Is there anyone who has done this, kind of like recording the phonecall... Though my query is slightly more advanced, I would like to see a Crypto program creating secure phonecalls using WM5...
So we would need to capture the datastream incoming(to decrypt) and outgoing to crypt, this creating a nice safe way to talk to your...friends... Anyone else up for this project?
Or any feedback on the concept?
...and...
i dont think its only me intrested in this so ill send this source code aswell from a company that works from a PC via isdn... This company sells cellphones with encryption...
http://www.cryptophone.de/support/downloads/downloads.html
Dont know if this could help in the initial stage?
Ps.
A similar software does exist (180 dollars per phone + all your details are sent to australian gov) www.securegsm.com
Anyone up for the task?
Re: ...and...
it is impossible to intercept the audio data coming through PPC unless your hardware is specially designed for it and it provides you a specialized API for doing that. All crypting software encrypts calls via doing CSD calls and senging data. There is another program - www.cryptophone.de
this looks like a HTC anyway...
http://www.cryptophone.de/products/CP220/index.html
???
Then how can secureGSM do it in a software made for any WM5?
So theoretically i dont think there is a problem there....
SecureGSM is an end to end app, which I suppose all such apps would have to be.
As such, it almost certainly doesn't need to pick up the phone/modem audio path (which as Mamaich says, seems to be impossible without a particular hardware implementation), but just use the normal microphone and loudspeaker recording/playback functions.
V
AddeBC,
Vijay is right. SecureGSM is working on the same principal as criptophone.
Establish a modem connection between two devices running the same software run a negociation with the network (v.110 is much faster then v.32) start a data connection with the other dude...the stream that the mic receives is encrypted and sent over to the other party there the software decrypts the stream and plays it troughout the speaker.
There were quite a few threads regarding csd connections between phones so could start from there.
The only thing that you're going to miss in this deal is the logistic for selling the software + phone.
Cheers,
Raul
I often thought of adding this as a feature of GSMbeam but I just can't think when I would ever really need it. It would be cool to communicate without the possibility of Big Brother knowing what is said, but what would you say?
To sell this kind of software may also bring you in contact with undesirable groups, criminals or terrorists are propably in need of good voice call encryption.
To do this it will have to have a reletively low quality of sound because of the poor data rate on voice calls. How would one go about encoding the sound to data? Are there any off the shelf open ended codecs for this purpose or would the work need to be done from scratch?
OdeeanRDeathshead said:
......To sell this kind of software may also bring you in contact with undesirable groups, criminals or terrorists are propably in need of good voice call encryption....
Click to expand...
Click to collapse
as per SecureGSM FAQ:
http://www.securegsm.com/pages.php?pageid=16#4
Is your software designed to support criminals and terrorists?
Absolutely not! We do not condone any such activities, and take extreme care to ensure that our products are used to prevent, rather than encourage criminal or terrorist behavior.
AddeBC
AddeBC said:
A similar software does exist (180 dollars per phone + all your details are sent to australian gov)
Click to expand...
Click to collapse
End User Details are being collected as part of identity verification procedure.
First name, Second Name, living address, phone number and contact email address. I suppose, this is standard practice. We do not support criminals and terrorists and would not sell if in doubt.. At the same time our software does just what is says to do: encrypts phone conversation end to end to the military standards and beyond.
It is buyer's resposibility to provide correct information on the order form.
see this page for details:
http://www.securegsm.com/pages.php?pageid=26
Also, I suppose providing end user information to the Australian Government does not automaticaly lead to the conclusion that SecureGSM is flawed or insecure, has master key, back door or leaving any other way to interfere with contents of SecureGSM encrypted conversation. And no! Big Brother does not know what is said..
Any way, if terrorists or any of the countries listed there want call encryption they would not trust their lives to someone elses software. I am sure they are smart enough to write their own.
As for the laws governing the sale, that just makes me mad. I do not trust John Howard, I think I should have the right to a private conversation without registering it with him. I guess that is the beauty of computers. Computers make the world go round and its the size of your brain that gets results not politics.
Well, for a less.. 'big brother-ish' scenario, I would, personally like to have my line phone to be encrypted, as it is way much easier to have someone bugging your phone line.
