[Fed-Talk] Re: Fed-talk Digest, Vol 7, Issue 263
[Fed-Talk] Re: Fed-talk Digest, Vol 7, Issue 263
- Subject: [Fed-Talk] Re: Fed-talk Digest, Vol 7, Issue 263
- From: "Krzebiot, Robert J." <email@hidden>
- Date: Wed, 1 Sep 2010 14:20:41 -0500
- Acceptlanguage: en-US
- Thread-topic: Fed-talk Digest, Vol 7, Issue 263
Murf,
Thanks for the information. However, when we have done that, and it asks for the old password, we put in the old AD password and it gets rejected. We have tried several passwords that the user has used. Our password cycle is 6 months and he remembers several. It has rejected all of them. It will not allow us to change the password because it rejects any password that was entered.
Bob
On Sep 1, 2010, at 2:05 PM, <email@hidden> wrote:
> Send Fed-talk mailing list submissions to
> email@hidden
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.apple.com/mailman/listinfo/fed-talk
> or, via email, send a message with subject or body 'help' to
> email@hidden
>
> You can reach the person managing the list at
> email@hidden
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Fed-talk digest..."
>
>
> Today's Topics:
>
> 1. Keychain password needed for Safari (Krzebiot, Robert J.)
> 2. Re: Keychain password needed for Safari (Richard Murphy)
> 3. Approved Army CAC software (UNCLASSIFIED)
> (Blankenship, Bob J Mr CTR US USA IMCOM)
> 4. RE: Approved Army CAC software (UNCLASSIFIED) (Miller, Timothy J.)
> 5. Fed-Talk monthly FAQ (Rex Sanders)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 31 Aug 2010 14:16:20 -0500
> From: "Krzebiot, Robert J." <email@hidden>
> Subject: [Fed-Talk] Keychain password needed for Safari
> To: "'email@hidden'" <email@hidden>
> Message-ID: <email@hidden>
> Content-Type: text/plain; charset="us-ascii"
>
> Hello,
>
>
> I have a Mac that is bound to Active directory. There was a problem where we had to reset the Active Directory password. The old password was saved in the keychain. When the user put in the new password to login, it prompted him with the question to save it in the keychain where he promptly said no, big mistake. Now when the user logs in on his system, and opens Safari, it constantly prompts him for the password from the keychain which when he puts in any of the known passwords, it is rejected. His Keychain includes certificates for signing emails and digital signatures, so I cannot just delete this keychain and start new. Is there anyone who knows how to clear the keychain password without wiping his keychain? We have tried to export his certs out of keychain but it prompts for a password, which it rejects all that are known for the system. Anyone have any ideas?
>
>
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Bob Krzebiot
> Argonne National Laboratory
> Network/System Administrator
> email@hidden
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://lists.apple.com/mailman/private/fed-talk/attachments/20100831/40735d34/attachment-0001.html
>
> ------------------------------
>
> Message: 2
> Date: Tue, 31 Aug 2010 12:56:46 -0700
> From: Richard Murphy <email@hidden>
> Subject: Re: [Fed-Talk] Keychain password needed for Safari
> To: email@hidden
> Message-ID: <email@hidden>
> Content-Type: text/plain; charset="us-ascii"
>
> On Aug 31, 2010, at 12:16 PM, Krzebiot, Robert J. wrote:
>> I have a Mac that is bound to Active directory. There was a problem where we had to reset the Active Directory password. The old password was saved in the keychain. When the user put in the new password to login, it prompted him with the question to save it in the keychain where he promptly said no, big mistake.
>
> I think you're talking about the password used to encrypt the keychain - the keychain password. That's different from a password that's saved in the keychain.
>
> By default the login password is used to encrypt the login keychain when it's created. This is a "by convention", not enforced. When passwords for accounts are changed we give the chance to change the login keychain password at the earliest possible opportunity; usually when the user first logs in after the password change. If the user elects to not change the keychain password at that time the keychain password remains their old login password (or any other password they may have assigned the login keychain using KeychainAccess).
>
>> Now when the user logs in on his system, and opens Safari, it constantly prompts him for the password from the keychain which when he puts in any of the known passwords, it is rejected. His Keychain includes certificates for signing emails and digital signatures, so I cannot just delete this keychain and start new. Is there anyone who knows how to clear the keychain password without wiping his keychain? We have tried to export his certs out of keychain but it prompts for a password, which it rejects all that are known for the system. Anyone have any ideas?
