A few very important updates that need to be applied! Hopefully we’ll get another update here in the next couple months with features instead of security patches!

I can understand Apple’s need to release patches for the Safari App.. afterall, it is a full fledged browser. Can Windows Mobile IE say that? :O

Safari

CVE-ID: CVE-2007-2400

Available for: iPhone v1.0

Impact: Visiting a malicious website may allow cross-site scripting

Description: Safari’s security model prevents JavaScript in remote web pages from modifying pages outside of their domain. A race condition in page updating combined with HTTP redirection may allow JavaScript from one page to modify a redirected page. This could allow cookies and pages to be read or arbitrarily modified. This update addresses the issue by correcting access control to window properties. Credit to Lawrence Lai, Stan Switzer, and Ed Rowe of Adobe Systems, Inc. for reporting this issue.

Safari

CVE-ID: CVE-2007-3944

Available for: iPhone v1.0

Impact: Viewing a maliciously crafted web page may lead to arbitrary code execution

Description: Heap buffer overflows exist in the Perl Compatible Regular Expressions (PCRE) library used by the JavaScript engine in Safari. By enticing a user to visit a maliciously crafted web page, an attacker may trigger the issue, which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller and Jake Honoroff of Independent Security Evaluators for reporting these issues.

WebCore

CVE-ID: CVE-2007-2401

Available for: iPhone v1.0

Impact: Visiting a malicious website may allow cross-site requests

Description: An HTTP injection issue exists in XMLHttpRequest when serializing headers into an HTTP request. By enticing a user to visit a maliciously crafted web page, an attacker could trigger a cross-site scripting issue. This update addresses the issue by performing additional validation of header parameters. Credit to Richard Moore of Westpoint Ltd. for reporting this issue.

WebKit

CVE-ID: CVE-2007-3742

Available for: iPhone v1.0

Impact: Look-alike characters in a URL could be used to masquerade a website

Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This update addresses the issue by through an improved domain name validity check.

WebKit

CVE-ID: CVE-2007-2399

Available for: iPhone v1.0

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: An invalid type conversion when rendering frame sets could lead to memory corruption. Visiting a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution. Credit to Rhys Kidd of Westnet for reporting this issue.

HP Proliant Support Pack 7.90 has been released.

Release notes at ftp://ftp.compaq.com/pub/softlib2/software1/doc/p965968887/v41223/psp-7.90.w2k3.i386.txt.

I’ve found 7.80 and 7.40 to both be very stable.

New versions fixes a number of vulnerabilities, and updates the storage and networking drivers.

Should be good stuff.  Let me know if you find out otherwise!

Source: http://support.intel.com/support/wireless/wlan/sb/CS-024509.htm

Great information from Intel!  If you live on wireless from your notebook on Vista like I do, I bet this will help….

After many trial and error runs, I’ve finally been able to reduce my fully updated Windows XP SP2 Virtual Machine to a rather lean 802 MB (uncompressed) 276 MB (compressed). WOW!!

 In order to get the XP VM at a reasonable size, follow these steps:
*You must be using a Dynamically Expanding VHD, I’ve not tested the other formats VPC supports!

1. Clean your VM by removing all unnecessary programs/documents.
2. Defrag your drive, use Dave Whitney’s Defrag Utility (no need to install anything!) It works 10X better than Windows bulit-in defrag utility by completely evacuating files and then replacing them.
3. Run a disk Pre-Compactor program, if using Virtual PC, mount the included Pre-Compactor under “Virtual Machine Additions” in the Virtual PC install directory. Immediately shut down the VM.
4. Load the Virtual Disk Wizard and select “Edit an existing virtual disk”, enter the location of your vhd file and select “Compact It” then “Replacing the original file”.
5. Watch your vhd file shrink like crazy!

This entire process could literally take a couple hours to 10 minutes, depending on the size of your vhd.

