Hi!
Could someone point me to info how can I use SD card as real Secure storage of data?
What I need to do - to use it under Win Mobile platform?
is Any 3-rd part software available?
thanks for any information.
ryhor said:
Hi!
Could someone point me to info how can I use SD card as real Secure storage of data?
.
Click to expand...
Click to collapse
I guess it depends on how you define secure?
If you mean 'nobody else can access the data if they get a hold of the card' ... there are many articles on the web discussing this issue - here's a decent (but slightly dated) one: http://www.windowsecurity.com/articles/Securing-Pocket-PC.html
There are a LOT of app's which will provide you with varying levels of encryption for your data - Resco Explorer has an option to encrypt, for example.
Use google (or your preferred search engine) to search for "pocket pc" and "security" (or perhaps "encryption") and you'll get plenty of hits.
I must point out though that we are talking about an extremely portable device. A PDA is just so easy to steal! An SD card is even more so. So if you are talking about data which really MUST remain secure ... you may well be better served by not putting it on your unit in the first place.
Hi
Actually we wanna do a simple thing.
we wanna put our application and data on SD card and allow access to this storage only to someone who have right to do it. (it isn't top secret )
SD category 3 of levels of SDMI security requirements will be fine for us.
http://www.sandisk.com/Oem/DocumentInfo.aspx?DocumentID=1344
But as I understand - there is some problem with it. It is a little bit strange - because every normal SD card has to provide this feature (and it is), but just there is no any suuport of it from OS? even there is no some 3-rd part File System Drivers?
It isn't sounds so hard to implement.
Why do I feel like we got gipped again?
I believe SD is a scam over MMC cards just like 1.44MB 3.5" floppy disks was a scam over the 720KB version... :x
SDMI
ryhor said:
Hi
But as I understand - there is some problem with it. It is a little bit strange - because every normal SD card has to provide this feature (and it is), but just there is no any suuport of it from OS? even there is no some 3-rd part File System Drivers?
Click to expand...
Click to collapse
I did some research into SDMI last year, as a part of a contract I was on. I've dug into my notes and found this:
http://www.microsoft.com/windows/windowsmedia/drm/sdksandversions.aspx#version
It may be of some use to you. Probably not ... frankly I find the whole approach of DRM to be a joke
Hi Guys
Is there a good firewall that we can use with the universal? Do we really need one?
when i browse the web on my Exec i use it over wifi so is that safe, (my home is protected BUT what about the free HOTSPOTS in the city centre <I trust star bucks with my coffee-do I trust them with my internet security?
Would any of you guys use your PDA's webpage to buy something from a website (ebay) or even online banking?
Im not to fused about someone hacking my PDA through my wifi/internet connection, come on the way I look at it, if some one is that good Im sure they have better things to hack then mine! lol
Im more concerned about if I am going to log onto ebay's webpage how secure is my information while its being sent from My PDA browser to there server?
IL appreciate everyone’s thoughts on this!
YES VIJAY that includes you as well,
GUYS KEEP YOUR REPLIES IN RELATION TO THIS THREAD, if you want to talk about your aunty janes cats dogs friends sisters leg, start another thread!)
You don't need one.
Ward said:
You don't need one.
Click to expand...
Click to collapse
could you explain why, please?
@ WARD
why dont we need one? because you say so? lol
come on mate you can not give a one sentence reply and walk away from this, do you know how long it has taken me to write the post?
unless you a allsinging alldancing knowit all---------, well even if you are, give a better reply then "you dont need one"
or dont post at all.
you dont need one
You don't need a firewall now, because:
a) No tools for the PPC are really available at the moment, and
b) What exactly are they going to do when they hack in?
c) More importantly, you won't FIND any firewalls for Windows Mobile.
But as to the question of how safe is the information being sent to eBay; well, Pocket IE (Internet Explorer Mobile) is based off IE 5 and 6, with the same security levels. So if you access something with that little lock icon on, you're pretty secure.
If not, you're taking the same risk as normal browsing.
OK guys come on give better answers then "you dont need one"
we are not all mind readers,
:?:
breakit down, whywe dont need one?
how safe is your data when its sent from your device?
try to read my intial thread and reply to the points in there,
I am sure that you are not naive to think we dont need one because our networks tell its its safe or because microsoft does,
How many times has microsoft security been compermised?