>
> If nothing else has been done the keychain password is probably the old password before the Active Directory password reset. If that's the case you can use the Keychain Access utility to change the login keychain password. That option is under the "Edit" menu. It should ask for the old keychain password (the one before the AD reset) and then for the password you want the keychain password to be (probably the login password after the reset). After that operation is complete you can logout and back in to have the keychain automatically opened.
>
> - murf
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://lists.apple.com/mailman/private/fed-talk/attachments/20100831/a5db8f02/attachment-0001.html
>
> ------------------------------
>
> Message: 3
> Date: Tue, 31 Aug 2010 15:47:50 -0500
> From: "Blankenship, Bob J Mr CTR US USA IMCOM"
> <email@hidden>
> Subject: [Fed-Talk] Approved Army CAC software (UNCLASSIFIED)
> To: <email@hidden>
> Message-ID:
> <email@hidden>
>
> Content-Type: text/plain; charset="us-ascii"
>
> Classification: UNCLASSIFIED
> Caveats: NONE
>
> I have recently been told that there is not an approved CAC software package
> for use within the Department of the Army for Macs from Apple or a third
> party. Can anyone point me a document that states otherwise? Just curious.
>
>
> Thanks
>
>
> Bob Blankenship
>
>
> Classification: UNCLASSIFIED
> Caveats: NONE
>
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: smime.p7s
> Type: application/x-pkcs7-signature
> Size: 5238 bytes
> Desc: not available
> Url : http://lists.apple.com/mailman/private/fed-talk/attachments/20100831/ab44f8df/smime-0001.bin
>
> ------------------------------
>
> Message: 4
> Date: Tue, 31 Aug 2010 22:28:12 -0400
> From: "Miller, Timothy J." <email@hidden>
> Subject: [Fed-Talk] RE: Approved Army CAC software (UNCLASSIFIED)
> To: "'Blankenship, Bob J Mr CTR US USA IMCOM'"
> <email@hidden>, "email@hidden"
> <email@hidden>
> Message-ID:
> <email@hidden>
> Content-Type: text/plain; charset="us-ascii"
>
> Army Golden Master uses Thursby ADmitMac for CAC, which supplies middleware in addition to AD integration.
>
> -- Tim
>
>> -----Original Message-----
>> From: fed-talk-bounces+tmiller=email@hidden [mailto:fed-
>> talk-bounces+tmiller=email@hidden] On Behalf Of
>> Blankenship, Bob J Mr CTR US USA IMCOM
>> Sent: Tuesday, August 31, 2010 3:48 PM
>> To: email@hidden
>> Subject: [Fed-Talk] Approved Army CAC software (UNCLASSIFIED)
>>
>> Classification: UNCLASSIFIED
>> Caveats: NONE
>>
>> I have recently been told that there is not an approved CAC software
>> package
>> for use within the Department of the Army for Macs from Apple or a third
>> party. Can anyone point me a document that states otherwise? Just
>> curious.
>>
>>
>> Thanks
>>
>>
>> Bob Blankenship
>>
>>
>> Classification: UNCLASSIFIED
>> Caveats: NONE
>>
>
>
>
> ------------------------------
>
> Message: 5
> Date: Wed, 1 Sep 2010 11:00:00 -0700
> From: Rex Sanders <email@hidden>
> Subject: [Fed-Talk] Fed-Talk monthly FAQ
> To: email@hidden
> Message-ID: <p06230904c87cba9454c6@[130.118.62.71]>
> Content-Type: text/plain; charset="us-ascii"
>
> No questions edited or added this month.
>
> Comments, corrections, additions welcome.
>
> -- Rex Sanders, USGS
> rsanders ---at--- usgs.gov
>
> "Not only can Apple not please everyone, it's not remotely interested in doing so."
> Jason Snell, MacWorld magazine, June 2010
>
> ==========
>
> Fed-Talk mailing list
>
> Frequently Asked Questions
>
> Emailed monthly to fed-talk ---at--- lists.apple.com.
>
> Last update: 19 July 2010.
> Entries added or edited since last month marked with (*) in Contents.
>
> No endorsement of any product should be implied from inclusion in this message.
>
>
> Contents:
>
> ----- What is Fed-Talk?
> ----- How can I get on or off the Fed-Talk mailing list?
> ----- How can I search the Fed-Talk archives before mailing my question to the entire list?
> ----- How can I browse the Fed-Talk archives?
> ----- Why doesn't Apple support the Enterprise market?
> ----- How can Apple sell stuff to the Government when they don't do "Z"?
