http://www.theinquirer.net/default.aspx?article=33684 By Nick Farrell 15 August 2006 SECURITY OUTFIT Airscanner has slammed Windows Mobile security software as insecure and buggy. In a paper posted here [1], the report condemns Windows Mobile as lacking any decent security infrastructure. For example Pocket PC has no Kerberos authentication, encrypting file system, or a built-in firewall. ' Looking to third party software is not particularly useful either as Windows Mobile developers are not held up to the same scrutiny as those in the desktop arena. Some software touted as 'encrypted' or 'secure' is neither. More than 20 different Windows Mobile programs including MS Money and Password Master 3.5 have been slammed in the report. The software was found to have issues including broken protection schemes to poor encryption algorithms. It describes the Windows Mobile version as a poor cousin to XP which is comparatively open and bug free. The report says that the Windows Mobile platform creates an environment conducive to poorly designed security software. If there is a problem on the Windows XP it is possible to see what is going on in Windows Task Manager, msconfig,' or regedit. Windows Mobile 5 platform has a task list that only mentions the names of the open applications that have graphical interfaces, the report says. "Average Windows Mobile users are relatively blind about what their device is doing, there are numerous Windows Mobile vendors that store sensitive information in the registry with flawed encryption schemes, or even in plaintext," the report says. µ [1] http://msmobiles.com/news.php/5474.html _________________________________ Visit the InfoSec News store! http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Wed Aug 16 2006 - 01:12:47 PDT