Related
Hi Guys
Is there a good firewall that we can use with the universal? Do we really need one?
when i browse the web on my Exec i use it over wifi so is that safe, (my home is protected BUT what about the free HOTSPOTS in the city centre <I trust star bucks with my coffee-do I trust them with my internet security?
Would any of you guys use your PDA's webpage to buy something from a website (ebay) or even online banking?
Im not to fused about someone hacking my PDA through my wifi/internet connection, come on the way I look at it, if some one is that good Im sure they have better things to hack then mine! lol
Im more concerned about if I am going to log onto ebay's webpage how secure is my information while its being sent from My PDA browser to there server?
IL appreciate everyone’s thoughts on this!
YES VIJAY that includes you as well,
GUYS KEEP YOUR REPLIES IN RELATION TO THIS THREAD, if you want to talk about your aunty janes cats dogs friends sisters leg, start another thread!)
You don't need one.
Ward said:
You don't need one.
Click to expand...
Click to collapse
could you explain why, please?
@ WARD
why dont we need one? because you say so? lol
come on mate you can not give a one sentence reply and walk away from this, do you know how long it has taken me to write the post?
unless you a allsinging alldancing knowit all---------, well even if you are, give a better reply then "you dont need one"
or dont post at all.
you dont need one
You don't need a firewall now, because:
a) No tools for the PPC are really available at the moment, and
b) What exactly are they going to do when they hack in?
c) More importantly, you won't FIND any firewalls for Windows Mobile.
But as to the question of how safe is the information being sent to eBay; well, Pocket IE (Internet Explorer Mobile) is based off IE 5 and 6, with the same security levels. So if you access something with that little lock icon on, you're pretty secure.
If not, you're taking the same risk as normal browsing.
OK guys come on give better answers then "you dont need one"
we are not all mind readers,
:?:
breakit down, whywe dont need one?
how safe is your data when its sent from your device?
try to read my intial thread and reply to the points in there,
I am sure that you are not naive to think we dont need one because our networks tell its its safe or because microsoft does,
How many times has microsoft security been compermised?
Networks- remmber t-mobile? when there servers where being hacked (one good thing that came out of that was pairs hiltons EMAILS! along with the secrect service but with parisss its was more of like many online service providers, T-Mobile.com requires users to answer a "secret question" if they forget their passwords. For Hilton's account, the secret question was "What is your favorite pet's name?" By correctly providing the answer, any internet user could change Hilton's password and freely access her account. and her pet dog name is!!! Chihuahua
http://www.theregister.co.uk/2005/01/12/hacker_penetrates_t-mobile/ )
@ snorbaard
thanks dude
N2h, you're being rather rude, so I would have expected a lot more "you don't need one" replies by now just to spite you. I'll answer your question first, and then detail why I believe you're being rather rude.
--
What you're asking about isn't really a firewall. A firewall is used to prevent certain communications either coming into a machine, or going out of it. E.g. a firewall could be placed on outbound port 80 to prevent users from browsing 99% of the web, or a firewall can and should be placed on inbound port 139 to stop some older netbios 'attacks'.
What you're really asking about is whether the communication you do via your PocketPC - over wifi - is 'secure' in that others can't access your information. The answer to that isn't a simple yes/no - it will depend on a few things.
The first thing to make sure as that the access point you're using has WEP (Wireless Encryption Protocol) enabled. The bigger the key, the better. This will mean that 'over the air', your information will be encrypted. Anybody who would 'snoop' that information from the air will need a LOT of data, and a reasonably fast machine, to get the WEP key.
The next thing to make sure is that if the information you're sending is rather sensitive, that you send this information to a site which is using SSL. SSL encrypts your data on your PocketPC itself, all the way through the WiFi router/access point, over the internet, bouncing off of satellites - whatever, until it reaches the destination website where the data is decrypted again. The odds of anybody cracking that signal are *very* slim. It can be done, but it takes ages and ages on multiple computers for even the simplest of SSL encryptions. The 'dumb' way to check whether the site uses SSL is to see if the URL starts with "https". The 'proper' way is to check if the padlock icon is 'locked' in PIE (left of the address bar).
The third thing, if you're using e-mail, is to use an e-mail encryption application, such as PGP. I'm not aware if any exist for PocketPC, but I'm sure they do. These basically encrypt your message in a way that it can still be sent by plain e-mail. The recipient then decrypts the message again on their end. Based on the encryption method used and the length of the message, it would take quantum computers to decrypt it to anything meaningful.
