how-to block ads
SteveI know your IP addressConsultant
Yorba Linda, CA
reply to BlitzenZeus
Re: Security risks of security hyper-awareness
said by BlitzenZeus: Hence backing up your devices.
A while back a journalist got hacked, and what did they do? They remote wiped all his idevices...
For me it turns out this is unusually easy: I listen to audiocourses all the time, so I connect my iPhone to my PC a coupla times a week to update my content, so I usually run a backup at the same time. When I got my new iPhone, I was restored to within the last 2 or 3 days: I'm lucky that my personal habits aligned with best practices.
But they don't always.
For exercise, I take power walks in the hills near my house, some of them quite strenuous, and I have a killer exercise app that runs on my phone. Tracks my progress with GPS, alerts, etc. Love it.
But the auto-lock was making me crazy when I was out on a walk: I'd look down to see how I was doing and would have to unlock it, all while huffing and puffing. So I turned off the PIN code and the auto-lock. This is a terrible idea, of course, but since I really don't have anything really sensitive on the device (on purpose), and since I never let it out of my sight, I figured it wouldn't be so bad. Oops.
It turns out I had just discovered a feature of my walking app that disables the auto-lock while there was route in progress, which does *exactly* what I want, but I had not re-enabled all that stuff yet.
On the new phone, I now have all the security features enabled: auto-lock, a PIN code, and find-my-phone. Since I now know that backing up is something I actually do, I enabled the wipe-on-10-wrong-PINs feature.
Live and learn.
Stephen J. Friedl | Unix Wizard | Security Consultant | Orange County, California USA | my web site
I did something similar with my phone, except rather than disabling lock (it's easy to unlock, just slide the display up) I disabled password protection on it. Even with the keyboard, it got annoying to keep entering the password. (And it's connected to my company email. Go me.)
Luckily I had it with me the day someone broke into my house and swiped my personal laptop, which, being my personal laptop and not containing any truly sensitive info, was not encrypted. It was protected only by a Windows (XP) password and a power-on password. It was also in sleep mode when it was taken. Much like your phone, I didn't even have anything running on it that I could use to locate it remotely.
Think Outside the Fox.