Networks- remmber t-mobile? when there servers where being hacked (one good thing that came out of that was pairs hiltons EMAILS! along with the secrect service but with parisss its was more of like many online service providers, T-Mobile.com requires users to answer a "secret question" if they forget their passwords. For Hilton's account, the secret question was "What is your favorite pet's name?" By correctly providing the answer, any internet user could change Hilton's password and freely access her account. and her pet dog name is!!! Chihuahua
http://www.theregister.co.uk/2005/01/12/hacker_penetrates_t-mobile/ )
@ snorbaard
thanks dude
N2h, you're being rather rude, so I would have expected a lot more "you don't need one" replies by now just to spite you. I'll answer your question first, and then detail why I believe you're being rather rude.
--
What you're asking about isn't really a firewall. A firewall is used to prevent certain communications either coming into a machine, or going out of it. E.g. a firewall could be placed on outbound port 80 to prevent users from browsing 99% of the web, or a firewall can and should be placed on inbound port 139 to stop some older netbios 'attacks'.
What you're really asking about is whether the communication you do via your PocketPC - over wifi - is 'secure' in that others can't access your information. The answer to that isn't a simple yes/no - it will depend on a few things.
The first thing to make sure as that the access point you're using has WEP (Wireless Encryption Protocol) enabled. The bigger the key, the better. This will mean that 'over the air', your information will be encrypted. Anybody who would 'snoop' that information from the air will need a LOT of data, and a reasonably fast machine, to get the WEP key.
The next thing to make sure is that if the information you're sending is rather sensitive, that you send this information to a site which is using SSL. SSL encrypts your data on your PocketPC itself, all the way through the WiFi router/access point, over the internet, bouncing off of satellites - whatever, until it reaches the destination website where the data is decrypted again. The odds of anybody cracking that signal are *very* slim. It can be done, but it takes ages and ages on multiple computers for even the simplest of SSL encryptions. The 'dumb' way to check whether the site uses SSL is to see if the URL starts with "https". The 'proper' way is to check if the padlock icon is 'locked' in PIE (left of the address bar).
The third thing, if you're using e-mail, is to use an e-mail encryption application, such as PGP. I'm not aware if any exist for PocketPC, but I'm sure they do. These basically encrypt your message in a way that it can still be sent by plain e-mail. The recipient then decrypts the message again on their end. Based on the encryption method used and the length of the message, it would take quantum computers to decrypt it to anything meaningful.
--
For those wondering whether you do indeed need a Firewall - no, you don't. You may wish to look into some basic BlueTooth protection if you leave that on a lot, but other than that there are no real intrusion points for a PocketPC that you'd have to be worried about.
Microsoft may turn the PocketPC into some ueberplatform in the future which would make it more vulnerable, or maybe they learned their lesson and they'll keep things fairly secure - who knows.
--
Now then.. as to why you're being rude...
First.. your post - what's with the bold blue text? Do you think it would get people's attention easier? Just makes it more difficult to read.
Second... you address a specific person, vijay555 - who is a very busy person. But even if he wasn't, it's a bit presumptious of you that 1. he would be reading this, 2. he would be interested in replying at all.
Third... you presume that people would go off-topic, in your original post (in large red type, at that). Why not have a bit more faith in fellow man and see what replies roll in, first? Then if people go off-topic, point it out and ask that they try and address the issue you raised in your post.
Fourth... when somebody does answer your post, even if it is a rather short reply, you tell them to either post a better reply, or not reply at all. Don't be surprised if many people will interpret this in a way that will make them not want to reply to any of your posts at all.
--
Edit: and such is the cost of typing long replies - other people reply before you
zeboxxxxxxxxxxxxxx lol
thatsmade me laugh :lol:
thanks mate
FROM ZEBOX (sorryabout the caps hope i dont hurt anyones feeling)
Now then.. as to why you're being rude...
First.. your post - what's with the bold blue text? Do you think it would get people's attention easier? Just makes it more difficult to read.
dude I LIKE USING COLOURS lol
Second... you address a specific person, vijay555 - who is a very busy person. But even if he wasn't, it's a bit presumptious of you that 1. he
would be reading this, 2. he would be interested in replying at all.
tust me he gets around!
Third... you presume that people would go off-topic, in your original post (in large red type, at that). Why not have a bit more faith in fellow man and see what replies roll in, first? Then if people go off-topic, point it out and ask that they try and address the issue you raised in your post.