However, for a cell/mobile phone, it is relatively difficult for amateur people to bug it, right? What are the chances that someone around you that is interested on your conversations, is capable of intercepting your mobile/cell phone calls.
Raseac Secure Phone - for WM 2003 and WM 2003 SE
This looks worthwhile! Downloads are available from the website for testing.
[Also, as a side note, I have been in touch with Phil Zimmermann, the creator of PGP, and lately of Zfone (crypto SIP phone for XP/Linux/Mac), and he says he realizes the importance of the Pocket PC platform and is considering ways of implementing Zfone for Pocket PC.]
Code:
http://www.raseac.com.br/
Encryption system for end-to-end secure voice communication. It was developed to be used in palmtop computers running Microsoft PocketPC 2003 e 2003SE (Intel).
When installed in a palmtop connected via modem to a telephony system (fixed or mobile), it allows your company and your business a secure means of communication anywhere around the world.
Since Raseac encryption technology was developed for high capacity processors, it allowed for the implementation of state of the art security, featuring:
* Exceptional sound quality;
* 256-bit encryption key;
* Encryption technology based on the Rijndael block cipher (AES);
* CBC, Random IV, Time Stamp, Integrity check by MAC/SHA-256;
* 100% protected against "man in the middle attack";
* No backdoor.
Need for secure phone line; the brazilian site and others
Well, I'd say that common people don't have much to worry about being tapped... Usually, nothing that sensitive is talken EVER over line.
Things begin to change when you are involved with something sensitive, be that legal or not. Most of the guies who work with corps, above management level may have some need from time to time, to be contacted that way by a superior. From director and up, depending on what kind of business the company is into, it IS a must!
People who work with security, government and other agencies may need it. As already said, people who work with barely legal to blatantly criminal stuff are always in need of such trappings. I think terrorists end-up on that class.
Equipment, hard and soft is always expensive and cost prohibitive for most of us.
Paranoid, techno-junkies and just curious people may want it, just to have.
Since I fit two or three of the said categories, I would like to put a program like that on my cell phone...
Just for the sake of having it there!
(mind you! Curious, telecom and management+ position...)
That said, a basic voice scramble-de-scramble program is OK for me!!!
(the more open-source, the better!)
About the brazilian company, they changed the site's name to secvoice. I tried to have a look-see on their specs but they ignored my e-mail and so I've done with it.
Related
I want to search around me for ppl with bluetooth phones or PDA's. Is there any good program for that? It should work with pocket pc 2003.
Have a nive day.
Let's see:
1) First post
2) Looking for sniffer software to detect people using bluetooth around you.
I'm thinking you're in the wrong place unless you can come up with a good reason to want to do this.
db
blutooth sniffing / packet insertion / snarfing.
Bluesnarf will compile and run if used with the litmus toolkit..
bluesnarf
cool, but where do u get the prog from?
mate,
try this out; app is called "meeting point". i copied and pasted the details from the web; as seen below:
===================================
Description:
This application is designed to search for -and to communicate with- other instances of itself running on other devices using Bluetooth.
When two or more MeetingPoints are within Bluetooth working distance, they will automatically exchange messages.
Meeting somebody for the first time and worried if you could identify the right person?
Need to meet a client on airport, bar, or another crowded place?
Just "tune" the same channel and it will fire an audible alarm when both meeting parties are close enough.
Do you want to exchange messages with anybody on working range? Just select the PUBLIC broadcast channel.
MeetingPoint works on many Operating Systems / platforms, such as PalmOS, Windows Mobile 2003, Windows 9x/NT/2000/XP and smartphones Symbian Series 60.
Every time a Bluetooth device is found, MeetingPoint communicates with it and attempts to perform a handshake. If the contacted device is also running MeetingPoint, and is "tuned" in the same channel, they will exchange messages and its users will hear an alarm notifying of the arrival of a new message.
MeetingPoint uses Bricenter's FDE (Fast Discovery Engine). FDE algorithm is based on statistical probabilities, and works well in the real world.
