AOH :: ISN-2866.HTM

Windows Mobile security software insecure

Windows Mobile security software insecure
Windows Mobile security software insecure

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

Content-Type: TEXT/PLAIN; charset=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE 

By Nick Farrell
15 August 2006

SECURITY OUTFIT Airscanner has slammed Windows Mobile security
software as insecure and buggy.

In a paper posted here [1], the report condemns Windows Mobile as
lacking any decent security infrastructure.

For example Pocket PC has no Kerberos authentication, encrypting file
system, or a built-in firewall. ' Looking to third party software is
not particularly useful either as Windows Mobile developers are not
held up to the same scrutiny as those in the desktop arena. Some
software touted as 'encrypted' or 'secure' is neither.

More than 20 different Windows Mobile programs including MS Money and
Password Master 3.5 have been slammed in the report.

The software was found to have issues including broken protection
schemes to poor encryption algorithms. It describes the Window=C2=92s
Mobile version as a poor cousin to XP which is comparatively open and
bug free.

The report says that the Windows Mobile platform creates an
environment conducive to poorly designed security software.

If there is a problem on the Windows XP it is possible to see what is
going on in Windows Task Manager, msconfig,' or regedit. Windows
Mobile 5 platform has a task list that only mentions the names of the
open applications that have graphical interfaces, the report says.

"Average Windows Mobile users are relatively blind about what their
device is doing, there are numerous Windows Mobile vendors that store
sensitive information in the registry with flawed encryption schemes,
or even in plaintext," the report says. =C2=B5


Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Visit the InfoSec News store! 


Site design & layout copyright © 1986-2015 CodeGods