Lessons for Facebook

Stop the charade. Nearly all instances of user information and content are essentially public. Many users have an understanding of privacy and control not reflected by the findings of this series and others. Either take necessary action to address these issues, or drop illusory privacy controls.

Talk to developers. Several resources exist for helping developers get started on the Platform, but Facebook has published much less content reminding developers of security precautions. If you associate your brand with third-party code, you have a reponsibility to help ensure the safety of that code.

Truly verify applications. The current Verified Applications program apparently does not address basic security flaws. Also, while opening the floodgates to any application has benefits, it also poses serious risks that may justify putting a few limits or checks in place.

Limit application access. While it’s encouraging to hear that Facebook will be adding granular access controls in response to the Canadian Privacy Commissioner, it’s disheartening that such steps took so long and are still nearly a year off from full implementation.

Take clickjacking seriously. This series has only begun to demonstrate the implications of clickjacking. Single-click authorization of applications, even when one exempts from the Platform, only adds to the danger of clickjacking on Facebook pages.

Improve request verification. The Facebook JavaScript API may provide much useful functionality, but it also opens the door to simple API requests with merely a session secret. Other means exist for ensuring that requests come legitimately from an application instead of an attacker.

Distinguish your brand. With the current Facebook Platform, any vulnerability in a third-party application becomes a vulnerability for Facebook. Either users should be able to trust applications to the same degree as Facebook, or Facebook should more clearly distinguish third-party content.

Educate your users. People click applications without a second thought to the risks of rogue applications or possible security problems. Users may seek to share personal information with friends, but fail to realize how that information is used by third-party code.

Lessons for Facebook

Stop the charade. Nearly all instances of user information and content are essentially public. Many users have an understanding of privacy and control not reflected by the findings of this series and others. Either take necessary action to address these issues, or drop illusory privacy controls.

Talk to developers. Several resources exist for helping developers get started on the Platform, but Facebook has published much less content reminding developers of security precautions. If you associate your brand with third-party code, you have a reponsibility to help ensure the safety of that code.

Truly verify applications. The current Verified Applications program apparently does not address basic security flaws. Also, while opening the floodgates to any application has benefits, it also poses serious risks that may justify putting a few limits or checks in place.

Limit application access. While it’s encouraging to hear that Facebook will be adding granular access controls in response to the Canadian Privacy Commissioner, it’s disheartening that such steps took so long and are still nearly a year off from full implementation.

Take clickjacking seriously. This series has only begun to demonstrate the implications of clickjacking. Single-click authorization of applications, even when one exempts from the Platform, only adds to the danger of clickjacking on Facebook pages.

Improve request verification. The Facebook JavaScript API may provide much useful functionality, but it also opens the door to simple API requests with merely a session secret. Other means exist for ensuring that requests come legitimately from an application instead of an attacker.

Distinguish your brand. With the current Facebook Platform, any vulnerability in a third-party application becomes a vulnerability for Facebook. Either users should be able to trust applications to the same degree as Facebook, or Facebook should more clearly distinguish third-party content.

Educate your users. People click applications without a second thought to the risks of rogue applications or possible security problems. Users may seek to share personal information with friends, but fail to realize how that information is used by third-party code.

Lessons for Facebook

Stop the charade. Nearly all instances of user information and content are essentially public. Many users have an understanding of privacy and control not reflected by the findings of this series and others. Either take necessary action to address these issues, or drop illusory privacy controls.

Talk to developers. Several resources exist for helping developers get started on the Platform, but Facebook has published much less content reminding developers of security precautions. If you associate your brand with third-party code, you have a reponsibility to help ensure the safety of that code.

Truly verify applications. The current Verified Applications program apparently does not address basic security flaws. Also, while opening the floodgates to any application has benefits, it also poses serious risks that may justify putting a few limits or checks in place.

Limit application access. While it’s encouraging to hear that Facebook will be adding granular access controls in response to the Canadian Privacy Commissioner, it’s disheartening that such steps took so long and are still nearly a year off from full implementation.

Take clickjacking seriously. This series has only begun to demonstrate the implications of clickjacking. Single-click authorization of applications, even when one exempts from the Platform, only adds to the danger of clickjacking on Facebook pages.

Improve request verification. The Facebook JavaScript API may provide much useful functionality, but it also opens the door to simple API requests with merely a session secret. Other means exist for ensuring that requests come legitimately from an application instead of an attacker.

Distinguish your brand. With the current Facebook Platform, any vulnerability in a third-party application becomes a vulnerability for Facebook. Either users should be able to trust applications to the same degree as Facebook, or Facebook should more clearly distinguish third-party content.

Educate your users. People click applications without a second thought to the risks of rogue applications or possible security problems. Users may seek to share personal information with friends, but fail to realize how that information is used by third-party code.

Windows Mobile 6.5 powers new phones

Microsoft and its partners unveiled a slew of mobile phones that are powered by Windows Mobile 6.5.

Omnia II

They showcased HTC Touch 2, LG GM730 and Samsung Omnia II, which are just some of the phones running the much-awaited operating system.

The software giant christened handsets with WM 6.5 as Windows phones — the name change was because the new OS is supposed to offer the same user experience as using Windows on the PC.

The first thing that users will notice is the new homescreen which is inspired by Microsoft’s Zune media player and an iPhone-like grid of applications to make it easier to select programs.

Users will also see a tighter integration with Microsoft’s Live services and the ability to share photos across social networking websites such as Facebook, Twitter, MySpace and Flickr.

The mobile Internet Explorer also received a makeover — it now resembles its PC counterpart and includes features such as panning and zooming capabilities via finger gestures, auto-complete suggestions and a searchable address bar.