In a real situation, devices launch MeetingPoint at a random time and far away from the actual meeting place. When they enter the "meeting zone", their Bluetooth states are "shuffled" enough and, according to statistical probabilities, the "contact time" should be minimal. This is a critical feature designed specially for cases were people are moving.
MeetingPoint will redefine "bluetoothing" to a new level.
===================
cheers
robson
bluesnarf
ok thats cool, but what about the forced entry abilities that 'snarf claims to have? i think the only way to protect myself from it is to understand how it works.
Smiley
Re: bluesnarf
smiley_thing69 said:
i think the only way to protect myself from it is to understand how it works.
Click to expand...
Click to collapse
How about turning off Bluetooth?! :lol:
No, seriously..
I don't consider bluesnarfing and bluejacking such a big deal, but it would be fun to try it..
Lemme know it you find "bluesnarf1.0_ARM.cab" or something..
Since when I am using Microsoft smartphones and pocketPCs I'm missing a simply software that even on Nokia was available two years ago...
I'm talking about an ANSWERING MACHINE who simply answers an incoming call, play a message, record a message (and let me listen in real time, in order to decide if to answer or not). A plus would be contact list management to have answering machine to answer only a certain number.
Is it SO difficult to program such a program? why nobody didn't think of it until now? is there any hardware problem that doesn't allow this program to be developed?
:?:
Regards,
RiCCiO
I'v asked around in a couple of forums too, but it doesn't seem to draw any attention. so yeah, it'll be great if someone can let us know why this is so hard to realise.
I think that PPC PE is a relatively young OS for mobile phones and as such there are alot of things that may be missing or lacking in terms of the phone part (God know's some things are missing from the PDA end as well) so give the OS a chance to grow some more and maybe we'll be getting the features we want sooner or later I think the diff between Nokias and WindowsMobile devices is that Nokia started out as a Phone company while MS did not. They have a lot of catching up to do.
It might also be due to a lack of documentation of the windows API. Also the built in notes program doesn't allow you to record phone calls. I read that this was possible in recent versions of Windows Mobile/WinCE. It might be due to law restrictions in some countries, where it is prohibited to record someone's call with out notifying him. If you provide an interface for a callers' voice data, then you could program an answering machine but also a voice recorder. That might be the reason why this interface could be undocumented or even closed to applications which are not from Microsoft. The built-in phone application proves that there is such an interface existing. I think, if it could easily be programmed, such a program would exist already.
I'm looking for an anti-theft app. I don't know if it exists yet.
Is there an equivalent to the symbian phone apps "Anti-thief" or "EzProtect"? It has some nice features to let your pda "phone home" when someone is tinkering with it, or you can remotely disable your pda by sending a password though sms.
I've been searching over the net and found "Kill-pda" but that can only erase the device completely by sms. Thats a bit overkill :lol:
I hope someone knows, because i learned the hard way that you really need an app like this. My phone got stolen once and I got a Huge A$$$ bill for calling to egypt en italy
edit: I found this description for EzProtect:
The application sends an SMS to your specified number as soon as the SIM card has been changed. By this way, you receive SMS on your friend's (or whoever's number u defined) cell with the thief's cellnumber and SIM number (IMSI) so it becomes very easy to track the thief.
I definately want an app that can do this. And I can imagine a lot of people wanting it too.
There was a discussion about this on HoFo in Oct ober when people first started receiving their Wizards. I think BTT (BeyondtheTech) mentioned something about it. I'll see if I can track it down this evening.
It certainly would be cool.
Check this out! http://www.ppcsg.com/index.php?s=0c0cedfa906ae1b85f844fb7b497def6&showtopic=65021
Hope this works. I have not tried this myself.
Thanks a lot for your help, but that was the program i mentioned in the threadstart "PDAKill".
The only thing it can do is erase the device completely when you send a sms to your pda containing a predifined password.
But when the thief takes out the simcard and puts in his own, then this program would be useless.
Guys, if I've seemed distracted for the last few days, this is why:
I've been working on a program called VJAccioPhone.
It is used to detect if your phone has been stolen and to permit remote use of the stolen phone. Your phone doesn't have to be stolen, eg if for some reason your wife is likely to discover your "niece's" affectionate messages to you, you can send a password protected remote keyword to format your phone and hardreset it. I'm sure you can think of better examples!
