Slashdot Mirror

← Back to Stories (view on slashdot.org)

PDA Security, the Next Big Hurdle for IT?

Posted by ScuttleMonkey on from the very-small-security-breach dept.

Jack writes "ITO published an article on a new secure PDA requested by the NSA. 'General Dynamics inked an $18 million contract with the secretive National Security Agency to design and develop a secure mobile personal assistant for defense workers. The PDA will integrate all types of communications including voice, data and web.'" In related news palmtops writes "Insecure Magazine has a great and in-depth article written by Seth Fogie, the VP of Airscanner.com, about Pocket PC security. His summary of PDA attacks states: 'These devices are easy to smuggle into a business and can be used to propagate an attack against network devices. Don't make the mistake of assuming is a PDA is a simple data keeper. As the cliche' goes... it is how you use it that matters.'"

10 of 108 comments (clear)

  1. Links by Mr_Silver · · Score: 4, Informative
    Insecure Magazine has a great and in-depth article written by Seth Fogie, the VP of Airscanner.com, about Pocket PC security.

    It might be a little late mentioning this but the link in this snippet actually points to a 9.1 meg PDF file.

    In the future it would be nice if submitters (and especially editors) actually describe the target of a link when it doesn't go to a good old fashioned HTML or XHTML page of content.

    --
    Avantslash - View Slashdot cleanly on your mobile phone.
  2. I thought... by uglysad · · Score: 2, Informative

    I thought PDAs were on the downfall as it is. With laptops becoming cheaper and cheaper and cell phones getting more advanced, I wasn't aware that PDAs have much of a future. That being said, I still really want one.

    1. Re:I thought... by SillyNickName4me · · Score: 2, Informative

      A laptop doesn't fit in my pocket, is too heavy to always have with me, and while it can do similar stuff with help of some personal information manager software, is in my experience by far not as good at it.

      I am quite often in places where usage of a mobile phone is prohibited completely (for a whole lot of reasons, including security) and have yet to find a phone with good enough PDA functionality but without a camera (again, I have to be at places where carrying any form of camera whatsoever is prohibited).

      I also rather like the fact that my PDA does not depend on the battery life of my phone (and the other way around).

  3. Already done... by Anonymous Coward · · Score: 0, Informative

    They want something that has already been done. All pda's have add on software for security already. People just have to use them. In the case of Blackberry security is already built in. People just need to use it.

  4. Because it's necessary... by pointbeing · · Score: 4, Informative
    Why even try to make a PDA secure?

    I work for an agency under DoD as ADP R&D Program Manager. I think you'd be amazed at how many people are hollering for connected PDAs - and for the ones who have a real need we usually give them Blackberrys but you can't connect a Blackberry to a trusted network ;-)

    Granted, most of these connected PDAs will end up in a desk drawer as soon as the user finds out how unpleasant it can be to send and receive email with a PDA, but they still want the things - and most of the people who want them outrank me. IF the boss wants executive jewelry I guess it's my job to get it for him.

    Common access card compatibility will be a good thing - except the resulting PDA will probably be about the size and weight of your average brick. Right now we've got more than enough challenges with PDAs as DoD requires FIPS 140-2 encryption, a firewall feature set and a virus scanner on connected PDAs.

    I did send TFA to our local IA department just because I like to watch their heads spin around every once in awhile, though - the last time I did that I sent them a brochure on an NSA-approved 802.11 solution for access to *classified* computer networks.

    I love my job ;-)

    --
    we see things not as as they are, but as we are.
    -- anais nin
  5. Re:Links [OT] by lxdbxr · · Score: 4, Informative

    If using Firefox, try this in your [profile]/chrome/userContent.css: /* indicate PDF links */ a[href$=".pdf"]:after { font-size: smaller; content: "pdf"; } Think I got that from another Slashdot post, can't seem to find it now though (thanks anyway, whoever posted it!)

    --
    -- Nothing unusual happened today
  6. Openbsd by ErisCalmsme · · Score: 4, Informative

    http://openbsd.org/zaurus.html

    Nuff Said.

    --
    Chaos is Divine *
  7. Re:Bored by maxwell+demon · · Score: 1, Informative

    Funny doesn't get you any Karma.

    --
    The Tao of math: The numbers you can count are not the real numbers.
  8. Re:Links [OT] by rnelsonee · · Score: 2, Informative

    I use Target Alert - an extention for Firefox that shows icons for links that go to PDFs, zip files... etc. (it's customizable). It's a very nice, simple program.

  9. Windows Mobile Attack Illustration by Anonymous Coward · · Score: 2, Informative
    Agressive Network Self Defense (Chapter 1) includes a rather long and very detailed walkthrough on how a Pocket PC can be owned by an attacker.

    From buffer overflow to virus and trojan examples, it is all covered.

    Plus these links have information of value as well:

    Hacking Windows CE - Phrack 63 http://www.phrack.org/show.php?p=63&a=6

    Pocket PC Phone Shellcode: http://www.mulliner.org/pocketpc/

    Blackhat talk by Seth Fogie: http://www.airscanner.com/pubs/BlackHat2004.pdf