> ----- How can I ask Apple to support Z?
> ----- Which versions of Mac OS X are supported by Apple?
> ----- How can I get my CAC card or PIV card to work?
> ----- Where can I find Mac OS X security guidelines or STIGs?
> ----- Where can I find SCAP, or continous security monitoring tools, for Mac OS X?
> ----- Where can I find iOS security guidelines or STIGs?
> ----- Where is Apple's iPhone security guide?
> ----- What is the Army Golden Master? What is it's status?
> ----- What is the status of FIPS 140-2 cryptographic validation for Mac OS X?
> ----- What is the status of FIPS 140-2 cryptographic validation for iOS?
> ----- What is USGCB? Where is the Mac OS X USGCB? Where is the iOS USGCB?
> ----- How do I meet the OMB M-06-16 requirement for encryption on Mac OS X?
> ----- How do I meet the OMB M-06-16 requirement for encryption on iOS?
> ----- How can I get a Volatility Statement for Apple Products?
> ----- How can I buy Apple products for the Federal Government?
> ----- How can I buy Macs without cameras, Bluetooth, or WiFi hardware?
> ----- Can't you disable cameras, Bluetooth, or WiFi with software, duct tape, SuperGlue, etc.?
> ----- How can I make iTunes purchases without paying sales tax?
> ----- Can I buy Apple products for personal use with a discount?
> ----- Does Apple have a web site for Federal Government customers?
>
>
> ==========
>
>
> ----- What is Fed-Talk?
>
> Fed-Talk is an unmoderated discussion list to discuss the uses of existing Apple technologies within, and specific to the Federal government.
>
>
> ----- How can I get on or off the Fed-Talk mailing list?
>
> See the footer in every Fed-Talk message.
>
> See also http://lists.apple.com/mailman/listinfo/fed-talk
>
> Do not send subscribe or unsubscribe requests to the entire list.
>
>
> ----- How can I search the Fed-Talk archives before mailing my question to the entire list?
>
> In theory you can use Apple's mailing list search engine from the Fed-Talk home page:
> http://lists.apple.com/mailman/listinfo/fed-talk
>
> In practice, Google works much better:
> http://www.google.com/search?q=site:lists.apple.com+Fed-Talk
>
>
> ----- How can I browse the Fed-Talk archives?
>
> http://lists.apple.com/archives/Fed-talk
>
>
> ----- Why doesn't Apple support the Enterprise market?
>
> Apple is primarily a Consumer company, and is not focused on Enterprise or Federal Government issues. Apple provides limited support to the Enterprise market, different from other IT vendors.
>
> Probably what concerns you is support for your favorite Enterprise-like feature, service, or process.
>
>
> ----- How can Apple sell stuff to the Government when they don't do "Z"?
>
> The Federal Government is a large, diverse market. Just because Z is required in your part, doesn't mean Z is required in every part. Just because OMB/NIST/... requires Z for the entire Government, doesn't mean Z is being enforced everywhere uniformly. Apple manages to sell plenty of Macs, iPhones, iPads, and other stuff to many parts of the Federal Government without Z. Please make clear in your messages that *your part* of the Government requires Z now.
>
> For "Z", substitute your favorite feature, service, or process.
>
>
> ----- How can I ask Apple to support "Z"?
>
> - Contact your agency's Apple sales rep, who will probably tell you to ...
>
> - Get a free Apple Developer account at http://developer.apple.com/programs/register/ Post a detailed request on http://bugreport.apple.com. Indicate approximately how many Macs are affected. Be realistic, and report numbers only for your part of the Government. Report the bug number to your Apple sales and engineering reps. Yes, reporting a feature request through the bug tracking system is the correct method. You should get a reply from Apple. You won't always get a reply you like.
>
> - Send email to feedback ---at--- apple.com. You are not likely to get a reply from Apple.
>
> - Posting your request on Fed-Talk will not work. You might get sympathy from other list members.
>
>
> ----- Which versions of Mac OS X are supported by Apple?
>
> Apple doesn't explicitly state Mac OS X version support policies.
>
> In brief:
>
> - Mac OS X v10.6 Snow Leopard is fully supported.
> - Mac OS X v10.5 Leopard is supported for serious bug fixes and security fixes.
> - Previous versions have very limited support.
>
> Based on years of observation, the support pattern appears to be:
>
> - Apple fully supports the current operating system.
>
> - Apple releases security fixes, and some bug fixes, for the 10.N-1 operating system.