It's an expansion of some code I wrote for my unreleased plugin, VJEphemeris, which you can read about here. The release version allows you to do pretty much anything you can do with the phone when it's in your hand, all remotely. Destructive and constructive control.
This is a pre-announcement. I don't like preannouncing, but unfortunately this week I've been on a very limited programming quota due to the ministrations of my better half. So although the code is finally finished, it's being beta tested while I'm away on holiday. If all is well when I get back next week, hopefully I'll try to get it released!
Don't tell anyone else, but you can read about VJAccioPhone and see screenshots here. Please note, and don't ask, there is no download available at the moment.
V
Aside from that a program like this would be very handy, and I'm quite curious and will keep an eye on it myself, I advise everyone to activate the pin code on their simcard, and always call their mobile operator as soon as the phone is stolen so they can block your number to avoid getting high bills as the topicstarter said... You should also be able to get your number back easily by requesting a new sim card and having your mobile number set to that simcard again.
This may seem obvious to some people, but I just wanted to post it anyway since a lot of people are still not aware of these simple ways to protect yourself.
Absolutely true; in England, the police aren't interested in persuing phone theft, but for you own benefit, you must always have your IMEI blocked and the phone reported stolen immediately to prevent you being charged for calls.
VJAccioPhone will be able to report back to you even if the IMEI has been changed or it's being used abroad etc. It's more for protecting your data on the stolen phone then getting the phone back. Frankly, any thief would do better to throw the phone away then persue cracking strong protections. Stolen phones are easy enough to come by! However, at least a nice passer by might be able to get in touch with you!
V
Sounds great! Would it be possible to enable the phone ID (Where you can enter your name and contact details) thought this might be good if it was ever found (or part of the hard reset).
Wauw, this is great stuff Vijay!
If you need a beta-tester on the wizard platform, i would highly recommend myself
This would be excactly what everyone needs 8)
Would it be possible to save the configuration settings? Because my idea would be to include the cab file in my extended_rom, and thus make it install itself even after a hard reset. This would mean that the configurations settings also have to be loaded after the hard reset.
Keep up the great work Vijay
frigit: if you mean enable password screen, yes, should be no problem. however i'm thinking of writing a better custom password screen using some strong encryption, with optional destruction on failure.
leploep: of course, it's designed for extended rom etc. right now protection works as a ta k, for the demo, but i'll be writing protection into an invisible app. Remote control is already complete and works transparently when triggered, so the thief won't even realise what you're doing ie there's no sign of the control smss being received to the thief.
eg you can background call the police from the stolen phone
more when i'm back from holiday next week!
v
This is starting to sound like a killer app - pun intended 8)
I'm in for sure when you get this finished, Vijay!
Already finished for the demo version!
kept me quite busy, developing three intersecting programs, like playing chess! but they all seem to work ok. a friend is testing it hopefully this week then i'll see what i can do for wider release when i get back...
v
Well vijay555 , you can put me on the list of very interested persons on buying this soft.
Cheers mate.
vijay will this work on all the wm5.0 devices??
i.e. I have the pda2k with wm5.0 and have been looking for a prog like this since i got my device, also is it possible to keep this program after hard reset ?? as you know if a hard reset is done the data is gone, but the user now has an expensive device to start playing with
it's not been tested on wm5 at this time, actually because the guy testing has a wm2003 motorola - gulp! but everything i write is normally wm5 & wm2003 now. there is no reason why it's not wm5 compatible but i'll ensure it is before release. i can certainly say, to my pain, the hardReset keyword is very wm5, i activated it by accident in testing.
retaining it after hard reset is only possible, as far as i am aware, by using a custom ext rom or rom.i've not tried it on my magician or universal, but hopefully your device in particular ext rom customisation is possible. at this time it uses registry & normal exe/dll files to run, so no reason it can't be ext rom'med. hopefully this will be confirmed in testing shortly.
if anyone can think of any particularly useful remote keywords to incorporate drop me a line. as it is, the full version will permit remote .exe launching so it can do pretty much anything
v
a lot of us have paid an arm and leg for our devices so having that extra peace of mind,knowing that if your device is nicked your going to make it as hard as poss for the theif to try and profit from your loss.
vijay all the best mate so far your app looks very promising iv got the exec running WM05 so if you need a beta tester let me know LOL
and guys if you report your phone as lost make sure your service provider is also going to blacklist the device!