--
For those wondering whether you do indeed need a Firewall - no, you don't. You may wish to look into some basic BlueTooth protection if you leave that on a lot, but other than that there are no real intrusion points for a PocketPC that you'd have to be worried about.
Microsoft may turn the PocketPC into some ueberplatform in the future which would make it more vulnerable, or maybe they learned their lesson and they'll keep things fairly secure - who knows.
--
Now then.. as to why you're being rude...
First.. your post - what's with the bold blue text? Do you think it would get people's attention easier? Just makes it more difficult to read.
Second... you address a specific person, vijay555 - who is a very busy person. But even if he wasn't, it's a bit presumptious of you that 1. he would be reading this, 2. he would be interested in replying at all.
Third... you presume that people would go off-topic, in your original post (in large red type, at that). Why not have a bit more faith in fellow man and see what replies roll in, first? Then if people go off-topic, point it out and ask that they try and address the issue you raised in your post.
Fourth... when somebody does answer your post, even if it is a rather short reply, you tell them to either post a better reply, or not reply at all. Don't be surprised if many people will interpret this in a way that will make them not want to reply to any of your posts at all.
--
Edit: and such is the cost of typing long replies - other people reply before you
zeboxxxxxxxxxxxxxx lol
thatsmade me laugh :lol:
thanks mate
FROM ZEBOX (sorryabout the caps hope i dont hurt anyones feeling)
Now then.. as to why you're being rude...
First.. your post - what's with the bold blue text? Do you think it would get people's attention easier? Just makes it more difficult to read.
dude I LIKE USING COLOURS lol
Second... you address a specific person, vijay555 - who is a very busy person. But even if he wasn't, it's a bit presumptious of you that 1. he
would be reading this, 2. he would be interested in replying at all.
tust me he gets around!
Third... you presume that people would go off-topic, in your original post (in large red type, at that). Why not have a bit more faith in fellow man and see what replies roll in, first? Then if people go off-topic, point it out and ask that they try and address the issue you raised in your post.
Fourth... when somebody does answer your post, even if it is a rather short reply, you tell them to either post a better reply, or not reply at all. Don't be surprised if many people will interpret this in a way that will make them not want to reply to any of your posts at all.
all in one, the amount of threads iv read where the converstion has gone off topic----------- so had to make that clear,
andbeing honest Im having a lugh so i dont want anyone to take it personaly if Imake a checky comment,
and zeboxx this ones just for you
You still don't need a firewall for your Pocket PC.
A firewall in the sense I understand it is a filtering application which brackets network access: rejecting unsolicited packet, applying appication based rules and optionally, performing some filtering on incoming content.
You don't need one, because: there is very little need to restrict application access to the network - malicious apps exist, but its so difficult for them to gain a foothold on your PPC without you knowing about it. So on a clean PPC, a firewall does nothing useful. Dropping unsolitcited packets is nice, but your PPC is mobile - not always connected and therefore of extremely low risk of network intrusion - AFAIK, I've never even heard of a case.
Save your money and CPU and carry on. P.S. PPC AntiViruses are similarly useless, don't listen to PR hype.
@@ ward
Ward thanks for that between you and snorbaard my questionshave been answerd
regarding firewalls and website security!
thanks dude
ward, zeobox Suggested that i was rude to you andmay have hurt your feeling , well my apologies hope we can b friends :lol: lol
cheers bud
RE
Quote
"c) More importantly, you won't FIND any firewalls for Windows Mobile."
AIRSCANNER has one, however, its not currently for WM5 yet
Here:-
http://airscanner.com/downloads/firewall/firewall.html
Keep a close watch on AIRSCANNER for the WM5 version though
RE
ZeBoxx
How to protect your PPC when you're surfing at free hotspots?
I believe that the response should be "You don't need a firewall for your WM5 device - yet."
It's very possible that there are vulnerabilities present in WM5 O/S that simply have not been found yet. There may even be vulnerabilities in WM5 that allow people to reset your device remotely, edit and remove information, etc.
Why would there be vulnerabilities in WM5?
Firstly, its made by Microsoft, and Microsoft has a very bad track record when it comes to this type of thing. Secondly, even if all preventions towards vulnerabilities were taken by Microsoft, it's always possible for one smart hacker to link together something that nobody has ever thought about before. Basically, vulnerabilities are always possible.
