Yes, hacking servers is big news, but gazing into the digital crystal ball, PDA's are sitting ducks for hackers to penetrate corporate networks. Of course, this goes hand in hand with wireless traffic vulnerabilites, which is another topic. I mean, we've got XP pro SP2 with ICF and now Windows Server 2003 with ICF (via SP1) and a very ambitious security wizard that attempts to lockdown a server based on it's installed roles. But a Windows Pocket PC's have nothing at all in terms of security except for the optional up front entry of a pin.
If I put on my hacker hat, I start thinking that this sounds pretty attractive as a way to get a trojan into a corporate network. They're everywhere and people will often log on to any wireless network than can find when traveling in order to get a link. Perfect for capturing packets and sniffing out passwords,hashes, and other secrets as well as creating opportunities for downloading malware.
So best practices would be what? Don't connect to untrusted networks, install a virus scanner, encrypt the secret stuff your PDA holds and we all know they have a lot of secrets in them, that's why they're useful, turn off your wireless capability unless you're using it, keep software updated, etc. I'm no PDA expert, although to use one you have to sorta become one like it or not, so any links or suggestions on this topic would be appreciated.
Toward that end, Trend Micro is offering a free virus scanner for PDA's for a limited time.
http://www.trendmicro.com/download/product.asp?productid=2
"No, i totally disagree. i mean, look... wireless internet is replacing
cable dsl and copper so fast the evdo hsdpa wimax and other protocols will
just completely change the need for the products out there now... here...
take a look at some prerelease evdo video phone at http://video-phones-evdo.com and
http://wireless-internet-broadband-service.com
Heck yeah. No doubt we are heading toward a wireless convergence. That acutally, it seems, supports my point. New protocols means new problems as well as new capabilites. My only point is that the companies making these products, Microsoft included (for the OS side) are not paying enough attention to security features as they are pretty much absent.
"we" first mistake, ICF is our savior and protection? Second mistake, nearly any bumpkin in the security field will tell you that the windows firewall is a joke when it comes to security. as most microsoft "security messures" are. need we remind people of the hard core login security that win9X supplied? while i will admit MS has gotten better at it. they still are dogging it in the security field. p.s. many pda's now adays are using linux :) and netbsd can run on almost anything :)
Register