I work for Vodafones in a call centre in the birmingham, UK,but the amount of customer services that is outsoursed to other non vodafone call centres based here in the UK its unbelievable! the amount of complaints I deal with and customers accounts that I come across where the outsourced twats
will admin bar your sim card but not blacklist the handset!
anyway I'll keep my eyes open for any more theftbashing apps and will post on here.
N2h said:
I work for Vodafones i
Click to expand...
Click to collapse
But have an O2 phone.....
Whow V.
Looks very very promising.. !
Great Job man :!:
i'd be happy to check it on my devices :wink:
Cheerz
lol mcwarre
even with our staff accounts we can't get the pdas as they are only available for busniess customers to be honest with you don't know why vodafone is stupid enough not to sell to normal consumers its the biggest network in the uk,
the staff phones we do get we gets 12 months line rental free lol
annnnd from all the universals I think the exec with its black shell looks the most stunning-the white shell devices just look a tad bulkier! lol
Hi Guys
Is there a good firewall that we can use with the universal? Do we really need one?
when i browse the web on my Exec i use it over wifi so is that safe, (my home is protected BUT what about the free HOTSPOTS in the city centre <I trust star bucks with my coffee-do I trust them with my internet security?
Would any of you guys use your PDA's webpage to buy something from a website (ebay) or even online banking?
Im not to fused about someone hacking my PDA through my wifi/internet connection, come on the way I look at it, if some one is that good Im sure they have better things to hack then mine! lol
Im more concerned about if I am going to log onto ebay's webpage how secure is my information while its being sent from My PDA browser to there server?
IL appreciate everyone’s thoughts on this!
YES VIJAY that includes you as well,
GUYS KEEP YOUR REPLIES IN RELATION TO THIS THREAD, if you want to talk about your aunty janes cats dogs friends sisters leg, start another thread!)
You don't need one.
Ward said:
You don't need one.
Click to expand...
Click to collapse
could you explain why, please?
@ WARD
why dont we need one? because you say so? lol
come on mate you can not give a one sentence reply and walk away from this, do you know how long it has taken me to write the post?
unless you a allsinging alldancing knowit all---------, well even if you are, give a better reply then "you dont need one"
or dont post at all.
you dont need one
You don't need a firewall now, because:
a) No tools for the PPC are really available at the moment, and
b) What exactly are they going to do when they hack in?
c) More importantly, you won't FIND any firewalls for Windows Mobile.
But as to the question of how safe is the information being sent to eBay; well, Pocket IE (Internet Explorer Mobile) is based off IE 5 and 6, with the same security levels. So if you access something with that little lock icon on, you're pretty secure.
If not, you're taking the same risk as normal browsing.
OK guys come on give better answers then "you dont need one"
we are not all mind readers,
:?:
breakit down, whywe dont need one?
how safe is your data when its sent from your device?
try to read my intial thread and reply to the points in there,
I am sure that you are not naive to think we dont need one because our networks tell its its safe or because microsoft does,
How many times has microsoft security been compermised?
Networks- remmber t-mobile? when there servers where being hacked (one good thing that came out of that was pairs hiltons EMAILS! along with the secrect service but with parisss its was more of like many online service providers, T-Mobile.com requires users to answer a "secret question" if they forget their passwords. For Hilton's account, the secret question was "What is your favorite pet's name?" By correctly providing the answer, any internet user could change Hilton's password and freely access her account. and her pet dog name is!!! Chihuahua
http://www.theregister.co.uk/2005/01/12/hacker_penetrates_t-mobile/ )
@ snorbaard
thanks dude
N2h, you're being rather rude, so I would have expected a lot more "you don't need one" replies by now just to spite you. I'll answer your question first, and then detail why I believe you're being rather rude.