If there are vulnerabilities in WM5, why havent I heard about it yet?
Currently the number of devices running WM5 are very small. Theyr also very new, and thus hackers havent really begun to try. It only takes one good enough hacker to do it, though.
Therefore I don't think ruling out firewalls as being irrelevant to WM5 devices is the right way to go about it. Currently, theyr not needed, but who knows? In a months time we might all be scrambling for a firewall as some worm runs riot deleting our files..
It would probably be nice to have a firewall available, anyway. 8)
Just thought I would post to point out that when you go online using GPRS most service providers give you a NAT connection which is in practice the same as a firewall. No incoming connections are allowed, you don't have a public IP address.
This is largly because if you had a public IP all the viruses on the net looking for unsecure Windows machines would flood out your GPRS connection and use up all your credit without you doing anything.
chinnybob said:
Just thought I would post to point out that when you go online using GPRS most service providers give you a NAT connection
Click to expand...
Click to collapse
Very true - also, nearly all wireless hotspots will do the same thing, generally decreasing the amount of potential hackers to only other users sharing the same hotspot.
If your device ever gets hacked while using a hotspot, look around for the guy with the laptop trying to look the other way. :twisted:
As I understand it, there's built in facilities for port redirection and monitoring in Windows Mobile already. Whether or not you'd wish to use it for anything is down to a coder.
As everyone is saying, there are two distinct issues I see here:
1. Are your communications secure between PDA and Server?
2. Is your PDA secure to external intrusions?
Question 1 is addressed above. Use appropriate good sense, keep an eye out for SSL and https and always be weary of transmitting anything sensitive over an open channel. Would I use my PDA to buy something over the net? Probably not - I barely trust my PC browser (and I wrote and secured it myself), and although there's little reason to trust PIE less, that's not a high state of confidence. I always half expect to get cheated/identity theft-ed over the net. But use good common sense, reliable traders and be weary of all open connections that you don't control.
Question 2.
Intrusions. Again, as everyone is saying - as of now, there's not an enormous amount of damage that could be done to your PDA even if someone could stomp all over it without your knowledge. Worst case, you need to hard reset, and someone steals all your personal info.
However, there aren't many well known exploits that you need to worry about. But, that probably means that there are exploits known to those who would be interested in you.
However, since you're wifi roaming, it's likely your IP is dynamic. Somebody would have to have an idea of where you are and be particularly interested in finding you on the net to track you down. (although that's easy enough to do if they know your habits. Server logs give a wealth of info for free! I can see many visitors to my website directly from warez sites. If I wanted to backtrace to an ISP, a server or a user, the info is there in front of me)
So, someone can find you on the net. They then need to identify you as using a PDA they can exploit. They have to know exploits. They can then get access to your system. What's the worst that can happen? As everyone says, be weary of carrying very sensitive info on you phone, at least unencrypted. They're small things prone to theft and loss. If you would worry if it was stolen from your hand, don't put it on there, or encrypt it. Doubley so if you're using public wifi.
There are exploits to take advantage of your system. I'm working on stuff that could easily be classified as a trojan, and there is live code, years old, demonstrating the techniques.
Best advice: be careful. Your PDA is naked compared to your PC (which is firewalled, anti virused, and anti-spyed already. right?) Just because no one is interested in looking at your PDA's undies, doesn't mean you should flash them around. Use good sense on all public networks. However, given the hardware limitations of our PDAs, I'm inclined to say, better to leave it unprotected but not at risk (ie not carry highly sensitive info), then have CPU intensive protection that's counterproductive and unlikely to be needed most of the time.
Others would have different priorities. You have to judge what you have at stake.
V
VIJAY thanks for the reply your thoughts are allways much appericated.
when you say you have secured your own browser is it a programme that's available on your site or a 1of thing that you did? someone else advised me that netfront 3.3 (or what ever the latest version is) is more secure then ie any thoughts on that.
thanks
N2h
p.s zeooooooobox guess ur sorry ass was wrong after all.
N2h said:
VIJAY thanks for the reply your thoughts are allways much appericated.
when you say you have secured your own browser is it a programme that's available on your site or a 1of thing that you did? someone else advised me that netfront 3.3 (or what ever the latest version is) is more secure then ie any thoughts on that.
thanks
N2h
Click to expand...
Click to collapse
He said quite specifically his PC browser. (i.e. not a browser on his phone)
As someone said earlier, just make sure the little padlock is there. SSL encryption is good enough for most things.
