two options the better place would be the U.S. since the OP was concerned about the foreign country to begin with.
Your point about the physical access is correct, however if you have encrypted mail stores and you encrypt the handheld you could conceivably create quite a headache for anyone who even has access the physical box or the handheld (assuming you didn't remote wipe it anyway).
BES should be in the US, the data will flow through the foreign carrier but it will be encrypted. So unless you are a high value target, I don't think they'll spend the resources to decrypt that data. It would take a little while.
They allowed access to the encrypted BBM (If you aren't using your corp encryption key) and I think BIS (POP3/IMAP). They have stated that any country wanting access to corp BES data could not be accommodated since they each use their own private keys.
First of all, there's a common misconception amongst a lot of people that BlackBerries require BES, they do not, BlackBerries can hook directly into ActiveSync just like other smartphones without a BES.
I believe the Blackberry BIS service only supports Outlook Web Access (Not true ActiveSync), there are third party apps for ActiveSync but from my research they are a bit cumbersome to use.
Why people want to continue going down the BES route is a mystery
Well I know one reason I moved to a Blackberry and BES was that ActiveSync didn't handle notes. Additionally the iPhone didn't handle tasks. I don't know if any Andoid based devices do but none did when I was looking in January of this year.
We tried all three of those trust methods. None of them worked. It boiled down to a different internal domain name vs external domain name. Both were in the cert, the pre tried to use the first one instead of the one specified in the connection setup.
There seems to be many people having issues with s self signed SSL certificates on Exchange. The phone requires you to load the certificate and "trust" it before you can connect. It doesn't allow for you to "trust" it inline with the EAS setup (ala Windows Mobile and iPhone). If you get past that, and you are running a standard SBS sever which by default creates a self signed cert with CNs for the private AD host name, the public dns host name and some SBS specific websites (companyweb and others). The pre supports multiple CN certificates, but it seems from some early research I did with a friend who just picked one up, that it uses the 1st CN to create the SSL connection (or verify the root ca) instead of the server url the user entered in the setup. Since many small shops don't use their public domain name as their AD domain name there seem to be many people having an issue.
Also, the error message it provides is not very helpful and is generic "SSL certificate error. Is the date and time correct"
Thankfully my friend's company happened to own the domain they used for the internal AD as well and since he is the admin he just added in the DNS records for it. It then worked as designed.
Thank you for your input, we already block incoming and outgoing traffic on port 445. I was more specifically looking for information on blocking the control communications of the worm. Sorry for not being more clear.
I was looking for information on this last night and wasn't able to find much.
Is there a way (on a ASA/PIX specifically) to block the outbound connections made by this worm so that you can contain the traffic to the local network and also log the hosts that are infected?
The only thing I found was someone making reference to blocking http://ipaddr/search?q= requests but I couldn't find any backup for that claim.
TIA
If you are talking about the US, there is no law I am aware of that REQUIRES the carrier to unlock the phone after the contract has been fulfilled. AT&T has a 90 day policy where they will provide the unlock code for customers in good standing that need the code (traveling overseas), but the iPhone is specifically exempt from that.
The closest thing we have in the US to a requirement is that the copyright office ruled that unlocking phones is not against the law.
The BES can be had for free now if you need one or cheap if you need less then 3 or 5 users.
Zimbra mobile is not the same as BES, they cannot be interchanged. While zimbra mobile will give you access to your email and everything it is not the native wireless sync that BES offers. Also, a BES will allow you to remotely wipe a lost/stolen BB and control policy enforcement. If you deal with small companies that are regulated (financial or medical) this is a requirement, not a luxury.
SBS also comes in fairly cheap for low user counts, actually somewhere in line with Zimbra.
I'm all for open source and use/promote it when possible. But you can't take the approach that it is the solutions to life's ills when the closed source competition has a compelling counter offer. The best part about open source (free as in speech) doesn't really matter to small companies too much, and since this isn't free as in beer we can really do an apples to apples on price alone.
So, my question is, wouldn't it be simple to make a filter in, say Thunderbird which acts as an "outlook client" and can be used with all those backends that are able to sync with the real outlook. I mean, for the back end servers it would seem they are syncing with outlook but it would be whatever open platform.
I think even google calendar has only made available the option to sync with Outlook...
Is this not done for patents or copyright reasons? Most personal hardware doesn't sync directly with the backend. It requires a client it knows how to sync with. I haven't found anything that will let it sync with Thurnderbird/Lightning. Even the blackberry with BES server still requires Outlook to communicate correctly and sync. And BES requires a windows server to run on so you still need one and now SBS becomes a decent option.
And since you brought up Google, they don't have a task or notes option to sync with either, so you are only getting calendar and contacts.
One issue I've had with Zimbra is that for very small companies (<10 uers say) the costs are pretty high for the network edition. Surprisingly most small companies actually require some of the features only found in the network edition like BES interop. Its common to have a few BB's in a small company these days.