--
What you're asking about isn't really a firewall. A firewall is used to prevent certain communications either coming into a machine, or going out of it. E.g. a firewall could be placed on outbound port 80 to prevent users from browsing 99% of the web, or a firewall can and should be placed on inbound port 139 to stop some older netbios 'attacks'.
What you're really asking about is whether the communication you do via your PocketPC - over wifi - is 'secure' in that others can't access your information. The answer to that isn't a simple yes/no - it will depend on a few things.
The first thing to make sure as that the access point you're using has WEP (Wireless Encryption Protocol) enabled. The bigger the key, the better. This will mean that 'over the air', your information will be encrypted. Anybody who would 'snoop' that information from the air will need a LOT of data, and a reasonably fast machine, to get the WEP key.
The next thing to make sure is that if the information you're sending is rather sensitive, that you send this information to a site which is using SSL. SSL encrypts your data on your PocketPC itself, all the way through the WiFi router/access point, over the internet, bouncing off of satellites - whatever, until it reaches the destination website where the data is decrypted again. The odds of anybody cracking that signal are *very* slim. It can be done, but it takes ages and ages on multiple computers for even the simplest of SSL encryptions. The 'dumb' way to check whether the site uses SSL is to see if the URL starts with "https". The 'proper' way is to check if the padlock icon is 'locked' in PIE (left of the address bar).
The third thing, if you're using e-mail, is to use an e-mail encryption application, such as PGP. I'm not aware if any exist for PocketPC, but I'm sure they do. These basically encrypt your message in a way that it can still be sent by plain e-mail. The recipient then decrypts the message again on their end. Based on the encryption method used and the length of the message, it would take quantum computers to decrypt it to anything meaningful.
--
For those wondering whether you do indeed need a Firewall - no, you don't. You may wish to look into some basic BlueTooth protection if you leave that on a lot, but other than that there are no real intrusion points for a PocketPC that you'd have to be worried about.
Microsoft may turn the PocketPC into some ueberplatform in the future which would make it more vulnerable, or maybe they learned their lesson and they'll keep things fairly secure - who knows.
--
Now then.. as to why you're being rude...
First.. your post - what's with the bold blue text? Do you think it would get people's attention easier? Just makes it more difficult to read.
Second... you address a specific person, vijay555 - who is a very busy person. But even if he wasn't, it's a bit presumptious of you that 1. he would be reading this, 2. he would be interested in replying at all.
Third... you presume that people would go off-topic, in your original post (in large red type, at that). Why not have a bit more faith in fellow man and see what replies roll in, first? Then if people go off-topic, point it out and ask that they try and address the issue you raised in your post.
Fourth... when somebody does answer your post, even if it is a rather short reply, you tell them to either post a better reply, or not reply at all. Don't be surprised if many people will interpret this in a way that will make them not want to reply to any of your posts at all.
--
Edit: and such is the cost of typing long replies - other people reply before you
zeboxxxxxxxxxxxxxx lol
thatsmade me laugh :lol:
thanks mate
FROM ZEBOX (sorryabout the caps hope i dont hurt anyones feeling)
Now then.. as to why you're being rude...
First.. your post - what's with the bold blue text? Do you think it would get people's attention easier? Just makes it more difficult to read.
dude I LIKE USING COLOURS lol
Second... you address a specific person, vijay555 - who is a very busy person. But even if he wasn't, it's a bit presumptious of you that 1. he
would be reading this, 2. he would be interested in replying at all.
tust me he gets around!
Third... you presume that people would go off-topic, in your original post (in large red type, at that). Why not have a bit more faith in fellow man and see what replies roll in, first? Then if people go off-topic, point it out and ask that they try and address the issue you raised in your post.
Fourth... when somebody does answer your post, even if it is a rather short reply, you tell them to either post a better reply, or not reply at all. Don't be surprised if many people will interpret this in a way that will make them not want to reply to any of your posts at all.
all in one, the amount of threads iv read where the converstion has gone off topic----------- so had to make that clear,
andbeing honest Im having a lugh so i dont want anyone to take it personaly if Imake a checky comment,
and zeboxx this ones just for you
You still don't need a firewall for your Pocket PC.