Hi altogether,
I need to softreset/hardreset a WinCE/PocketPC/Windows Mobile based device using a CabFile (one for Soft- one for hardreset). Does anyone know, how to do this?
Thanks in advance.
P.S.: I already searched the forum, but found nothing between thousands of threads with Softreset,... in it.
Well the first of all can you program in C / C++?
If the answer is yes then you will have to write a setup.dll for the cab that will do the reset.
Here is an article for soft reset that will work on any WM device and on many CE devices (it is OEM choice to implement this part, so some CE devices like PNDs do not have it).
For Windows Mobile 5 and up it is recommended to use the ExitWindowsEx API instead.
As for hard reset there is a problem: this article works for pre WM 5 devices, but because of the flash storage on WM 5 and up the implementation of hard reset was left to the OEM so there is no generic way to do it by software.
Tools like Tweaks2K2 and SKTools provide this feature as a standard.
Cheers
hrb
yeah with persistent storage hardreset changed
good thing too if it was easy to program a hardreset
it could cause alot of problems when / if more virus's
will come to pda's
I don't mean to scare you Rudegar, but there is a very simple way of forcing the user to do a hard reset himself, on any WM device. I am not going to publish it here, but lets just say if someone wanted to make a virus, lack of programmatic hard reset would not be a consideration at all.
well after wm5 a hardreset at least dont cost people all their nonbackupd data
I know this is getting the thread off track and I apologize, but the whole point of "hard reset" is to lose all data. Unless you keep is on SD in which case it doesn't matter what OS you are using.
You are probably thinking of power loss and not HR.
Thanks for the info. I'll check your hints.
Has anyone else noticed that if they have both Co-Pilot, and the anti-virus application - Both supplied with my Ameo.... and soft reset, the phone will go in some strange loop.
Shows the T-Mobile screen, then the Microsoft Push Email, flashes the today screen for less than a second, back to T-Mobile screen... repeat.
Only way I've seen to get round it is safe mode the unit and uninstall the antivirus.
I know most will say why bother with antivirus... but for a sense of security I would prefer it, does anyone else have this problem? Anyone know of any better anti-virus software? Or a fix for this one?
Cheers
I agree with you that anti-virus software of a good practice. I'm also keen in looking for a good one.
However, I experience what you described when evaluating the spb tips and spb mobile shell. I had to do a safe mode reset too.
eaglesteve said:
I agree with you that anti-virus software of a good practice. I'm also keen in looking for a good one.
However, I experience what you described when evaluating the spb tips and spb mobile shell. I had to do a safe mode reset too.
Click to expand...
Click to collapse
I don't tend to use SPB Tips, want to have Mobile Shell, had that on my Compact III and thought it was great, but heard people on here reporting incompatibility with Ameo regarding speaker issues so going to wait until the next release...
Or have you got it working well?
Regards
Anti-virus for PDA = 100% Marketing
That's what I think. I'm sorry.
Deleted Post
mahjong said:
Anti-virus for PDA = 100% Marketing
That's what I think. I'm sorry.
Click to expand...
Click to collapse
If you can pick up a lot of virus' simply by surfin on the internet with the pop up etc, why can you not pick them up when viewing them on an alternate device?
You will soon have no choice but to add anti-virus to your list of essential applications for the phone. Trust me on this.
I have to agree. There was a time the PocketPC was safe, unless you download warez there was no chance of being infected. Even then it was rare.
Its seems that the success of HTC and the windows mobile phones puts them in the windows desktop attack bracket. Now there are so many, and they are all getting data connections its worth attacking them.
Sorry to say it, but while AV on ppc at the moment is dubious, it will soon be required.
I dont know why WM6 doesnt have DEP (data execution protection) etc like vista. They could make it much more secure but havent bothered.
btw, itxda, sounds like your making a threat there! lol. Your not writing a virus are you?
Consideration 1.
A virus need to be programmed for the machine and OS you need want to infect. Can someone tell me a reported case of a virus programmed for Windows Mobile? Please don't report what Symantec or Panda said about it... I mean a real case reported by some user. None.
Consideration 2.
Virus propagation. The way to propagate a virus is into excutable code (this means EXE files) or finding a way to introduce and executable code in a non-executable file, like a .zip file. Then you need to spread that infected code. How in a PDA? Exchanging files? A few exchange of EXE is done in PDA. Thru the network? Cmon... there is a few opportunities for a PDA virus to exist and a few to spread.