 Tips:

• To reduce the size of your vhd, turn off the paging file temporarily, then defrag. Try leaving the paging file off for now, you can always turn it back on. This freed up 500MB of space, I’ll turn it back on later, XP will tell me it needs it when it needs it!
• Don’t just defrag once, it took me 4 defrags to get my vhd to the size it is at…
• Remove XP’s default loaded games, they take up 13 MB.
• Only use Windows defrag utility to view a graph of your drive to check for fragmented files. You should see a solid blue bar followed by a solid green bar. The Windows defrag utility works, but not good enough!

**UPDATE**

“What does the pre-compactor do for the VHD?”

To understand how the pre-compactor works, you need to understand how a standard hard drive works!

When a hard drive saves data to the disk, it attempts to place all the data in a contiguous form. If data is deleted, that leaves a blank hole on the disk where data used to be stored. Now, for example, you install a program that takes up a large portion of your hard disk, the hard drive will fill in data where you previously deleted thus the new data will be fragmented or scattered throughout the various holes on the disk!

In a typical hard drive, when data is deleted the hard drive “un-links” the data from the OS so you cannot access it, but it is technically still written on the hard drive until it is overwritten by new data. This is why there are data recovery specialist in the world!

The same is true in a virtual environment! Since your virtual hard disk is continuously expanding, it sees this “un-linked” data as good data and keeps it stored in the VHD file which is really just wasted space! The pre-compactor program finds these data chunks and permanently deletes them by writing zeros in place of that data. The VHD compactor is able to then remove zero-ed data from your VHD file, thus reducing the size of the VHD!

“What is the whole purpose of compacting your VHD??”

Well, it really depends on what you’re doing with your Virtual Machine! It all boils down to efficiency when sending the VHD across

In our environment, we use VPC as a testing tool. When we need a fresh install of XP to test a new solution we grab our VHD from the network, load it in VM, and test away.

Unfortunately, installing a fresh XP each time you want to test takes a little while… It is far more efficient to stage a fresh XP and store it on the network, to be downloaded whenever needed. Changes can be made on an “Undo Disk”, which is a great feature of VPC 2007, thereby always maintaining a fresh XP VHD!

I hope Apple doesn’t leave the iPhone this way.  It’s too important for IT people to know the phones with their corporate data are safe. You only have to look at CNN any given week to see all the ways that corporate data ends up leaving the office and becomes susceptible.

IMAP is *NOT* a long term solution for Corporate America.  Its fine for your home email, but not your work.

If you do use IMAP with your iPhone, make sure its at least IMAP/SSL.  This is supported with Exchange 2003 and Exchange 2007.

One employee in our office got the iPhone the day it came out, without any warning to us IT folks ;), and we had to open IMAP/SSL for him.  It’s working fine for him, but lack of push or calendaring is limiting, but its better than nothing.

There has been a lot of speculation about the iPhone and its abilities to connect to Microsoft Exchange Server. For instance, Wall Street Journal columnist Walt Mossberg mentions in his June 26 All Things Digital column that, “It [the iPhone] can also handle corporate email using Microsoft’s Exchange system, if your IT department cooperates by enabling a setting on the server.”

Technically this is correct, as today iPhone users can connect to Microsoft Exchange using IMAP.  There are, however, some significant differences in the mobile device experience and IT professional capabilities supported by IMAP on the iPhone and those enabled by Exchange ActiveSync (EAS) for compatible devices.  EAS is a protocol that provides rich messaging experiences for over 200 different smartphones right out of the box.  These smartphones include Windows Mobile devices as well as phones from a broad range of 3^rd parties including Helio, Motorola, Nokia, Palm, Sony Ericsson and others.

Comparing IMAP and EAS at a high level: IMAP provides an adequate mobile email experience (but is subject to some important limitations), whereas EAS provides a more secure, complete companion experience to Outlook and Outlook Web Access (OWA) for the mobile device.  To better understand this comparison, let’s look at IMAP on the iPhone and EAS in a bit more detail from several perspectives:

1. Mobile email
2. The mobile experience beyond email
3. Security

IMAP enables an adequate mobile email experience; EAS enables the additional pieces that make mobile email great

Both IMAP and EAS give the mobile client the capability to read email with rich html formatting, and view their inbox as well as subfolders of their inbox and reply/reply-all/forward/compose email (technically, the iPhone uses SMTP to send email.  SMTP for outbound email is configured along during IMAP/Exchange account setup on the device).

EAS also supports capabilities for:

• Direct Push, which provides an up-to-date messaging experience designed for mobile networks
• Email flagging to improve the triage experience on the device
• AutoDiscover to simplify the process of setting up a new device over-the-air
• Server-side logic to preserve the formatting of rich email on reply/forward if the mobile client doesn’t support rich html editing (most don’t)
• Numerous bandwidth optimizations to reduce data charges and improve battery life

EAS enables a rich collaboration experience beyond email

A significant part of the Exchange user experience goes beyond email.  The IMAP protocol only supports email.  EAS is designed to enable a great over-the-air companion experience to Outlook and OWA and supports many facets of Exchange beyond email, including:

• Contact synchronization - view, create and update contacts
• Calendar synchronization - view, create & update appointments, schedule meetings, and accept/decline/propose new time for meeting requests
• Global Address List (GAL) lookup - look-up users in your corporate directory
• Tasks synchronization
• Out-of-office (OOF) email responses - turn on/off and change the OOF message directly from your mobile phone
• Access to documents stored in Sharepoint document libraries and UNC shares
• Search your entire mailbox on the server regardless of what’s cached on the mobile phone
• Allowing users to manage their mobile device(s) using OWA - see device activity, help retrieve forgotten PIN, remotely wipe lost device, etc

EAS and IMAP both secure data on the network; EAS also protects data once it’s on the device

From an IT department’s perspective, this is a highly important distinction between IMAP and EAS.

Both IMAP and EAS allow IT to ensure data and credentials are protected on the network by encrypting them via SSL.

Many IT departments require support for additional security measures to protect data on the device as well (not just over the network) to guard against loss or theft before they are willing to let users connect to Exchange from the Internet using a given protocol.  Only EAS addresses this requirement by enabling IT to implement and enforce security policies that protect the data once it’s on the device. There are a number of these policies supported by EAS today and we continue to add more, some key examples are:

• Requiring a PIN lock on the device
  • IT also has a number of controls dictating the strength of the PIN, timeout, etc. as well as the ability to recover forgotten PINs
• Local and Remote Wipe
  • IT can require that the device erases all data (including data on the SD card) in the event that (1) the PIN is incorrectly entered an IT-specified number of times or (2) IT or the user issues a remote wipe command from the admin console or OWA.
• Blocking attachment download to the device
• Limiting which Sharepoint libraries / UNC shares the user can access

Because IMAP does not support these security policies, many IT departments have decided not to enable mobile device (or any Internet client) access to email via IMAP. EAS on the other hand is seeing increasingly broad adoption by IT departments.

Summary

Microsoft Exchange does have IMAP support that provides for an adequate email experience. The iPhone can access email via IMAP if the IT department has enabled IMAP connectivity for users.  However, IMAP has limitations from both an IT and user standpoint with respect to security and richness of experience that prevent it from being a complete solution for mobile device access to Microsoft Exchange.

Exchange ActiveSync on the other hand provides a very rich email and collaboration experience for end-users as well as support for the important security measures needed for IT.

Feature

Exchange ActiveSync

IMAP4

IMAP client for iPhone

Email

Push Email

Yes

Yes (through IDLE command)

No – pull email only

HTML email formatting

Yes

Yes

Yes

Attachment download

Yes

Yes

Yes (view only)

Search

Yes

Yes

No

Calendar

Calendar Sync

Yes

No

No

Accept/Decline meeting requests

Yes

No

No

Contacts

Contact Sync

Yes

No

No

Global Address List (GAL) lookup

Yes

No

No

Tasks

Task Sync

Yes

No

No

Out of Office

Out-of-office (OOF) email settings

Yes

No

No

Document Access

Fileshare (SMB) and/or Sharepoint Document Library Access

Yes

No

No

Security

Enforce security policies to protect data on device

Yes

No

No

* All were tested using Exchange Server 2007

- Paul Limont

Mobile Device Connectivity to Exchange using IMAP vs Exchange ActiveSync