Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

How a Tablet Changed My Life

Published: 2010-12-08
Last Updated: 2010-12-08 02:32:30 UTC
by Rob VandenBrink (Version: 1)
10 comment(s)

Ok, so maybe the title is a bit extreme, but I've had this tablet for a few months and I've started noticing that it's changing things up for me.

First of all, books are WAY simpler.  I pretty much expected this, it's why I bought the thing in the first place.  The first thing I did once i got the tablet was get electronic copies of almost every book I own.  Fiction, Reference, Non-fiction, books for work, everything.  So now if I travel, there's no need to choose what to bring.  If I'm at work, and find myself saying - "if only I had Cricket Liu's "DNS and Bind" book, I could explain it to my customer and give them a good citation (page number etc)", no problem, it's there.

If I'm building something that I haven't done before, like the FCOE switches that I'm working on this week, I'm not alt-tabbing to the vendor documentation, I have the book / vendor web page / whatever open to the right page, and it's right there.

The best part of having a tablet is that it's not a computer.  Sure, it has a browser and everything, but the form factor makes it fundamentally different.  If my wife and I are watching TV, a laptop has that screen popped up that says "don't talk to me" - a tablet sits in my lap and is generally way less obtrusive than any laptop, it has a lower profile than lots of hardcover books in fact.  Using a tablet instead of a laptop has done a fair bit for marital harmony on that front ....

But it's enough of a computer to do some useful things.  I wrote all of my study notes for SEC542 on this thing, and it was just as easy in Docs2Go as in Excel, which I normally use for notes of this type.  The nice thing is that when I was done, it IS in Excel.  Picking the right apps makes your data portable.  Picking the wrong apps puts your data in "data jail", it'll never leave the tablet - this is really something to consider before deciding on any new app.

There seems to be lots of effort to turn data into "prisoners of the tablet" with proprietary file formats, or prisoners of one vendor or another's e-reader software.  It's just too easy to browse to a book vendor, click the book and have it a minute later.  The problem is, moving that book to a different tablet might be easy, or it might be a real pain when the time comes later.   I've been trying to keep as many of my books as possible in portable formats - in my case, PDF and ePub formats.  Formats where I have a choice in the application that reads them, that are easily portable to my laptop or a different tablet or different OS.  Especially for reference books, a search function is a real help - this isn't always there on "captive" reader applications.

On a different topic, I'm seeing that people (not me so far I hope) are a lot less lax on security once they get a tablet. 

Open access points seem to be fair game for a lot of people now - if there's an open AP, then it's seen as free, fast internet and away they go.  I dropped a 3G card into mine - I find that this is pretty cheap, and while not as fast as a lot of home DSL or cable uplinks, it's always there.  If I'm pulled over on the side of the road, no problem.  If I'm at a client site, I don't need keys or certs to get online.  There's a lot of risk in using someone else's open AP - not only is it illegal, it's pretty easy to set up an "evil" AP, often to harvest credentials or credit card info.

I invested in a tiny little access point (yes, also from Apple, sorry - Linksys stopped making theirs).  This now travels with me as well.   If I'm at a client site with secure wireless (ie - I can't use it), I can generally plug in my trusty AP and get the tablet (and phone and laptop for that matter) online through their ethernet for a faster connection.

For some reason, people don't seem to care as much about their passwords on a tablet as they otherwise would.  They can be in the middle of something totally unrelated, a window will pop up asking for their iTunes password, and they'll just key it in, no questions asked.  We had a spirited discussion at the ISC's secret conference room last week about this.  I think the consensus was that it'd be pretty simple to embed and hide a password harvester that takes advantage of this behaviour into an app, and that as long as you didn't get too greedy or obvious, it'd probably slide right past any check anyone would want to do.  If you have information that might indicate otherwise, we'd be really interested in your input - please use the comment form for this.

I'm also not really keen on how most passwords on this device echo back to me - - only one character at a time, but still pretty easy to shoulder-surf.

Credit card security likewise seems to have fallen by the wayside a bit.  People get really used to a embedding their credit card info into every music and book vendor they deal with.  I'm guilty of this - frankly it's tough anymore to keep track of just who's got my credit card info (I keep a file, but still get surprised every now and then).  People also are used to having LOTS of small transactions on their monthly bill.  When my statement comes, how certain am I all that each and every one of those $2, $3 and $10 charge are legit, and their mine?  Me, not so much.  I get an email confirmation for every CC and Paypal transaction I make, but do I add them all up and check against my monthly bill?  Ummm .. sometimes?  Really, life is too busy to do this most months.

On the topic of enterprise use, so far I've taken care to not store customer or other confidential info on my tablet, until I've got the time to do a thorough review of risk, proper controls and mitigations.  I've been told that the Apple iPad Security overview ( http://images.apple.com/ipad/business/pdf/iPad_Security_Overview.pdf) is pretty good, but haven't had the time to review it myself yet.  There may be an equivalent or better Android doc, or better IOS guidance.  If anyone has further info on this topic please use the comment form.

How have you seen that tablets have changed your life at work or at home? 
Do these changes have a security-related story behind them?
Please, share your experiences - I for one am really interested in how these things are changing how we work / play / whatever. 

Not to mention that killer app that'll make the tablet that much more useful ...

 

=============== Rob VandenBrink,  Metafore ====================

Keywords: tablet security
10 comment(s)
Diary Archives