Consideration 3.
Don't get confused. Having PocketPC IE doesn't mean that you are on risk of the troyans or virus or even spyware that IE for Windows XP has. First of all because the code to be executed on a PC is not executable in a PPC and second that the target APIs and files in a PC are not in a PPC.
Consideration 4.
Please don't mention Bluetooth virus. The ones existing (if any) are for Symbian and even in Symbian world there are so many incompatible versions of symbian that a given virus has real troubles to spread in the network.
SO...
If I question the fact of someone coding virus for this particular machine and OS, and I question the regular ways of spreading virus, and I question the network and IE risks... What's left? The marketing interest of anti-virus makers.
All this applies to anti-virus programs for Apple Mac, Linux of all kind, symbian phones... and phones in general.
Motorola got a lot of market share in USA... doesn't someone ever in USA got a virus on a Motorola? Never ever. Same for PocketPC. Trust me.
Regards,
mahjong
mahjong said:
Consideration 1.
A virus need to be programmed for the machine and OS you need want to infect. Can someone tell me a reported case of a virus programmed for Windows Mobile? Please don't report what Symantec or Panda said about it... I mean a real case reported by some user. None.
Consideration 2.
Virus propagation. The way to propagate a virus is into excutable code (this means EXE files) or finding a way to introduce and executable code in a non-executable file, like a .zip file. Then you need to spread that infected code. How in a PDA? Exchanging files? A few exchange of EXE is done in PDA. Thru the network? Cmon... there is a few opportunities for a PDA virus to exist and a few to spread.
Consideration 3.
Don't get confused. Having PocketPC IE doesn't mean that you are on risk of the troyans or virus or even spyware that IE for Windows XP has. First of all because the code to be executed on a PC is not executable in a PPC and second that the target APIs and files in a PC are not in a PPC.
Consideration 4.
Please don't mention Bluetooth virus. The ones existing (if any) are for Symbian and even in Symbian world there are so many incompatible versions of symbian that a given virus has real troubles to spread in the network.
SO...
If I question the fact of someone coding virus for this particular machine and OS, and I question the regular ways of spreading virus, and I question the network and IE risks... What's left? The marketing interest of anti-virus makers.
All this applies to anti-virus programs for Apple Mac, Linux of all kind, symbian phones... and phones in general.
Motorola got a lot of market share in USA... doesn't someone ever in USA got a virus on a Motorola? Never ever. Same for PocketPC. Trust me.
Regards,
mahjong
Click to expand...
Click to collapse
Thanks for your post, very imformative.
You've converted me,,, for now.
But at the end of the day, what I think sells the software is the fact that it gives the end-user peace of mind.
You can tell people that they don't need something, don't have to do something until you're blue in the face and with all the facts in the world. But there will still be a large number of people that will want it anyway, just for peace of mind...
Also.... can anyone tell me have they had the problems that I had on post #1 :-D ... I've hard reset and installed but still get the problem, without the antivirus installed....
I think it's now looking to be the fault of SPB software, has anyone discovered a fix?
The main purpose of AV software on PPC devices is to scan synched email; if you get email on your Athena, then plug into Outlook, it may (theoretically) pass a virus on.
You know we tend to do quite a bit of testing out new and interesting applications downloaded free. Could'nt a virus be disguised as a free applications and when we run the CAB, confidential info will just simply be extracted, or registry item be manipulated etc?
eaglesteve said:
You know we tend to do quite a bit of testing out new and interesting applications downloaded free. Could'nt a virus be disguised as a free applications and when we run the CAB, confidential info will just simply be extracted, or registry item be manipulated etc?
Click to expand...
Click to collapse
Now that's a well thought out statement and question.
As easy as it is to develop applications on the Windows Mobile platform, it's only a matter of time before we start seeing serious viruses and trojans. There are a few out there already but aren't wide spread yet. As on any system, if you open attachments via e-mail or download from the Internet, it's only going to be a matter of time. Time is coming soon. Trust me on this point. Not everyone will be hit but it'll make a mark.
What about writing a virus that can infect your phone, sms your info and GPS coordinates to someone? ;-)
Viruses aren't difficult at all to write. On any platform, Wintel/Linux/Mac/etc.
When one of the scriptkiddies determines that he's been bored all week because he's home for summer vacation and looks over at daddies cell phone....one of them will wonder..."how fast can I propogate a virus throughout cell phones".
