Paul,
yes "click fatigue/click cluelesness" is an issue but the dialog box
does provide one more potential barrier to a successful attack.
By the way there is a wwwcast series on mobile device security over the
next 5 weeks that is sponsored by sybase/ianywhere. The speaker in the
first wwwcast, Jack Gold, actually specifically mentions Nokia devices.
For those interested, below are the urls to the wwwcast series.
Compliance in the Mobile Enterprise (featuring J. Gold Associates)
Date: Thursday, February 22, 2007
Time: 10 am Eastern time - 3 pm UK time - 16 Uhr German time and
2 pm Eastern time - 7 pm UK time - 20 Uhr German time
At the time of the 10 am Eastern time - 3 pm UK time - 16 Uhr German
time webinar, please click on the following URL:
https://www.livemeeting.com/cc/sybase/join?id=JMDK7M&role=attend&pw=Compliance
At the time of the 2 pm Eastern time - 7 pm UK time - 20 Uhr German
time webinar, please click on the following URL:
https://www.livemeeting.com/cc/sybase/join?id=NB9PW3&role=attend&pw=Compliance
Audio Access information is below.
________________________________________
Managed Security -- The Key to a Comprehensive Mobile Security Strategy
Date: Thursday, March 1, 2007
Time: 10 am Eastern time - 3 pm UK time - 16 Uhr German time and
2 pm Eastern time - 7 pm UK time - 20 Uhr German time
At the time of the 10 am Eastern time - 3 pm UK time - 16 Uhr German
time webinar, please click on the following URL:
https://www.livemeeting.com/cc/sybase/join?id=J44HNQ&role=attend&pw=Security
At the time of the 2 pm Eastern time - 7 pm UK time - 20 Uhr German
time webinar, please click on the following URL:
https://www.livemeeting.com/cc/sybase/join?id=MDZ3F6&role=attend&pw=Security
Audio Access information is below.
________________________________________
Securing Handheld Devices, Data and Applications
Date: Thursday, March 8, 2007
Time: 10 am Eastern time - 3 pm UK time - 16 Uhr German time and
2 pm Eastern time - 7 pm UK time - 20 Uhr German time
At the time of the 10 am Eastern time - 3 pm UK time - 16 Uhr German
time webinar, please click on the following URL:
https://www.livemeeting.com/cc/sybase/join?id=78T32S&role=attend&pw=Handheld
At the time of the 2 pm Eastern time - 7 pm UK time - 20 Uhr German
time webinar, please click on the following URL:
https://www.livemeeting.com/cc/sybase/join?id=D3C4PX&role=attend&pw=Handheld
Audio Access information is below.
________________________________________
Encryption and Security Strategies for Laptops
Date: Thursday, March 15, 2007
Time: 10 am Eastern time - 3 pm UK time - 16 Uhr German time and
2 pm Eastern time - 7 pm UK time - 20 Uhr German time
At the time of the 10 am Eastern time - 3 pm UK time - 16 Uhr German
time webinar, please click on the following URL:
https://www.livemeeting.com/cc/sybase/join?id=6XK6RF&role=attend&pw=Laptop
At the time of the 2 pm Eastern time - 7 pm UK time - 20 Uhr German
time webinar, please click on the following URL:
https://www.livemeeting.com/cc/sybase/join?id=KWC4TK&role=attend&pw=Laptop
Audio Access information is below.
________________________________________
Secure Wireless Email -- Top Considerations
Date: Thursday, March 22, 2007
Time: 10 am Eastern time - 3 pm UK time - 16 Uhr German time and
2 pm Eastern time - 7 pm UK time - 20 Uhr German time
At the time of the 10 am Eastern time - 3 pm UK time - 16 Uhr German
time webinar, please click on the following URL:
https://www.livemeeting.com/cc/sybase/join?id=4CG6WS&role=attend&pw=Email
At the time of the 2 pm Eastern time - 7 pm UK time - 20 Uhr German
time webinar, please click on the following URL:
https://www.livemeeting.com/cc/sybase/join?id=Z8CW4N&role=attend&pw=Email
Audio Access information is below.
________________________________________
Best Regards,
John Holmblad
Paul Brook wrote:
by way of example, my PC has a firewall (Symantec) that does outbound
filtering. I appreciate the fact that when I launch an application for
which I have not previously provided authorization to access the
Internet (defined here as an IP range beyond my LAN subnet), the
firewall warns me before allowing the connection to take place and lets
me decide whether to block, allow this one time, or allow permanently
the access. With this kind of protection on devices such as the N800,
it is more likely that the outbound filter will also catch a silent
rogue app that, by some means, has gotten installed on the device.(these
days typically by a user being socially engineered to do something that
they should not do).
I think you're over-estimating the knowhow and patience of an "average user".
In my experience this kind of warning triggers sufficiently often on a
sufficiently wide range of applications that most users either disable it or
automatically click yes without even reading it properly.
The sort of person that pays attention to this sort of firewall is also the
sort of person that probably knows better than to install untrusted software
on their machine.
Outgoing firewalls aren't totally useless, but IMHO they're greatly overrated.
Paul
_______________________________________________
maemo-developers mailing list
[email protected]
https://maemo.org/mailman/listinfo/maemo-developers