A firewall in the sense I understand it is a filtering application which brackets network access: rejecting unsolicited packet, applying appication based rules and optionally, performing some filtering on incoming content.
You don't need one, because: there is very little need to restrict application access to the network - malicious apps exist, but its so difficult for them to gain a foothold on your PPC without you knowing about it. So on a clean PPC, a firewall does nothing useful. Dropping unsolitcited packets is nice, but your PPC is mobile - not always connected and therefore of extremely low risk of network intrusion - AFAIK, I've never even heard of a case.
Save your money and CPU and carry on. P.S. PPC AntiViruses are similarly useless, don't listen to PR hype.
@@ ward
Ward thanks for that between you and snorbaard my questionshave been answerd
regarding firewalls and website security!
thanks dude
ward, zeobox Suggested that i was rude to you andmay have hurt your feeling , well my apologies hope we can b friends :lol: lol
cheers bud
RE
Quote
"c) More importantly, you won't FIND any firewalls for Windows Mobile."
AIRSCANNER has one, however, its not currently for WM5 yet
Here:-
http://airscanner.com/downloads/firewall/firewall.html
Keep a close watch on AIRSCANNER for the WM5 version though
RE
ZeBoxx
How to protect your PPC when you're surfing at free hotspots?
I believe that the response should be "You don't need a firewall for your WM5 device - yet."
It's very possible that there are vulnerabilities present in WM5 O/S that simply have not been found yet. There may even be vulnerabilities in WM5 that allow people to reset your device remotely, edit and remove information, etc.
Why would there be vulnerabilities in WM5?
Firstly, its made by Microsoft, and Microsoft has a very bad track record when it comes to this type of thing. Secondly, even if all preventions towards vulnerabilities were taken by Microsoft, it's always possible for one smart hacker to link together something that nobody has ever thought about before. Basically, vulnerabilities are always possible.
If there are vulnerabilities in WM5, why havent I heard about it yet?
Currently the number of devices running WM5 are very small. Theyr also very new, and thus hackers havent really begun to try. It only takes one good enough hacker to do it, though.
Therefore I don't think ruling out firewalls as being irrelevant to WM5 devices is the right way to go about it. Currently, theyr not needed, but who knows? In a months time we might all be scrambling for a firewall as some worm runs riot deleting our files..
It would probably be nice to have a firewall available, anyway. 8)
Just thought I would post to point out that when you go online using GPRS most service providers give you a NAT connection which is in practice the same as a firewall. No incoming connections are allowed, you don't have a public IP address.
This is largly because if you had a public IP all the viruses on the net looking for unsecure Windows machines would flood out your GPRS connection and use up all your credit without you doing anything.
chinnybob said:
Just thought I would post to point out that when you go online using GPRS most service providers give you a NAT connection
Click to expand...
Click to collapse
Very true - also, nearly all wireless hotspots will do the same thing, generally decreasing the amount of potential hackers to only other users sharing the same hotspot.
If your device ever gets hacked while using a hotspot, look around for the guy with the laptop trying to look the other way. :twisted:
As I understand it, there's built in facilities for port redirection and monitoring in Windows Mobile already. Whether or not you'd wish to use it for anything is down to a coder.
As everyone is saying, there are two distinct issues I see here:
1. Are your communications secure between PDA and Server?
2. Is your PDA secure to external intrusions?
Question 1 is addressed above. Use appropriate good sense, keep an eye out for SSL and https and always be weary of transmitting anything sensitive over an open channel. Would I use my PDA to buy something over the net? Probably not - I barely trust my PC browser (and I wrote and secured it myself), and although there's little reason to trust PIE less, that's not a high state of confidence. I always half expect to get cheated/identity theft-ed over the net. But use good common sense, reliable traders and be weary of all open connections that you don't control.
Question 2.
Intrusions. Again, as everyone is saying - as of now, there's not an enormous amount of damage that could be done to your PDA even if someone could stomp all over it without your knowledge. Worst case, you need to hard reset, and someone steals all your personal info.
However, there aren't many well known exploits that you need to worry about. But, that probably means that there are exploits known to those who would be interested in you.