Not an if it happens just a when. Let's just be patient and we'll be hearing about the first infections in no time at all.
Heck, someone on this forum could one day write something that infects everyone. You never know.
Hmmm I see what all of you meant but remember the key is "coding a virus for a given machine and OS"... If you don't code the virus that way will not affect the PDA.
Talking about virus I remember the slogan of the New York Mafia: "First we created the need of having protection... them we sell it". (just a joke don't flame... people).
ltxda said:
As easy as it is to develop applications on the Windows Mobile platform, it's only a matter of time before we start seeing serious viruses and trojans. There are a few out there already but aren't wide spread yet. As on any system, if you open attachments via e-mail or download from the Internet, it's only going to be a matter of time. Time is coming soon. Trust me on this point. Not everyone will be hit but it'll make a mark.
Click to expand...
Click to collapse
People have been saying "it's coming soon" for years. It has always been easy to program for the Windows Mobile platform, but that hasn't changed the fact that it has now been seven (or five, depending on how you count) years without a virus on Windows Mobile.
Let's hope that people are smart enough to keep it that way. Virus programmers need to get their heads checked...
Moskus said:
People have been saying "it's coming soon" for years. It has always been easy to program for the Windows Mobile platform, but that hasn't changed the fact that it has now been seven (or five, depending on how you count) years without a virus on Windows Mobile.
Let's hope that people are smart enough to keep it that way. Virus programmers need to get their heads checked...
Click to expand...
Click to collapse
LOL, agreed.
Kids don't always think logically. We have all done stupid things in our youth. That tradition will never die.
I think this is a useful thread, but not sure it answered the original question, so can I re-state and add?
1. Is the included F-Secure a/v programme the best one for the job?
2. Is it worth-while paying to keep it updated?
Many thanks
Robert
I'm been working on this for a little bit now since I found all the existing apps don't work well in WM6 or don't work well in a custom rom. This is a open source program (as all of mine are) and I welcome help/donations/and comments. Bug reports will be helpful in this first release as I certainly consider this a alpha release at the moment.
What it does:
once setup at every boot it compares your IMSI number with the one stored, if it's a match it plays a little sound and that's it. If it's not a match, it locks the device and displays your email and a request to please get it back to you. It also send you the "new sim's" imsi and phone number via a SMS.
------------------------------
SecurIt 1.1 (BETA) by Shadowmite
------------------------------
TODO: Build in SMS rule filtering thus adding remote control
Lock out activesync connections?
Protect the datafile from being deleted, or keep a backup in registry.
NOTE: THIS DOES NOT WORK WITH CDMA PHONES!
Version 1 (BETA) Instructions:
This security applicatioon can run loaded normally via a cab file to your device, or via being cooked into a rom. It will require your phone able to run unsigned code (most roms at this site are fine in this regard). Furthermore it does require the .NET Framework so it's really for WM6 devices, WM5 will be more tricky and is left up to the user to figure out how to make it all work.
When first run the program resides in \windows and must run from there. If you ran the cab installer it will have created a shortcut for you into the Programs folder.
The application comes up with a form showing you the current device imei, imsi, and phone number. You need to enter a password (needed to disable security programmatically or change SIM info), a email you can be reached at my a "finder" of your phone, and a SMS phone number you'd like alert messages sent to. Once done click set. Finally, click Enable security.
The application then sets itself up to autorun upon boot and if the SIM matches, it plays a little sound file to let you know everything is fine. If the sim is found to have changed, it will lock down the device until a password is entered. Meanwhile it shows your contact email and has sent the alert sms to you with the new imsi and phone number.
If you enter the proper password the program will take you to the settings screen where you can reenter the password and make changes to the settings and resave them. Simply clicking enable security without making changes will keep the settings as they are.
Clicking disable security will remove the autorun entries and remove the data file the programs keeps at \windows\SecurIt.dat.
The data file keeps 5 lines, MD5 hashes of your imei, imsi, password, and also your email and sms phone number as plain text. Thus stealing this file does not enable retrieving the password or easy changing of the imsi. Deleting this file however would remove security. Furthermore activesync will still link to a locked device. Knowledgable people about these devices could therefore defeat this security, however it's goal is to keep the casual theif / finder out of the phone.
This program is a work in progress and I welcome help with modifications to it as well as bug fixes. Source can be found at:
svn://www.shadowmite.com/shadowmite/SecurIt
To cook this into a rom, you need 3 files. 2 of them need to be generated when you first install it like normal and set it up. Copy the SecurIt.dat from \windows and the SecurIt.lnk from \windows\start up to your rom as well as the SecurIt.exe file. It's that simple. Enjoy!