Also, the browser supports Adobe Flash Lite so users can access more multimedia content online.

Another cool feature of WM 6.5 is that users can still access basic features and switch screens even when the phone is locked.

WM 6.5 also comes with a free My Phone service that offers 200MB of storage for users to securely backup data such as contacts and photos online.

Following Apple’s iTunes App Store lead, Microsoft is also introducing a virtual store called Windows Marketplace from which users can buy programs to enhance their phone.

Microsoft said phones running the older Windows Mobile 6.1 operating system can be upgraded to the latest OS but it would be up to the manufacturer to release the update.

Windows Mobile 6.5 powers new phones

Microsoft and its partners unveiled a slew of mobile phones that are powered by Windows Mobile 6.5.

Omnia II

They showcased HTC Touch 2, LG GM730 and Samsung Omnia II, which are just some of the phones running the much-awaited operating system.

The software giant christened handsets with WM 6.5 as Windows phones — the name change was because the new OS is supposed to offer the same user experience as using Windows on the PC.

The first thing that users will notice is the new homescreen which is inspired by Microsoft’s Zune media player and an iPhone-like grid of applications to make it easier to select programs.

Users will also see a tighter integration with Microsoft’s Live services and the ability to share photos across social networking websites such as Facebook, Twitter, MySpace and Flickr.

The mobile Internet Explorer also received a makeover — it now resembles its PC counterpart and includes features such as panning and zooming capabilities via finger gestures, auto-complete suggestions and a searchable address bar.

Also, the browser supports Adobe Flash Lite so users can access more multimedia content online.

Another cool feature of WM 6.5 is that users can still access basic features and switch screens even when the phone is locked.

WM 6.5 also comes with a free My Phone service that offers 200MB of storage for users to securely backup data such as contacts and photos online.

Following Apple’s iTunes App Store lead, Microsoft is also introducing a virtual store called Windows Marketplace from which users can buy programs to enhance their phone.

Microsoft said phones running the older Windows Mobile 6.1 operating system can be upgraded to the latest OS but it would be up to the manufacturer to release the update.

Windows Mobile 6.5 powers new phones

Microsoft and its partners unveiled a slew of mobile phones that are powered by Windows Mobile 6.5.

Omnia II

They showcased HTC Touch 2, LG GM730 and Samsung Omnia II, which are just some of the phones running the much-awaited operating system.

The software giant christened handsets with WM 6.5 as Windows phones — the name change was because the new OS is supposed to offer the same user experience as using Windows on the PC.

The first thing that users will notice is the new homescreen which is inspired by Microsoft’s Zune media player and an iPhone-like grid of applications to make it easier to select programs.

Users will also see a tighter integration with Microsoft’s Live services and the ability to share photos across social networking websites such as Facebook, Twitter, MySpace and Flickr.

The mobile Internet Explorer also received a makeover — it now resembles its PC counterpart and includes features such as panning and zooming capabilities via finger gestures, auto-complete suggestions and a searchable address bar.

Also, the browser supports Adobe Flash Lite so users can access more multimedia content online.

Another cool feature of WM 6.5 is that users can still access basic features and switch screens even when the phone is locked.

WM 6.5 also comes with a free My Phone service that offers 200MB of storage for users to securely backup data such as contacts and photos online.

Following Apple’s iTunes App Store lead, Microsoft is also introducing a virtual store called Windows Marketplace from which users can buy programs to enhance their phone.

Microsoft said phones running the older Windows Mobile 6.1 operating system can be upgraded to the latest OS but it would be up to the manufacturer to release the update.

The reality or the Independent mobility platform

In just 10 years, the wireless smartphone market has gone from virtually nonexistent to becoming a household term worldwide. At the start of the millennium, Research in Motion (RIM) was pretty much the only significant vendor selling what were then called "wireless PDAs." Today, there are no less than six major operating systems for smartphones. Currently, they account for 14 percent of overall mobile device sales, but it is expected that by 2012 they will make up about 37 percent of global handset sales.

Today, scores of smartphones are offered on the market, offering consumers and businesses a wide variety of options for both personal and enterprise needs. However, they have also presented a challenge for organizations looking to deploy enterprise-wide mobile solutions. Given all the device choices, as a business or IT executive, what are you to do?

If you have already embraced mobility for your workforce, great! However, there are a number of new smartphones coming to market at a breakneck pace that enterprises are trying to seamlessly integrate into their strategy. Conversely, many organizations have yet to implement a mobility strategy of any kind because of the daunting number and constantly evolving amount of choices on the market. How can you ensure that your investment is not obsolete by the time you deploy?

Platform is the answer

What's the answer to both scenarios just mentioned? In a word: platform. When planning a mobility strategy, the natural inclination may be to start with one device type and lock into it for simplicity and manageability. But today's hot device could be tomorrow's paperweight. A platform approach to mobility can minimize the dependency on the device by ensuring that new devices and technologies are easily integrated into the mobile solution.

Using a mobility platform, IT does not have to use multiple software tools to manage users and applications across multiple device types. They are freed up to design and deploy the best possible applications without being constrained by device limitations or management and control concerns—today and in the future. Also, because IT can easily manage multiple types of smartphones, business users can choose the appropriate device type for their work profile without overburdening IT resources.

With the ability to adopt anything from a rugged Windows Mobile device for technicians to a BlackBerry for salespeople or an iPhone for management, business units can use whatever devices best suit the job at hand and the unique wants and needs of the users. This freedom of choice will help to drive adoption and increase the usability and effectiveness of the applications on workers' devices.

When an enterprise adopts a mobility platform that supports multiple mobile devices, it provides its employees with unprecedented tools for productivity and efficiency. It also empowers IT to discover and create new applications to maximize mobility from end-to-end.