>
> - Sometimes, Apple releases security fixes for the 10.N-2 operating system.
>
> Certain components of Mac OS X have different, unstated, support policies. For example, Safari and iTunes updates for Mac OS X v10.4 Tiger continue to be released.
>
>
> ----- How can I get my CAC card or PIV card to work?
>
> Your best source is within your part of the Federal Government. Otherwise ...
>
> First, you need a card reader.
>
> Macs: No Macs have slots suitable for internal card readers similar to what you can find from other vendors. External USB card readers will work with most Macs. Supported card readers can be found here:
> http://smartcardservices.macosforge.org/trac/wiki/smartcardccid
>
> iPhones and iPads: No card readers are available for iPhones or iPads at this time.
>
> Second, you need software support.
>
> All [Apple supported] Smart Card related questions, assistance and guidance is at the SmartCardServices project at Mac OS Forge
> http://smartcardservices.macosforge.org/
>
> Separate Smart Card related mailing lists:
> http://smartcardservices.macosforge.org/trac/wiki/MailLists
>
> New Gemalto TOPDLGX4 144 CACs require a beta tokend available at
> http://smartcardservices.macosforge.org/trac/wiki/installers#TokendReleases
>
> Try these instructions:
> https://sites.google.com/a/compsolve.net/mac-cac/
> http://militarycac.com/apple.htm
>
> Also try these Entourage instructions:
> http://lists.apple.com/archives/fed-talk/2009/Jul/msg00002.html
>
> Thursby sells software to support CAC or PIV cards for Active Directory and Exchange:
> ADmitMac for CAC: http://www.thursby.com/products/afc.html
> ADmitMac for PIV: http://www.thursby.com/products/piv.html
>
>
> ----- Where can I find Mac OS X security guidelines or STIGs?
>
> Your best source is within your part of the Federal Government. If you can't find one ...
>
> Apple Security Guides:
> http://www.apple.com/support/security/guides/
>
> Center for Internet Security:
> http://cisecurity.org/en-us/?route=downloads.browse.category.benchmarks.os.unix.osx
> http://www.cisecurity.org/tools2/osx/CIS_MacOSX_10.5_Benchmark_v1.0.pdf
> http://www.cisecurity.org/tools2/CIS_Apple_Safari_Benchmark_v1.0.0.pdf (Safari 4)
>
> You should not adopt these guides wholesale, they are the starting point for a STIG (Security Technical Implementation Guide) specific to your part of the Government.
>
>
> ----- Where can I find SCAP, or continous security monitoring tools, for Mac OS X?
>
> SCAP tools might be available for Mac OS X because "they are generally just Java based XML interpreters." However, there is no SCAP content for Mac OS X.
> http://scap.nist.gov/
>
> Some Federal sites have written their own Mac OS X security monitoring tools, and will make them available upon request:
>
> Los Alamos National Laboratory - contact Allan Marcus, allan ---at--- lanl.gov
>
> DoD High Performance Computing Modernization Program - contact David Jaccard, dave.jaccard.ctr ---at--- hpcmo.hpc.mil
>
>
> ----- Where can I find iOS security guidelines or STIGs?
>
> Your best source is within your part of the Federal Government. If you can't find one ...
>
> iPhone OS 3.1.2:
>
> Center for Internet Security:
> http://cisecurity.org/en-us/?route=downloads.browse.category.benchmarks.mobile.iphone
> http://www.cisecurity.org/tools2/iphone/CIS_Apple_iPhone_3.1.2_Benchmark_v1.1.0.pdf
>
> iPhone OS 3.1 with MMS:
>
> Try this post to Fed-Talk:
> http://lists.apple.com/archives/Fed-talk/2009/Sep/msg00200.html
>
> You should not adopt these guides wholesale, they are the starting point for a STIG (Security Technical Implementation Guide) specific to your part of the Government.
>
>
> ----- Where is Apple's iOS security guide?
>
> Not available at this time.
>
> Apple discusses many iPhone and iPad security features here:
> http://images.apple.com/iphone/business/docs/iPhone_Security.pdf
> http://images.apple.com/ipad/business/pdf/iPad_Security_Overview.pdf
>
> http://www.apple.com/support/iphone/enterprise/
> http://www.apple.com/support/ipad/enterprise/
>
>
> ----- What is the Army Golden Master?
>
> AGM is a standard, secure Windows or Mac OS X image for the Army, preloaded with approved applications. AGM ships on Mac purchases from the Army's Consolidated Buy:
>
> https://chess.army.mil/ascp/commerce/consolidatedBuy/index.jsp
>
>
> ----- What is USGCB? Where is the Mac OS X USGCB? Where is the iOS USGCB?