History:
1.1: Fixed all kinds of bugs causing security to crash with various sims
1.0: Initial release
If you like my work and would like to help insure I continue to have time for this, please consider a donation to: foglemATshadowmiteDOTcom
Shadowmite, thnx for starting an "opensource" project for this. I havent tried it yet, will try once I reach home.. But I had a cpl of suggestions\questions:
1. Why do u keep email and sms phone no in plain text instead of encrypting them as well?
2. Instead of storing config in a file, store the config in registry which lessens the chances of someone finding out about the prog and deleting the file to disable security.
nice work as usual...
shantzg001 said:
Shadowmite, thnx for starting an "opensource" project for this. I havent tried it yet, will try once I reach home.. But I had a cpl of suggestions\questions:
1. Why do u keep email and sms phone no in plain text instead of encrypting them as well?
2. Instead of storing config in a file, store the config in registry which lessens the chances of someone finding out about the prog and deleting the file to disable security.
Click to expand...
Click to collapse
number 2 is in the TODO list...
#1) we could encrypt them as long as it's not a one-way hash like the first 3 lines, however those are the bits of data we don't mind the theif/finder seeing afterall as they are the means to get the phone back to its rightful owner. I suppose we could hide them but the phone number will be on his next bill for sending it a SMS and the email is displayed on the locked screen.
And as walshy said, #2 is certainly on the todo, but locking our activesync connections is a bigger concern and I believe completely doable.
#1) we could encrypt them as long as it's not a one-way hash like the first 3 lines, however those are the bits of data we don't mind the theif/finder seeing afterall as they are the means to get the phone back to its rightful owner. I suppose we could hide them but the phone number will be on his next bill for sending it a SMS and the email is displayed on the locked screen.
And as walshy said, #2 is certainly on the todo, but locking our activesync connections is a bigger concern and I believe completely doable.
Click to expand...
Click to collapse
ok, and sorry abt the #2, I missed the TODO part..
Keep up the good work..I myself was thinking abt making smthing similar but now I think I'll drop my idea to make a different one, as this seems to be a better idea (opensource is always better )..
I hope I can make some contribution to the code if possible..
shantzg001 said:
ok, and sorry abt the #2, I missed the TODO part..
Keep up the good work..I myself was thinking abt making smthing similar but now I think I'll drop my idea to make a different one, as this seems to be a better idea (opensource is always better )..
I hope I can make some contribution to the code if possible..
Click to expand...
Click to collapse
What advantages does this give over "Mobile Justice"..another similar util...my rom has Mobile Justice cooked with it which makes it hard to remove.
famewolf said:
What advantages does this give over "Mobile Justice"..another similar util...my rom has Mobile Justice cooked with it which makes it hard to remove.
Click to expand...
Click to collapse
If you like that software and have it working properly use it. Maybe you'd like to post in every rom thread asking why not use some other rom while you're at it?
Shadowmite said:
If you like that software and have it working properly use it. Maybe you'd like to post in every rom thread asking why not use some other rom while you're at it?
Click to expand...
Click to collapse
I'm not using Mobile Justice which is WHY I asked what advantages YOURS had over theres for COMPARISON. If it had additional features I was going to recommend it for addition into XM6R3 (the next release of the current rom), but with an attitude like yours I won't bother with further review.
famewolf said:
I'm not using Mobile Justice which is WHY I asked what advantages YOURS had over theres for COMPARISON. If it had additional features I was going to recommend it for addition into XM6R3 (the next release of the current rom), but with an attitude like yours I won't bother with further review.
Click to expand...
Click to collapse
you dont bother with a review but bother with a slagging ... take your "fame" somewhere else...
Ok, for starters mine isn't based on assuming every device has a GPS built in (while technically being a Trinity owner I should go that route). I instead base mine on nicely locking down the interface so far with a polite message to get the device back to the owner. Furthermore mine is trivial to build into a cooked rom which was my main reason to write it. I tried every security app out there over the last weekend without any of them working "properly" and figured the best way to get one is to write one. In addition mine is open source, mobilejustice is not.
Now then, you said you're not using it... But the last post said you had it cooked in? WTF? Need some help deciding what you use and don't use?
my rom has Mobile Justice cooked with it which makes it hard to remove.