However, since you're wifi roaming, it's likely your IP is dynamic. Somebody would have to have an idea of where you are and be particularly interested in finding you on the net to track you down. (although that's easy enough to do if they know your habits. Server logs give a wealth of info for free! I can see many visitors to my website directly from warez sites. If I wanted to backtrace to an ISP, a server or a user, the info is there in front of me)
So, someone can find you on the net. They then need to identify you as using a PDA they can exploit. They have to know exploits. They can then get access to your system. What's the worst that can happen? As everyone says, be weary of carrying very sensitive info on you phone, at least unencrypted. They're small things prone to theft and loss. If you would worry if it was stolen from your hand, don't put it on there, or encrypt it. Doubley so if you're using public wifi.
There are exploits to take advantage of your system. I'm working on stuff that could easily be classified as a trojan, and there is live code, years old, demonstrating the techniques.
Best advice: be careful. Your PDA is naked compared to your PC (which is firewalled, anti virused, and anti-spyed already. right?) Just because no one is interested in looking at your PDA's undies, doesn't mean you should flash them around. Use good sense on all public networks. However, given the hardware limitations of our PDAs, I'm inclined to say, better to leave it unprotected but not at risk (ie not carry highly sensitive info), then have CPU intensive protection that's counterproductive and unlikely to be needed most of the time.
Others would have different priorities. You have to judge what you have at stake.
V
VIJAY thanks for the reply your thoughts are allways much appericated.
when you say you have secured your own browser is it a programme that's available on your site or a 1of thing that you did? someone else advised me that netfront 3.3 (or what ever the latest version is) is more secure then ie any thoughts on that.
thanks
N2h
p.s zeooooooobox guess ur sorry ass was wrong after all.
N2h said:
VIJAY thanks for the reply your thoughts are allways much appericated.
when you say you have secured your own browser is it a programme that's available on your site or a 1of thing that you did? someone else advised me that netfront 3.3 (or what ever the latest version is) is more secure then ie any thoughts on that.
thanks
N2h
Click to expand...
Click to collapse
He said quite specifically his PC browser. (i.e. not a browser on his phone)
As someone said earlier, just make sure the little padlock is there. SSL encryption is good enough for most things.
Hi all,
In Turkey we have a fundamentalist government and they are doing everything to take Turkey out of a secular system into a islamic - religious one. For this reason, the government set up a special "listening" unit directly connected to itself and started to track and "listen" the opposite viewers phone calls etc. without valid court orders and take everyone under pressure. The official number is about 70.000 people, as the Minister of Justice has recently said; who knows the real number.
People here began to behave paranoid in order to avoid their conversations listened.
So what I am asking is if there's program for WinMo (like celltrack, net monitor, field test cell info for symbian) that will tell us using connection parameters that our phone is tracked or listened?
Answers will be appreciated.
Regards,
Interesting...
this is being done all over the world. it does not surprise me in the least. xda would be the right place to ask this question for sure. people need to stand up & stop putting up with this NWO crap.
Governmental and or intelligence services often cooperate with phone providers to get to the desired informations, which also includes movement profiles. In these cases you are not able to intervene as the informations cannot be blocked anymore once they get to the mobile providers.
If you are afraid of your freedom you have to go back to a communication level that is harder to track, like hidden messages in letters.
Commonly speaking: The more modern your way of communication is, the easier it is to track them.
PS: Not even the current US president is safe *SMH*
http://www.cnn.com/2008/POLITICS/11/21/obama.cell.breach/index.html
Oddly, this is the second time today with short interval (almost had it still in my clipboard) that I paste this link - https://www.gold-lock.com/app/FAQ. If I understand correctly, the soft will encrypt Your calls end-to-end provided that both ends use it.
other then encryption I don't see any way of doing anything as
the interception is not directed at the phone but at the phone central
so there is no way the phone can detect if it's being monitored
look here: http://wiki.xda-developers.com/index.php?pagename=Hermes_Utils
search for fieldtest on that page
Err yeah, you're part of the government trying to figure out the loopholes.
This belongs in the Q&A section
thank you