Users have always used it in their last job and don't care about learning a new system just because it's "better." To most users "better" is defined as them having to not learn something new.
Most small businesses I deal with don't really need or want Exchange/Notes/Zimbra, but what they do need is an Outlook type app that can get to whatever email system they want. The big problem is and always has been that most third party hardware won't sync with much else besides outlook. Take a look at Blackberries which most every small business owner is using. You can sync to Outlook, Yahoo, Groupwise or Notes. Since most users are familiar with Outlook that is what they want. The could care less what is running on the backend.
I've taken a look at Zimbra for some clients but the issue there is price yet again. For a small company (5 users) you're looking at over $1000 for licensing that can be used with the Blackberry and outlook plus the cost of outlook. At that price you might as well put them on Exchange SBS and not worry about the BES connecter for Zimbra. Plus, now with MS looking at Yahoo who knows what is coming down the road for Zimbra (Owned by Yahoo).
Since MS has started offering Outlook as a seperate license I have been offering that as an options to clients with OpenOffice, but most choose to just get Office since the OEM license is about $250 and the Outlook license is $100.
I really think Zimbra would be a great app if they would just rethink the pricing structure for <10 users. Maybe allow the Network Edition for a fixed cost under a certain user count.
In my opinion, there is a vast difference between what a user "thinks" they need to do their job and what they actually need. Just like any other part of the company you need some gatekeeper for cost control and to make sure that purchases don't overlap. If every user could pick what they needed to get their job done I'm sure you'd see a lot more Quad cores being ordered with SLI video cards. Not because the user thought they needed them, but because they were more expensive so it must be better for them.
If you were in a technology company this might be different because in theory the users would be more knowledgeable about tech products. However in most companies I would guess the users don't know the difference between XP Home and XP Professional, so how can they pick what they need?
I bet if they opened up their source code someone would be nice enough to look it over and tell them what they find. Too bad they're closed source. Oh well.
Slashdot Mirror
First, do you have a decent relationship with your former company? If so, good, reach out to someone there who might be able to get you authorization to contribute them back to the project Second, if they won't or if you can't, reach out to the project and at least notify them of the bugs and I would assume you can provide the details of where they are located. You're already providing more than a bug report at that point which helps them more than nothing at all. Third, work with another person to develop a clean-room patch so it isn't your exact work and therefore not your former company's work product.
Taking your analogy a bit further..... While you may have a more secure door without the lock, you also have what is commonly referred to as a wall. Without a way to use the door it is no longer serving it's intended purpose. The most secure computer is one that is not on a network and cannot be physically accessed. Once you actually need to access it you are now weighing the tradeoff between usability and security. The picture password is intended to provide a way for users who wouldn't otherwise protect their device with a low impact way of doing so.
The question was asked as "should the BES be in the U.S. or the foreign country." Given those two options the better place would be the U.S. since the OP was concerned about the foreign country to begin with. Your point about the physical access is correct, however if you have encrypted mail stores and you encrypt the handheld you could conceivably create quite a headache for anyone who even has access the physical box or the handheld (assuming you didn't remote wipe it anyway).
BES should be in the US, the data will flow through the foreign carrier but it will be encrypted. So unless you are a high value target, I don't think they'll spend the resources to decrypt that data. It would take a little while.
They allowed access to the encrypted BBM (If you aren't using your corp encryption key) and I think BIS (POP3/IMAP). They have stated that any country wanting access to corp BES data could not be accommodated since they each use their own private keys.
First of all, there's a common misconception amongst a lot of people that BlackBerries require BES, they do not, BlackBerries can hook directly into ActiveSync just like other smartphones without a BES.
I believe the Blackberry BIS service only supports Outlook Web Access (Not true ActiveSync), there are third party apps for ActiveSync but from my research they are a bit cumbersome to use.
Why people want to continue going down the BES route is a mystery
Well I know one reason I moved to a Blackberry and BES was that ActiveSync didn't handle notes. Additionally the iPhone didn't handle tasks. I don't know if any Andoid based devices do but none did when I was looking in January of this year.
We tried all three of those trust methods. None of them worked. It boiled down to a different internal domain name vs external domain name. Both were in the cert, the pre tried to use the first one instead of the one specified in the connection setup.
There seems to be many people having issues with s self signed SSL certificates on Exchange. The phone requires you to load the certificate and "trust" it before you can connect. It doesn't allow for you to "trust" it inline with the EAS setup (ala Windows Mobile and iPhone). If you get past that, and you are running a standard SBS sever which by default creates a self signed cert with CNs for the private AD host name, the public dns host name and some SBS specific websites (companyweb and others). The pre supports multiple CN certificates, but it seems from some early research I did with a friend who just picked one up, that it uses the 1st CN to create the SSL connection (or verify the root ca) instead of the server url the user entered in the setup. Since many small shops don't use their public domain name as their AD domain name there seem to be many people having an issue.