Click to expand...
Click to collapse
I'm not using Mobile Justice which is WHY I asked what advantages YOURS had over theres for COMPARISON.
Click to expand...
Click to collapse
Shadowmite said:
Now then, you said you're not using it... But the last post said you had it cooked in? WTF? Need some help deciding what you use and don't use?
Click to expand...
Click to collapse
1) The rom I currently have installed comes with Mobile Justice preinstalled.
2) I have not configured and am not currently using Mobile Justice
3) The author is currently taking suggestions for software to include in the next revision of their rom.
What part of any of those statements are you having difficulty comprehending?
Perhaps you and the gentleman from Melbourne should both grow up and quit reading an insult where one was not intended.
Well than back on track... Give it a try and see what you think. I really want feedback from folks outside the USA as I believe it will not properly catch your phone number of the "thief's sim" however if the sms works it should still get the phone number to you obviously.
The GPS coord. request feature is a nice one and will have to go on the todo list.
well, well, fights apart, what drew me to this app over the other apps was the opensource nature as mentioned by Shadowmite because I, like shadowmite, was not happy with the other apps doing things properly or just because I wanted somethings to be done differently..
@shadowmite:
1. I have a few ideas of getting "coordinates" and sending to the original owner even on non-GPS devices ..Maybe we can discuss some things later on once the basic structure of the app is ok.
2. Couldn't find the source code of the app on ur site..(May be am just one dim-witted dim-sighted git ) Please point me to it..
You'll need svn to get it, windows users: http://superb-west.dl.sourceforge.n...vn/TortoiseSVN-1.4.4.9706-win32-svn-1.4.4.msi
svn://www.shadowmite.com/shadowmite is my master repository for all projects.
cool, I do have TortoiseSVN installed at home..Will check it when I go back..
Will it sustain a hard re-set ? Dont think so.
@shailesh, for sustaining hard resets, it has to be cooked into the rom, pointed out by shadow on post 1..
I don't know if something else can be done for this (writing into ext rom is one option but that is not possible for most devices now)
Sounds like a great piece of software. And open source is a great idea too.
I did tried several others like this one (Eye on the thef, Ultimately Theft Alert ...) some features were still missing :
First an autoconfig method :
As already said, whatever your storage methode is (file or registry), you 'll everytime lose the configuration when a hard-reset is done on the device. The only one possibility i can imagine is to store your "installer" program on extended rom with the ability to add an external config (encrypted) file as a parameter.
Installation will be handled by the autoconfig process, using this external file. Config will probably needs to be stored on extended rom too. It's not peace of cake to create an extended rom, but easier that cook a rom.
This feature won't be very helpfull if there is no way to generate a config file automaticaly base on settings done by user : kind of export process.
On standart start/soft-reset, your program will run as it does actually, but when a hard-reset, is proceed, programm will reinstall unattented and will still be running after boot... No way to easily remove it. Bad effect is that it will also be difficult to update programm/config.
Secondly, i'd like to have the a way to "format"(or encrypt) a memory card remotely.
Do you thinks those could be part of your TODO list ?
Will try it on few next days and i'm ready to help you translating it in french
hi shantzg001,
thanks for replying,
My mistake, did not read the whole text.
Is there anyway to pass the privileges to any other account? I know how to edit file permissions, but, for example, that doesn't execute all programs as admin like superuser and it isn't the same.
Any help would be appreciated! [emoji1]
Thanks!
Can you explain more clearly what you're looking for? I don't know what "Superadmin" is or means. "superuser" is sometimes used as a term for root on Linux, but otherwise I have nothing.
I am strongly opposed on general grounds to anything that will "execute all programs as admin", though. That is a *TERRIBLE* idea. It's easy enough to do it, or close enough, but it's a terrible idea.
GoodDayToDie said:
Can you explain more clearly what you're looking for? I don't know what "Superadmin" is or means. "superuser" is sometimes used as a term for root on Linux, but otherwise I have nothing.
I am strongly opposed on general grounds to anything that will "execute all programs as admin", though. That is a *TERRIBLE* idea. It's easy enough to do it, or close enough, but it's a terrible idea.
Click to expand...
Click to collapse
I mean de God user, aka the System. Is the user that is hidden. For activate this, i use net user Administrator /active:yes (I think that it is in English, in Spanish is net user Administrador /active:yes
Is the Admin user. So the question is: How to have the features of that account on my actual account?