>
> The purpose of the United States Government Configuration Baseline (USGCB) initiative is to create security configuration baselines for Information Technology products widely deployed across the federal agencies. The USGCB baseline evolved from the Federal Desktop Core Configuration (FDCC) mandate.
>
> http://usgcb.nist.gov
>
> USGCB configurations for Windows XP and Vista have been released and widely implemented.
>
> Mac OS X 10.5 "Leopard" USGCB development is in progress. No ETA.
>
> No word on USGCB for Mac OS X 10.6 "Snow Leopard", or USGCB for any version of iOS.
>
> "Neither NIST nor OMB precludes use or purchase of systems that do not have an [USGCB] in place."
>
> More info here:
> http://lists.apple.com/archives/fed-talk/2009/Nov/msg00005.html
>
>
> ----- What is the status of FIPS 140-2 cryptographic validation for Mac OS X?
>
> As of 30 October 2009
> http://lists.apple.com/archives/fed-talk/2009/Oct/msg00131.html
>
> "Mac OS X's built-in Cryptographic Service Provider (CSP) Software Module is currently in process for FIPS 140-2 Level 1 Conformance Validation.
>
> OpenSSL on Mac OS X 10.5/10.6 is not compiled using their FIPS validated crypto module
>
> OpenSSH uses the installed OpenSSL on the platform (see above)
>
> Apache on Mac OS X uses OpenSSL (see above)"
>
> You can follow the progress of "Apple FIPS Cryptographic Module" here:
>
> http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140InProcess.pdf
>
> Note that IUT means "Implementation Under Test".
>
>
> ----- What is the status of FIPS 140-2 cryptographic validation for iOS?
>
> Apple submitted "iPhone FIPS Cryptographic Module" and "iPad FIPS Cryptographic Module" for validation in mid-2010.
>
> http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140InProcess.pdf
>
> Note that IUT means "Implementation Under Test".
>
>
> ---- How do I meet the OMB M-06-16 requirement for encryption on Mac OS X?
>
> You mean the one we were supposed to have fully deployed by August 7, 2006? You need encryption using FIPS 140-2 validated cryptographic modules.
> http://www.whitehouse.gov/OMB/memoranda/fy2006/m06-16.pdf
>
> Some parts of the Government have approved interim or final encryption methods for Mac OS X. Ask your security people.
>
> Apple is in progress to get FIPS 140-2 validation for Mac OS X security modules (see previous question). Filevault or Disk Utility encrypted disk images might meet your needs for interim encryption.
>
> Some third party products support FIPS 140-2 validated encryption for Mac OS X.
>
> According to http://lists.apple.com/archives/fed-talk/2009/Aug/msg00058.html
>
> "A short list of the top three _who work very closely with Apple_ are:"
>
> CheckPoint - PointSec PC for Mac
> http://www.checkpoint.com/products/datasecurity/pc/
>
> PGP - Whole Disk Encryption
> http://www.pgp.com/products/wholediskencryption/
>
> WinMagic - SecureDoc
> http://www.winmagic.com/products/full-disk-encryption-for-mac
>
> WinMagic SecureDoc is available on the GSA/DOD Data At Rest BPA
> http://www.gsa.gov/Portal/gsa/ep/contentView.do?contentType=GSA_BASIC&contentId=23172
>
> Other vendors may have FIPS 140-2 validated encryption products for Mac OS X, including encrypted disk drives and flash drives.
>
> Ask potential vendors for their specific FIPS 140-2 certification number for that particular Mac OS X product. Then check the NIST list of validated modules:
> http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm
>
> Some vendors confuse using a FIPS 140-2 accepted algorithm (e.g. 3DES, AES), with having a FIPS 140-2 validated solution. Writing buggy encryption software is easy. Getting FIPS 140-2 validation is hard. Caveat emptor.
>
>
> ---- How do I meet the OMB M-06-16 requirement for encryption on iOS?
>
> Apple is in progress to get FIPS 140-2 validation for iOS devices (see earlier question). FIPS 140-2 validated encryption for iOS is not available through Apple at this time. iPhones 3G and newer, and iPads, support built-in encryption which has not been validated.
>
> Apps can provide iOS FIPS 140-2 validated encryption for data in their app sandbox along with other features.
