Agility Loop

Saw a couple of posts throughout the Blackberry blogosphere in relation to a product called Cellcrypt that was presented at this past WES.  Cellcrypt enables users to make secure phone calls on their Blackberry.  The calls are encrypted using AES and the product is currently undergoing FIPS 140-2 certification. I took a quick look at the tech overview on their website.  To oversimplify, Cellcrypt is essentially SSL for voice on a mobile platform.  When the client is installed, a key is generated for that phone so a key doesn't have to be installed.  Although this is certainly convenient, I wonder if it is possible to import a key or even use a smart card?  This would make this an even better solution for enterprises like DoD who already have a robust PKI. I can envision that if this works as advertised, that an enterprise could stand up the solution for their "important" mobile users.  It is not clear how the address book is managed, but as long as this is robust, why couldn't a place like DoD roll this out for the enterprise and their DoD users? Lastly, it is solutions like this that have to make you re-consider the viability of the SME-PED and other such custom secure devices.  Yes, the crypto on these devices is likely a bit more robust (and secret), but who is to say that a chip couldn't be swapped in a commercial Blackberry to enable the higher level security?  Even more so, is a solution like Cellcrypt good enough for a lot of the transactions a govt agency uses?  SSL is relied on constantly. Anyhow, love to see some more geeky details on this product.  Definitely has promise!

It feels like it is a bit of a necessity for every blog to post some lists of some sort.  I'd love to say that we are different. However, we are not (or at least I'm not). The corporate world is flooded with Blackberries...in fact they rule that roost.  However, over the past couple of years I have noticed that more of my personal friends have the privilege of carrying around the Blackberry ball and chain.  This is either because they have bought one personally, or they are now in the ever lovely middle manager role. What irks me somewhat is that the Blackberry can do so much more than just be a phone/email device.  Like the iPhone, there are other apps that provide some utility.   Granted, there are certainly not quite as many applications...but who needs 25 fart applications?  So I assembled a list of  FREE applications that I have found useful in my years of Blackberry use. BUT, first and foremost I recommend that you upgrade your Blackberry to the latest Operating System.  V4.5 is an especially BIG improvement for older devices (Curve, Pearl).   Blackberry has an update page dedicated to updating your device (Internet Explorer required). Viigo Viigo describes itself as a great way to "stay current with what's going on in your world".  I couldn't agree more.  I would say this is my most used application and it still amazes me that is free.  It allows users to read RSS news feeds, show the weather for multiple cities, track your flight itinerary including delays & flight times, sports scores for every sport you can think of, stock prices, and even movie times.  What's more is that it runs in the background so it pulls data throughout the day.  I find that this app is especially useful when you do not have connectivity to the network (plane, elevator, bathroom).

Read the rest of this post »

I have been a Blackberry user for some time now.  On of the reasons that I first received a Blackberry was to start testing the security of the device.  Years ago, when DoD was first rolling out PKI, secure email (S/MIME) was the killer app.  Although it took some working with Microsoft and the other email vendors to get proper S/MIME support (don't get me started about Lotus Notes though...still have nightmares on that one), we eventually got most of the kinks ironed out.  The next frontier we wanted to tackle was mobile devices, and Blackberry was a logical choice.  At first we started with just getting S/MIME support.  RIM actually was a ahead of the ball on this one and fairly quickly released a package for their devices (granted I think it was $150-200 at first...it is now a free download). However, the device itself had some security holes that needed to be filled.  DoD has continued to test and verify the security of the Blackberry and has worked closely with RIM to release a Secure Technical Implementation Guide (STIG) for Blackberries and other devices.  The STIG walks administrators through the entire Blackberry meta-system to ensure security for the BES and the device itself.  A new version of the Blackberry STIG was released in Feb 2009 and applies to any enterprise using Blackberries, not just DoD. I also ran across a GCN webcast entitled "Best Practices for Hardening your Agencys BlackBerry Wireless Platform".  I haven't actually watched it and it is probably trying to sell something, but probably worth a quick glance (and if you do watch it and it has value please comment on this post).