Also, the error message it provides is not very helpful and is generic "SSL certificate error. Is the date and time correct"
Thankfully my friend's company happened to own the domain they used for the internal AD as well and since he is the admin he just added in the DNS records for it. It then worked as designed.
Thank you for your input, we already block incoming and outgoing traffic on port 445. I was more specifically looking for information on blocking the control communications of the worm. Sorry for not being more clear.
Thanks again.
I was looking for information on this last night and wasn't able to find much.
Is there a way (on a ASA/PIX specifically) to block the outbound connections made by this worm so that you can contain the traffic to the local network and also log the hosts that are infected?
The only thing I found was someone making reference to blocking http://ipaddr/search?q= requests but I couldn't find any backup for that claim. TIA
And here we were all along bashing the iPhone for not including MMS.
:)
I guess maybe they were right
If you are talking about the US, there is no law I am aware of that REQUIRES the carrier to unlock the phone after the contract has been fulfilled. AT&T has a 90 day policy where they will provide the unlock code for customers in good standing that need the code (traveling overseas), but the iPhone is specifically exempt from that.
The closest thing we have in the US to a requirement is that the copyright office ruled that unlocking phones is not against the law.
Looks good except they aren't including the mobile, so no BES :(
Unfortunately, mobile is no longer a luxury for most people. Heck, even RIM is giving away BES free for one user.
So close.
The BES can be had for free now if you need one or cheap if you need less then 3 or 5 users.
Zimbra mobile is not the same as BES, they cannot be interchanged. While zimbra mobile will give you access to your email and everything it is not the native wireless sync that BES offers. Also, a BES will allow you to remotely wipe a lost/stolen BB and control policy enforcement. If you deal with small companies that are regulated (financial or medical) this is a requirement, not a luxury.
SBS also comes in fairly cheap for low user counts, actually somewhere in line with Zimbra. I'm all for open source and use/promote it when possible. But you can't take the approach that it is the solutions to life's ills when the closed source competition has a compelling counter offer. The best part about open source (free as in speech) doesn't really matter to small companies too much, and since this isn't free as in beer we can really do an apples to apples on price alone.
And since you brought up Google, they don't have a task or notes option to sync with either, so you are only getting calendar and contacts.
One issue I've had with Zimbra is that for very small companies (<10 uers say) the costs are pretty high for the network edition. Surprisingly most small companies actually require some of the features only found in the network edition like BES interop. Its common to have a few BB's in a small company these days.
Users have always used it in their last job and don't care about learning a new system just because it's "better." To most users "better" is defined as them having to not learn something new.
Most small businesses I deal with don't really need or want Exchange/Notes/Zimbra, but what they do need is an Outlook type app that can get to whatever email system they want. The big problem is and always has been that most third party hardware won't sync with much else besides outlook. Take a look at Blackberries which most every small business owner is using. You can sync to Outlook, Yahoo, Groupwise or Notes. Since most users are familiar with Outlook that is what they want. The could care less what is running on the backend.
I've taken a look at Zimbra for some clients but the issue there is price yet again. For a small company (5 users) you're looking at over $1000 for licensing that can be used with the Blackberry and outlook plus the cost of outlook. At that price you might as well put them on Exchange SBS and not worry about the BES connecter for Zimbra. Plus, now with MS looking at Yahoo who knows what is coming down the road for Zimbra (Owned by Yahoo). Since MS has started offering Outlook as a seperate license I have been offering that as an options to clients with OpenOffice, but most choose to just get Office since the OEM license is about $250 and the Outlook license is $100.
I really think Zimbra would be a great app if they would just rethink the pricing structure for <10 users. Maybe allow the Network Edition for a fixed cost under a certain user count.
In my opinion, there is a vast difference between what a user "thinks" they need to do their job and what they actually need. Just like any other part of the company you need some gatekeeper for cost control and to make sure that purchases don't overlap. If every user could pick what they needed to get their job done I'm sure you'd see a lot more Quad cores being ordered with SLI video cards. Not because the user thought they needed them, but because they were more expensive so it must be better for them.
If you were in a technology company this might be different because in theory the users would be more knowledgeable about tech products. However in most companies I would guess the users don't know the difference between XP Home and XP Professional, so how can they pick what they need?
I bet if they opened up their source code someone would be nice enough to look it over and tell them what they find. Too bad they're closed source. Oh well.
If I had not commented, you sir would get +1 funny from me.
does it blend?
When the White House produces their missing emails, we'll produce ours
That should sufficiently prevent this from becoming law!
Intel pay a company to use Intel exclusively, but Blu-Ray or HD-DVD can?