>
> Products suggested by others include:
>
> - Good for Enterprise iPhone <http://www.good.com/iphone/>http://www.good.com/iphone/
>
> - Little Red Wagon Pinecone <http://www.lrwtechnologies.com/pinecone.html>http://www.lrwtechnologies.com/pinecone.html
>
> Do your homework! See the previous question.
>
> Mocana announced a FIPS 140-2 validated iPhone OS *module* (Nanocrypto) which developers may use to build FIPS 140-2 validated products.
> http://mocana.com/press2010-04-05.html
>
>
> ----- How can I get a Volatility Statement for Apple Products?
>
> Some sites require vendors statements certifying no non-volatile memory after hardware power down, except for hard drives.
>
> Federal Government representatives can send an email message to "AppleFederal -- at-- apple.com" and request a Volatility Statement for Apple Products.
>
> What is needed in the request is at least ONE of the following:
>
> - Product Serial Number (ie. W891302D7XZ)
>
> - Product Part Number (ie. MB449LL/A)
>
> - Product Model Number (ie. A1279)
>
>
> ----- How can I buy Apple products for the Federal Government?
>
> Follow the purchasing rules for your part of the Government - every part is different.
>
> Some sources that might be available to you include:
>
> - Apple online store for Government charge card purchases
> http://www.apple.com/r/store/government/smartpay.html
>
> - Apple GSA schedule (GS-35F-0086T) and other major Federal contracts:
> http://www.apple.com/r/store/government/reseller.html
>
> - NASA SEWP:
> http://sewp.nasa.gov/
>
> - Army CHESS Consolidated Buy
> https://chess.army.mil/ascp/commerce/consolidatedBuy/index.jsp
>
> Note: "Apple is the ONLY holder of GSA schedule for Apple products. Any other listing by any other company for Apple branded products are selling them without an official letter of supply." Apple Government Channel Manager, 30 September 2009
>
> Tip: To find Apple GSA products and pricing, search for "GS-35F-0086T" on:
> https://www.gsaadvantage.gov/
>
>
> ----- How can I buy Macs without cameras, Bluetooth, or WiFi hardware?
>
> Two Apple resellers are authorized to remove these devices from Macs before shipping them to you:
>
> - Holman's http://www.holmans.com
>
> - Intelligent Decisions http://www.intelligent.net
>
> These modified Macs must be serviced by these resellers under Apple warranty or AppleCare. You cannot send modified Macs directly to Apple for warranty or AppleCare repair.
>
>
> ----- Can't you disable cameras, Bluetooth, or WiFi with software, duct tape, SuperGlue, etc.?
>
> Yes. However, some parts of the Federal Government require removal of the offending parts.
>
>
> ----- How can I make iTunes purchases without paying sales tax?
>
> Move to a state without sales tax?
>
> Solution 1: Make the purchase with sales tax, then contact your Apple sales rep to get the tax removed after the fact. (from Apple Federal sales rep)
>
> Solution 2: "There is a process where you can request reimbursement for the tax. You send the request to itunes_tax_refunds ---at--- apple.com. You must include a copy of your tax exemption status and a copy of your invoice. The tax refund will be provided in the form of a check. Refunds can not be made back to the card that was used to make the purchase." (unverified, from Fed-Talk posting 18 Feb 2010)
>
> See the iTunes and App Store Terms & Conditions
> http://www.apple.com/legal/itunes/us/terms.htm
> http://www.apple.com/legal/itunes/appstore/us/terms.html
>
> Note this phrase in the "Sales Tax" section:
>
> "No customers are eligible for tax exemptions for transactions made on the Service."
>
>
> ----- Can I buy Apple products for personal use with a discount?
>
> Apple offers a Federal Employee Purchase Plan that allows Federal Employees and Federal Contractors to purchase up to six system bundles a year for yourself or family and friends that you sponsor. Apple offers similar plans to many other large corporations. Yes, this is legal.
> http://www.apple.com/r/store/government/epp.html
>
> Apple's policy:
> http://www.apple.com/r/store/government/fedepppolicies.html
>
> Some Fed-Talk readers report better discounts, and no sales tax collection, purchasing through Amazon. Caveat emptor.
>
>
> ----- Does Apple have a web site for Federal Government customers?
>
> http://www.apple.com/federal
>
>
> ------------------------------
>
> _______________________________________________
> Fed-talk mailing list
> email@hidden
> http://lists.apple.com/mailman/listinfo/fed-talk
>
> End of Fed-talk Digest, Vol 7, Issue 263
> ****************************************
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden