I’ve often referred to sanctimonious information technology people who say outlandish things at conferences or in news articles as “talking beards”. This is based on having the Dilbert cartoon below hanging in my cubicle for years. James Lipton’s role in new public service announcements (PSA’s) on texting (text messaging) for teenagers gives the concept a whole new meaning. The campaign “Before you text, give it a ponder”, which features videos with Lipton of Inside the Actors Studio loaning his trademark beard to teenagers so that its magical properties of forethought can be temporarily bestowed on them, effectively uses humor to combat the problems of sexting and cyber-bullying.

The fundamental idea of the campaign is that there is a demographic within teenagers and pre-teens that are “bystanders” in the negative behavior exhibited using mobile phones. This more passive (as it relates to negative mobile phone behaviors) group enables bad behavior through reactionary propagation of messages, but potentially would not if they briefly considered the downstream effect of their actions. LG Mobile Phones seeks to reach them with a social responsibility campaign relying on humor.

Here's a nickel kid...

A Broader Campaign

The campaign is another early part of a multi-year continued effort sponsored by LG Electronics MobileComm U.S.A., Inc. (LG Mobile Phones) and created by Young & Rubicam, Inc. (a marketing and communications company) to combat mobile phone misuse and risky behavior. After conducting focus group style interviews with teenagers, LG determined that an awareness initiative based on a heavy handed approach would be largely ineffective, and decided a campaign based on humorous takes of real life situations would resonate better with this audience.

Further they identified that opposed to the conventional wisdom that this behavior is in essence bullies seeking out weaker victims in the digital age, that the group actually most likely to engage in negative behavior is a demographic identified as “tabloid teens”. These are teenagers who are part of a social circle that trade in gossip as a form of social currency and are as a result both the highest level perpetrators and victims of negative mobile phone behavior. LG has instead focused the campaign on a demographic of teens who are bystanders, persons who are enabling the negative behaviors but only in a passive or reactionary way (those who spread messages but do not create or target them).

Quick Statistics

The Usage:

• Today, approximately 79% of all teens (17 million) have a mobile device – a 36% increase since 2005.
• Teens are a huge consumer market segment and spend more than $100 billion annually.
• 57% of teens view a cell phone as key to their social life. 80% say their cell phone provides a sense of security.
• The average teen sends and receives 1,700 text messages a month. Across the country they’re sending 20,000 texts every second.

The Downside:

• 1 in 5 teens has received a naked picture on their mobile devices, referred to as sexting.
• 50% of youths said they’ve been the victim of some form of digital abuse.
• 22% of respondents indicated they’d been the target of lies spread through digital media.
• 8% of respondents indicated they’d been threatened with some form of digital blackmail.

The Video PSA’s

Locker Room

Angry

Catfight

Unicorn

What do we want?

The features teens most want according to the same CTIA survey? They want security that guarantees only they have access to their data on the phone. Good teenagers…

The expectations of teenagers...

Campaign Elements

LG has covered all their social media bases with this campaign:

• Flickr
• Youtube
• Facebook
• Twitter

PonderBeard on Twitter.

DTXTR

This part of the campaign follows the release earlier in the year of the DTXTR (DEE-text-ER) which translates the shorthand normally used in texting and instant messaging into English that the uninitiated (parents of teenagers ostensibly) can understand. As an example, the tool should allow MOS (Mom over shoulder) to better understand what she’s reading.

LG's DEE-text-ER

Finally

We commend LG Electronics not only for launching a campaign designed to address some of the risky behavior teenagers and tweens are engaging in, but for doing it in a thoughtful, creative, and somewhat risky way. This approach, employing multiple delivery mediums and using humor, is generally known to increase the effectiveness of awareness campaigns. The same concepts can be applied to security awareness campaigns within your own firm.

The campaign will likely get some flak for using terms like “junk”, appearing at first glance flippant about the issues of sexting and cyber-bullying, and for being somewhat uncompromising in their approach (no sugarcoating). For that LG is exercising some level of corporate courage, for being more concerned about the effectiveness of the campaign than potential criticisms thereof, and we hope they continue to stay with it.

References

• www.giveitaponder.com
• CTIA survey

Related Posts:

• Persistent XSS on Twitter.com
• Zuckerburg Apologizes for Facebook Privacy Changes
• Thou Shalt Not Send Naked Pictures…To Anyone Ever
• Give this Man a Haircut and Support a Worthwhile Cause
• Press F1 for Help, pwned.

About one month ago, a problem in the Blackberry browser left devices open to attack due to a certificate notification flaw. An advisory from Research in Motion details how a malicious user could spoof a “trusted” website then use a phishing technique to send users to that site using SMS or email.

A malformed SMS message causing a memory corruption error could be used to cause a denial of service or execution of arbitrary code on Apple’s iPhone (CVE-2009-2204). Although not related to Blackberry, I wanted to get the point across that mobile devices are beginning to see their fair share of vulnerabilities which could lead to malicious activity.

Turning our focus back to the Blackberry, a director for Hermis Consulting in Jakarta, Indonesia recently wrote an application for the Blackberry which can turn the handheld into a remote bugging device.
The software is called PhoneSnoop and was written to demonstrate how an “attacker can activate the microphone of a Blackberry handheld and listen to sounds near or around it.” There are currently no stealth or spyware aspects of the software, but it shows how the capabilities of a Blackberry could be used for malicious purposes.

These issues remind me of my previous position, managing a global infrastructure team for a financial company.  Exchange and Blackberry services were under our umbrella of responsibilities.  When I first arrived many years ago, as with most companies that are victims of rapid growth, IT policies were non-existent.  Though unpopular with the users, I had to have a BES policy implemented, and one that took quite a bit of control from the user. From password policies to WiFi disabling, where is your BES policy?

Note: A BES (Blackberry Enterprise Software) is middleware software which connects to your enterprise messaging solution (such as Microsoft Exchange or IBM Lotus Domino) and redirects email and PIM information to and from Blackberry mobile devices.

Note: A BES IT Policy is configured from the BES and are assigned to the Blackberry devices over the air.  Policies can be assigned to users and user groups. The default installation does not enforce policies which should definitely be enabled and are best practices on any platform or device. See the bottom of this post for the KB with instructions on how to create and apply policies.

At the bare minimum, you should have these basic policies set:

• Password Required Rule – True
• User Can Change Time – False
• User Can Disable Password – False
• Password Pattern Checks – Require at least 1 alpha and 1 numeric
• Minimum Password Length – 7 characters
• Maximum Password Age – 30 or 60 days
• Set Password Timeout – 10 minutes
• Set Maximum Password Attempts – 10
• Maximum Password History – 6
• Set Owner Info – Customize
• Set Owner Name – Customize
• Lock Owner Info – Customize
• Remote Wipe Reset to Factory Defaults – True

Control Upgrades:

• Allow Non Enterprise Upgrade – False
• Disallow Device User Requested Upgrade – True

Camera Options:

• Disable Photo Camera – True 
• Disable Video Camera – True

Application Control:

• Disable Application Center – True
• Allow Application Down Services – False
• Disallow Third Party Application Downloads – True

Other Policies I Like:

• Disable USB Mass Storage – True
• Disable Blackberry Messenger – True
• Disable Bluetooth – True
• Allow Application Download Services – False
• Allow Hotspot Browser – False
• Allow IBS Browser – False

Too Much?

Now, these policies are starting to sound too strict at a glance; but, the purpose of the device is for users to have access to their email, contacts and calendars anywhere and to have a mobile phone they can be reached at any time.  Cameras, Hotspots and transferring photos and music using USB mass storage are features that are not necessary. If you have legitimate business needs for these features, than you can enable them for certain user groups using a policy.

The policies mentioned are a very small fraction of what is available. I’d like to hear which policies you find useful in your environment, or which you find to be more harm than good.

For a complete list of policies, please see the Policy Reference Guide.

Howto

Create, Assign, View, and Send IT policies
Doc ID : KB02022
Last Modified : 2007-02-01
Document Type : How To
Environment
This article applies to BlackBerry® Enterprise Server software versions 3.6, 4.0, and 4.1 for Microsoft® Exchange.
Procedure
The BlackBerry Enterprise Server uses an IT policy to control the behavior of the BlackBerry devices assigned to it. IT policies cover a wide range of BlackBerry device functions (for example, passwords, attachment viewing, and available browsers). Administrators can create custom IT policies in addition to the IT policies already present on the BlackBerry Enterprise Server.
Creating IT Policies
To create an IT policy, complete these steps:
BlackBerry Enterprise Server software versions 3.6 and 4.0

1. Depending on your version, open the BlackBerry Enterprise Server Management console or BlackBerry Manager.
2. Right-click the BlackBerry Enterprise Server name, then click IT Policy.
3. Click New, then create a name for the IT policy.
4. Select the check box beside each IT policy rules item you would like to assign. A description of the IT policy will appear.
5. To enable the selected IT policy, in the description window, click TRUE.
6. Click Apply, then click OK.

BlackBerry Enterprise Server software version 4.1

1. In BlackBerry Manager, select Servers, then click the Global tab.
2. From the Tasks menu, click Edit Properties.
3. Select IT Policy, then double-click IT Policies.
4. Click New, then create a name for the IT policy.
5. Select an IT policy group to view the associated IT policy rules.
6. Select the appropriate IT policy rules.
7. Click Apply, then click OK.

Assigning IT Policies
To assign an IT policy to a BlackBerry device user, complete the following steps:
BlackBerry Enterprise Server software versions 3.6 and 4.0

1. Depending on your version, open the BlackBerry Enterprise Server Management console or BlackBerry Manager.
2. Right-click the BlackBerry Enterprise Server name, then click IT Policy.
3. Select an IT policy, then click Edit User List.
4. Click Add Users to This Policy.
5. Select a BlackBerry device user, then click Add.
6. Click Close, then click OK to close the Edit IT Policy Userlist window.
7. Click OK again.

BlackBerry Enterprise Server software version 4.1

1. In BlackBerry Manager, select Servers, then click the Global tab.
2. From the Tasks menu, select Edit Properties.
3. Select IT Policy, then double click IT Policy to User Mapping.
4. Select a BlackBerry device user, then click the button next to the appropriate IT policy.
5. Click OK to close the IT policy to User Mapping window.
6. Click Apply, then click OK.

Viewing IT Policies
To view IT policies on the BlackBerry Enterprise Server, complete these steps:
BlackBerry Enterprise Server software versions 3.6 and 4.0

1. Depending on your version, open the BlackBerry Enterprise Server Management console or BlackBerry Manager
2. Right-click the BlackBerry Enterprise Server name, then click IT Policy.
3. Select an IT policy, then click View to see the BlackBerry device and Desktop Policy Settings that have been applied.
4. Click OK to close the View Policy window.
5. Click OK again.

BlackBerry Enterprise Server software version 4.1

1. In BlackBerry Manager, click Servers, then click the Global tab.
2. From the Tasks menu, select Edit Properties.
3. Select IT Policy, then double-click IT Policies.
4. To view the IT policy rules, click Properties.
5. Click OK.

To view an IT policy on a BlackBerry device, complete these steps:

1. From the Home screen, select Options.
2. Select Security Options > General Settings.
3. The IT policy Name, Last Updated, and Time Stamp fields will be listed.

Note: Depending on the BlackBerry device and BlackBerry Device Software version, the instructions for viewing the IT policy on the BlackBerry device may vary. For example, on the BlackBerry 7100 series, the BlackBerry device user must select Settings or Tools, then select Security.

Sending IT Policies
To send an IT policy to a BlackBerry device user, complete the following steps:
Note: By default, when you assign an IT policy to a BlackBerry device user, the IT policy is automatically sent to the BlackBerry device user.
Note: When a change is made to an existing IT policy, it is automatically resent to all BlackBerry device users assigned to that IT policy.
BlackBerry Enterprise Server software versions 3.6 and 4.0

1. Depending on your version, open the BlackBerry Enterprise Server Management console or BlackBerry Manager
2. Select the BlackBerry Enterprise Server name, then right-click a BlackBerry device user name.
3. Click Properties.
4. On the IT Admin tab, click Resend policy.
5. Click Apply, then click OK.

BlackBerry Enterprise Server software version 4.1

1. In BlackBerry Manager, select the BlackBerry Enterprise Server name.
2. Select a BlackBerry device user, then click the question mark ( ? ) symbol beside IT Admin.
3. From the menu that appears, you can resend the IT policy or assign an IT policy to a BlackBerry device user.
4. Click OK.

Related Posts:

• iPhone 4 Ordering and Session Switching
• May’s Patch Tuesday
• March’s Patch Tuesday
• Press F1 for Help, pwned.
• First Patch Tuesday of 2010

“Bears are giant, marauding, godless killing machines.”
– Dr. Stephen Colbert

The bear stopped to look at and sniff the iPhone, and Rowley made her escape.

A couple of days later, carrying a baseball bat Rowley returned to the scene of the crime. The iPhone was still there.

True to form, the genius’s of the genius bar at the Apple store took one look at the mangled iPhone, complete with teeth and claw marks, and decided they did not believe Rowley when she said “A bear ate my iPhone”. Apple gave her two options, buy a new phone or forfeit her contract, and thus Rowley purchased a new phone at full price. Apparently using an iPhone as a bear repellent is not covered under warranty.

“…better the phone than me.” – Rowley

On the positive side, the State of Vermont appears to have avoided a data breach, as there is no evidence that the bear accessed the data on the iPhone.

References:

A Bear Ate My iPhone

Related Posts: