Windows Mobile Security Software Fails the Test 106
boebert_ms writes "Windows Mobile security software is insecure and buggy, according to a report from Airscanner. In a paper posted at msmobiles.com, roughly 20 different Windows Mobile programs (e.g. MS Money, Password Master 3.5, etc) were examined and found to have a wide range of issues from broken protection schemes to poor encryption algorithms, and more. The paper goes into some details about each program and their flaws and also provides some tips on how to protect your data."
That why Linux is pretty cool on embedded devices (Score:2, Insightful)
The Linux that runs on phones is the same code that runs on desktops, servers etc. This means that by looking at Linux for servers etc, those paranoid security people have also verified Linux for mobile.
Of course you can still do dumb thing with mobile Linux (eg. running as root) and mobile-specific software can still give some vulnerabilities, but at least you have a half-decent start.
Obvious (Score:5, Insightful)
My device is relatively expensive and is a smartphone, so if anyone stole it I'd be far more worried about them receiving the monetary value of my device and unfettered access to my phone account than about my passwords (which I could change from a PC anyway). I have my university account password saved, but I use SSH and encrypted IMAP to access these services so there isn't any significant risk so long as I possess the device.
People who use services like Remote Keyboard that don't ask for a login on the PC should expect that this service is unencrypted and unauthenticated. Similarly, people who use ActiveSync over the network should anticipate that if they haven't just plugged in their device, any password prompt must be spoofed.
I can write a similar article about a "vulnerability" in Facebook: I received 5 e-mails yesterday asking me to confirm account creation. I've had an account for over a year now, so I knew these requests weren't legitimate. Had I clicked on the verification links, I would've surrendered to this attacker my Facebook identity (they'd've had a blank profile under my e-mail address), but I'm smart enough not to. Or perhaps someone can submit an "insecurity" in Firefox, that even with a master password, JavaScript from a plug-in can read my passwords through the DOM once I've accessed a site.
Re:Application Problems (Score:3, Insightful)
Re:Wrong target (Score:1, Insightful)
Re:Wrong target (Score:3, Insightful)
Let me get this straight (Score:1, Insightful)
If i write the same app on windows or windows mobile, MS sucks.
I'm going to do a whole lot more windows development so i'm not responsible for my own lazyness.
Thanks!
Re:Microsoft can't code (Score:3, Insightful)
I have seen a few people use their stuff (and being quite happy with it).
They mus do something right, and more than marketing, looking at all he repeat orders (and happy users actualy).