Microsoft to acquire Nokia’s devices & services business

A few hours ago, the news hit the world that Microsoft is about to acquire Nokia’s devices & services business and it’s going to license Nokia’s patents and mapping services.

Honestly, I can’t say that I’m surprised. Microsoft and Nokia have been working closely together in making, branding and marketing Nokia’s Lumia Windows Phone devices. In line of Microsoft’s “big transformation” into a devices & services company, this only seems the next logical step.

Through the acquisition (which includes brining over about 30.000 people from Nokia), Microsoft suddenly gains a vast amount of experience in making hardware.It’s first attempts at creating a tablets, the Surface RT and Surface Pro,  seemed – given the 900 million dollar write-off on a pile of devices they couldn’t sell – nothing more than a creditable attempt. Through this acquisition, however, Nokia [Microsoft] might be able to bring some change into the game. After all, recent news confirmed the existence of a Nokia tablet based on Windows RT which should hit the shelves any time soon. And by the looks of it, the device looks many times more slick than the Surface RT or Pro.

Time will tell if this was a good thing or not…


Demo of spoofing attack shows that Android & IOS devices can be wiped due to Untrusted SSL certificates

Articles at Ars Technica and (Dutch) reported that Peter Hannay, an Australian Security Expert, demoed at the Blackhat conference how Adroid and IOS devices could be wiped by spoofing the connections to the Exchange server using Untrusted SSL Certificates:

Android devices that connect to an Exchange server with a self-signed certificate will connect to any server at its designated address, even when its SSL credential has been spoofed or contains invalid data. iOS devices fared only slightly better in Hannay’s tests: They issued a warning, but allowed users to connect anyway. Microsoft Windows Phone handsets, by contrast, issued an error and refused to allow the end user to connect.

For the attacker to succeed, he must be able to spoof the connection. This could easily be achieved by setting up an unsecured Wi-Fi network. Past Blackhat conferences have proven that people tend to connect to unsecured Wi-Fi networks; even if they do not know it’s roots!

Hannay has developed an attack that uses a WiFi network to implement a rogue server with a self-signed certificate, rather than one issued by a trusted certificate authority. Vulnerable devices on the same network that try to connect to their regular Exchange server won’t reach that intended destination. Instead, it will initiate communications with Hannay’s imposter machine.

Although the problem doesn’t seem to lie with the Exchange Server, I agree with Paul Cunningham his point-of-view: I’m also curious to see how Microsoft will react to these findings.

ActiveSync in the future?

Crappy ActiveSync implementations have always been a thorn in the flesh of Microsoft. To “force” better implementations they launched the ActiveSync Logo Program. However, it seems however that the program somehow missed it’s target…

Although Exchange Server 2013 still supports ActiveSync, Dave Stork reported that Windows 8 still ships with version 14. This might point out that Microsoft is perhaps reducing it’s effort to further develop ActiveSync. I wouldn’t be surprise is Microsoft is trying to shift away from ActiveSync in the future: that way they don’t have to deal with problems that are introduced by the bad implementation of ActiveSync in mobile devices.

However, I haven’t come across a worthy replacement for it in the Release Preview of Exchange Server 2013 yet… Time will tell, but I’m watching closely to see what ‘s still to come.

Until later!

Blog Exchange