Fourth... when somebody does answer your post, even if it is a rather short reply, you tell them to either post a better reply, or not reply at all. Don't be surprised if many people will interpret this in a way that will make them not want to reply to any of your posts at all.
all in one, the amount of threads iv read where the converstion has gone off topic----------- so had to make that clear,
andbeing honest Im having a lugh so i dont want anyone to take it personaly if Imake a checky comment,
and zeboxx this ones just for you
You still don't need a firewall for your Pocket PC.
A firewall in the sense I understand it is a filtering application which brackets network access: rejecting unsolicited packet, applying appication based rules and optionally, performing some filtering on incoming content.
You don't need one, because: there is very little need to restrict application access to the network - malicious apps exist, but its so difficult for them to gain a foothold on your PPC without you knowing about it. So on a clean PPC, a firewall does nothing useful. Dropping unsolitcited packets is nice, but your PPC is mobile - not always connected and therefore of extremely low risk of network intrusion - AFAIK, I've never even heard of a case.
Save your money and CPU and carry on. P.S. PPC AntiViruses are similarly useless, don't listen to PR hype.
@@ ward
Ward thanks for that between you and snorbaard my questionshave been answerd
regarding firewalls and website security!
thanks dude
ward, zeobox Suggested that i was rude to you andmay have hurt your feeling , well my apologies hope we can b friends :lol: lol
cheers bud
RE
Quote
"c) More importantly, you won't FIND any firewalls for Windows Mobile."
AIRSCANNER has one, however, its not currently for WM5 yet
Here:-
http://airscanner.com/downloads/firewall/firewall.html
Keep a close watch on AIRSCANNER for the WM5 version though
RE
ZeBoxx
How to protect your PPC when you're surfing at free hotspots?
I believe that the response should be "You don't need a firewall for your WM5 device - yet."
It's very possible that there are vulnerabilities present in WM5 O/S that simply have not been found yet. There may even be vulnerabilities in WM5 that allow people to reset your device remotely, edit and remove information, etc.
Why would there be vulnerabilities in WM5?
Firstly, its made by Microsoft, and Microsoft has a very bad track record when it comes to this type of thing. Secondly, even if all preventions towards vulnerabilities were taken by Microsoft, it's always possible for one smart hacker to link together something that nobody has ever thought about before. Basically, vulnerabilities are always possible.
If there are vulnerabilities in WM5, why havent I heard about it yet?
Currently the number of devices running WM5 are very small. Theyr also very new, and thus hackers havent really begun to try. It only takes one good enough hacker to do it, though.
Therefore I don't think ruling out firewalls as being irrelevant to WM5 devices is the right way to go about it. Currently, theyr not needed, but who knows? In a months time we might all be scrambling for a firewall as some worm runs riot deleting our files..
It would probably be nice to have a firewall available, anyway. 8)
Just thought I would post to point out that when you go online using GPRS most service providers give you a NAT connection which is in practice the same as a firewall. No incoming connections are allowed, you don't have a public IP address.
This is largly because if you had a public IP all the viruses on the net looking for unsecure Windows machines would flood out your GPRS connection and use up all your credit without you doing anything.
chinnybob said:
Just thought I would post to point out that when you go online using GPRS most service providers give you a NAT connection
Click to expand...
Click to collapse
Very true - also, nearly all wireless hotspots will do the same thing, generally decreasing the amount of potential hackers to only other users sharing the same hotspot.
If your device ever gets hacked while using a hotspot, look around for the guy with the laptop trying to look the other way. :twisted:
As I understand it, there's built in facilities for port redirection and monitoring in Windows Mobile already. Whether or not you'd wish to use it for anything is down to a coder.
As everyone is saying, there are two distinct issues I see here:
1. Are your communications secure between PDA and Server?
2. Is your PDA secure to external intrusions?
Question 1 is addressed above. Use appropriate good sense, keep an eye out for SSL and https and always be weary of transmitting anything sensitive over an open channel. Would I use my PDA to buy something over the net? Probably not - I barely trust my PC browser (and I wrote and secured it myself), and although there's little reason to trust PIE less, that's not a high state of confidence. I always half expect to get cheated/identity theft-ed over the net. But use good common sense, reliable traders and be weary of all open connections that you don't control.
Question 2.
Intrusions. Again, as everyone is saying - as of now, there's not an enormous amount of damage that could be done to your PDA even if someone could stomp all over it without your knowledge. Worst case, you need to hard reset, and someone steals all your personal info.
However, there aren't many well known exploits that you need to worry about. But, that probably means that there are exploits known to those who would be interested in you.
However, since you're wifi roaming, it's likely your IP is dynamic. Somebody would have to have an idea of where you are and be particularly interested in finding you on the net to track you down. (although that's easy enough to do if they know your habits. Server logs give a wealth of info for free! I can see many visitors to my website directly from warez sites. If I wanted to backtrace to an ISP, a server or a user, the info is there in front of me)
So, someone can find you on the net. They then need to identify you as using a PDA they can exploit. They have to know exploits. They can then get access to your system. What's the worst that can happen? As everyone says, be weary of carrying very sensitive info on you phone, at least unencrypted. They're small things prone to theft and loss. If you would worry if it was stolen from your hand, don't put it on there, or encrypt it. Doubley so if you're using public wifi.
There are exploits to take advantage of your system. I'm working on stuff that could easily be classified as a trojan, and there is live code, years old, demonstrating the techniques.
Best advice: be careful. Your PDA is naked compared to your PC (which is firewalled, anti virused, and anti-spyed already. right?) Just because no one is interested in looking at your PDA's undies, doesn't mean you should flash them around. Use good sense on all public networks. However, given the hardware limitations of our PDAs, I'm inclined to say, better to leave it unprotected but not at risk (ie not carry highly sensitive info), then have CPU intensive protection that's counterproductive and unlikely to be needed most of the time.
Others would have different priorities. You have to judge what you have at stake.
V
VIJAY thanks for the reply your thoughts are allways much appericated.
when you say you have secured your own browser is it a programme that's available on your site or a 1of thing that you did? someone else advised me that netfront 3.3 (or what ever the latest version is) is more secure then ie any thoughts on that.
thanks
N2h
p.s zeooooooobox guess ur sorry ass was wrong after all.
N2h said:
VIJAY thanks for the reply your thoughts are allways much appericated.
when you say you have secured your own browser is it a programme that's available on your site or a 1of thing that you did? someone else advised me that netfront 3.3 (or what ever the latest version is) is more secure then ie any thoughts on that.
thanks
N2h
Click to expand...
Click to collapse
He said quite specifically his PC browser. (i.e. not a browser on his phone)
As someone said earlier, just make sure the little padlock is there. SSL encryption is good enough for most things.
Thinking of getting one of these, any one here have experience of these two apps and any recommendations ?
Thanks.
Hello,
Actually I have pretty much experience with CodeWallet, eWallet and FlexWallet. I've been using eWallet for many years and recently switched to CodeWallet. There is a serious security issue with eWallet. It appears the Category names are in plain text unencrypted format !! Altought the actual cards are encrypted, I wouldn't be so happy for a thief to be able to see what I am hiding inside (i.e. Bank Accounts etc..) Sometimes the category name itself is something you would want to protect. That's why I switched over to CodeWallet even though CodeWallet provides only 128 bit encrptiong while eWallet provides 256 bit, though again with no category encryption.
MOBILER
Thanks for pointing that out.
I agree with you , eWallet is now off my list.
The other option I am looking at is instead getting Sentry 2020 which creates an encrypted mount. Then just have my sensitive info in Excel spreadsheets on that mount encrypted. Perhaps the encrypted mount can be my external storage card.
http://www.softwinter.com/sentry_ce.html
http://www.geek.com/hwswrev/wince/sentry/index.htm
Any opinions on this ?
Gut feeling , CodeWallet seems best all rounder so far.
hey linuxgeek
from my own personal experience, I've used many encryption programs and found all to have flaws except for this one: CryptoStroage which I eventually purchased.
It's key benefits is unlimited size - most other programs have limits of a few Mbs. with this program I can mount a few houndred MB volume on my SD Card where I put all my scanned documents in and view them with acrobat reader.
Another key benefit it has a desktop version so you could use the same volume to mount on your desktop pc. very neat, instead of going to the ppc each time. It is the most fast I've tested and is super easy to use. It looks like another SD card storage.
I think I've tested Sentry 2020 and found it was inconvenient for me.. but i'm not sure.. I may have not tested the recent version so I don't know. but I see Sentry costs $50 and Cryptostorage costs $20.
Let me know if there's something else i can help you with.
Great tip thanks for that.
Cryptostorage looks fab , definately going to get it.
Do you think its worth getting CodeWallet also or shall I just get Cryptostorage and like metioned earlier keep all my info in excel/word files inside the safe ?
Thanks for all your input.
Looking at Cryptostorage website it doesn't mention it works with Windows Mobile 5 .
Are you or any one using on a Universal with WM5 ?
LinuxGeek said:
Looking at Cryptostorage website it doesn't mention it works with Windows Mobile 5 .
Are you or any one using on a Universal with WM5 ?
Click to expand...
Click to collapse
Hey,
Yes it works on my Universal just fine. I found it to be the most convenient program among the encryption programs.
I do suggest getting Codewallet as well. It is not convenient to mount a volume each time, then fire up excel if only to check for a password. I personally have all my passwords, maybe a hundred stored with Codewallet and I also enjoy the Desktop version, which is easier to use when working on the desktop PC. I use my wallet file on the Synced My Document folder and then the desktop version and the PDA version are synced with the latest wallet file each time.
Thanks for reply.
I am moving towards getting eWallet and using cryptic category names because of its 256bit encryption.
I am definately going to get Cryptostorage too now that u confirm it is fine under Universal.
Thanks for all your input mate.
Anyone used cryptocard? I've been thinking of changing from myCodes Lite to this. myCodes seems OK but is a little slow.
Anyone ever wondered, how comes that CodeWallet can sync your Desktop/Mobile wallet without any password entered?
I guess they encrypt the data by record and keep a timestamp unencrypted. But this way if you often use the same login name and have many similar forms (Username, Login, URL), an attacker could get the password somehow, I think, since there is always the same beginning of the records.
It's something like security vs. sync-without-password-prompt. Where as 128bit RC4 isn't "strong" encryption nowadays anyways. I'm a bit concerned about the *real* security of this app...
Cheers,
-mARKUS
CodeWallet insecure
CodeWallet now is a NO GO for me. Found some patched EXE-file of its Desktop-version, where you can enter *any* 3-digit password to open your file. This is not security, this is INsecurity par excellence.
Cheers,
-mARKUS
UPDATE:
- Windows Mobile Security Software fails the test (info about header-copy to open files)
- mininova (first mention of this security flaw)
- PxDxA (detailed infos about this flaw)
Hello all,
First of all, thank you for reading me, and sorry for my approximative english (sometimes ^^).
I am quite not good at marketing, and so I am asking myself a lot of question. At my university, I was specialized in software security, and I worked for a french computer science laboratory, itself specialized in discovering elliptic curves for asymmetric encryption. So, my internship at this lab was to make an encryption library, using weirstrass curves, instead of the ones that NSA advised to use.
Just for feedback, in encryption, elliptic curves are like the next generation encryption system. For instance, a 521 bits key in elliptic is equivalent to 15360 bits in RSA standard system. It is simply more efficient and less consumptive.
The NSA advised to use 2-3 different curves and give them freely on internet, but it is not without knowing that they can crack it fastly than normal curves. For instance, with Weirstrass curves, a super-computer can take 1 month to decrypt only a 150 characters long message.
So, I come with this next-generation encryption library (except the bugs ^^), but I really do not know how to use it efficiently.
I am currently a Mobile Application Developer, so I thought about mobile applications, in SMS apps, or email apps for instance, but there are plenty of this apps which already exist, and I have just this elliptic thing that gives me an advantage, but I think that average people will not even look at it ! ^^
So, this is it, do you think my ideas could be interesting, or without a real future, since the concurrence is too strong and my advantage not so well-known ?
And another question, in my SMS app idea, could I get for instance the Cyanogenmod SMS app sources, since they are open source, modify them and publish them on my own account, with of course mentions to the creator etc.. ?
Thank you again for reading me.
Regards,
Olivier.
I think this sounds very cool.
the truth is, there usually ten or twenty other apps that do the exact same thing. And your method seems to be a big leap forward.
I think you should go for it.
Thanks for you answer.
That is true that there are plenty applications for the same thing.
My fear is most that "normal" people will not be attracted by the product if they do not even know what it is talking about (it is true that it is very technical and mathematical).
And I forget, as I am french, and the library was initially developed in C++, could I freely and without beeing attacked by Copyright or else reproduct the library and its algorithms (which are public) in JAVA ? (it is more a juridic question though).
And for the CyanogenMod SMS app, do you think I can take the sources and modify them ? I am truly bad at design so it can be a very good step for my app xD
Thank you beforehand.
Regards,
Olivier.