Slashdot Mirror
PDA Security, the Next Big Hurdle for IT?
Jack writes "ITO published an article on a new secure PDA requested by the NSA. 'General Dynamics inked an $18 million contract with the secretive National Security Agency to design and develop a secure mobile personal assistant for defense workers. The PDA will integrate all types of communications including voice, data and web.'" In related news palmtops writes "Insecure Magazine has a great and in-depth article written by Seth Fogie, the VP of Airscanner.com, about Pocket PC security. His summary of PDA attacks states: 'These devices are easy to smuggle into a business and can be used to propagate an attack against network devices. Don't make the mistake of assuming is a PDA is a simple data keeper. As the cliche' goes... it is how you use it that matters.'"
I didn't think any one on slashdot had much to worry about when it came to Public Displays of Affection ....
It has yet to be proven that intelligence has any survival value. Arthur C. Clarke (1917 - )
From the (IN)SECURE article: How are we supposed to take this article seriously, when the author can't even spell 'pwn3d' correctly? ^_^
____
~ |rip/\/\aster /\/\onkey
to make companys bend over and grab the ankles for PocketPC AVs, Wouldnt surprise me a bit if the virus development for the various PDA platforms was unofficially sponsored by the big AV companies
It might be a little late mentioning this but the link in this snippet actually points to a 9.1 meg PDF file.
In the future it would be nice if submitters (and especially editors) actually describe the target of a link when it doesn't go to a good old fashioned HTML or XHTML page of content.
Avantslash - View Slashdot cleanly on your mobile phone.
Adjust an excisting MS/Linux/other PDA with the software required to enter the secure network, and rewrite some drivers to bring the software up to date with . the emerging (BUDGETOVERFLOW DETECTED) secure communications standards.
The only hardware change seems to be the Defense access card integration.
Somehow it feels like this device is going to cause a lot of embarrasment later when one gets in the wrong hands and breaks all the security at once.
My wife's sketchblog Blob[p]: Gastrono-me
The PDA will integrate all types of communications including voice, data and web
Riiight, so its sort of a SMARTPHONE then? Sure PDAs could be a threat, but its probably worth focusing more on something that everyone already has and which is has all this functionality already, as well as a digital camera etc.... the ubiquitous mobile phone.
Developing, and then requiring, a "secure" PDA for all your people and then being "suprised" when information leaks via their mobile phone with the 1GB Flashcard, 2 Mega-pixel camera and Broadband 3G connection doesn't sound like a plan for tomorrow.
An Eye for an Eye will make the whole world blind - Gandhi
All donuts turn out to be defective is shown by extensive research. The random sample taken (500) in several countries, have shown that all donuts have a hole in the middle.
Since the problem is so widespread and since there does not seem to be a regulatory body concerning the properties of a donut, congressional inquiries can almost not be avoided.
In other news: Martha Stewart proposes American Donut Standard Association
My wife's sketchblog Blob[p]: Gastrono-me
I think the biggest problem is every manufacturor makes his own synchronisation software running some weird propietary protocol. It feels like the good old days where you spent half a day setting up your dotmatrix in WP 2.1, and then restarted from zero in Lotus 123. Somebody should set some standards here. A PDA/Phone should be hardware abstracted at the OS level, just like a printer. And on corporate networks, the PC should just be a USB/Bluetooth -to-ethernet router, with the PDA authenticating directly to Exchange/Notes/whatever.
10 ?"Hello World" life was simple then
This makes a PDA sound like something its not and it links a sites physical/personel security to the PDA.
./ artical a while back showed that a guy stold a mainframe and he didn't use a PDA.
You can smuggle 1 GB of viral data into a facility in the roof of your mouth (SD Card) SD CARDS ARE THE NEXT THREAT TO WORLD SECURITY!!!
I think you get my point.
PDA's are computer, now a-days they are about the horse power of a full size computer 10 years ago. Thats all we need to know, and address the PHYSICAL and INFRASTRUCTURE security appropriatly for them.
The number 1 hacker method will always be social engineering. A
-- Disclaimer: I can't really back up anything I post on
I work for an agency under DoD as ADP R&D Program Manager. I think you'd be amazed at how many people are hollering for connected PDAs - and for the ones who have a real need we usually give them Blackberrys but you can't connect a Blackberry to a trusted network ;-)
Granted, most of these connected PDAs will end up in a desk drawer as soon as the user finds out how unpleasant it can be to send and receive email with a PDA, but they still want the things - and most of the people who want them outrank me. IF the boss wants executive jewelry I guess it's my job to get it for him.
Common access card compatibility will be a good thing - except the resulting PDA will probably be about the size and weight of your average brick. Right now we've got more than enough challenges with PDAs as DoD requires FIPS 140-2 encryption, a firewall feature set and a virus scanner on connected PDAs.
I did send TFA to our local IA department just because I like to watch their heads spin around every once in awhile, though - the last time I did that I sent them a brochure on an NSA-approved 802.11 solution for access to *classified* computer networks.
I love my job ;-)
we see things not as as they are, but as we are.
-- anais nin
If using Firefox, try this in your [profile]/chrome/userContent.css: /* indicate PDF links */
a[href$=".pdf"]:after {
font-size: smaller;
content: "pdf";
}
Think I got that from another Slashdot post, can't seem to find it now though (thanks anyway, whoever posted it!)
-- Nothing unusual happened today
http://openbsd.org/zaurus.html
Nuff Said.
Chaos is Divine *
I was happy when the pager business finally died. That reduced the number of gizmos that I was carrying around on a daily basis from 4 to 3; the cellphone features became advanced (and cheap) enough to obsolete the pager completely. At one time, I thought that I would probably snarf up the PDA/phone combo, but I haven't yet found one that I really want to buy -- the price/performance just isn't there yet. When the PDA/cellphone combination gets cheap enough (and full-featured enough), then I envision reducing my current gizmo count to 2.
As for the laptop, it looks like that will be around for a while. At this point, the PDA just doesn't have the display or input capability to make it the all-in-one personal computing tool. In order for a PDA-sized device to displace the laptop, the I/O needs to get way more advanced, something on the order of a combination ocular/cochlear implant and voice (or better yet, thought ) recognition.
What are the security folks gonna do when the day comes that you can look at a document and issue a thought-command " copy "? I'm guessing that will be the end of paper documents; to be replaced entirely by electronic (and encrypted) communications for all purposes, including money.
Concealed Handgun License Courses in Plano, Texas
Just walking around with the pockets full of computers makes the task done: iPaq 3970 ($100) with Linux, Jornada 690 ($50) with NetBSD. Plus some equipment: 2G CF microdrive and wifi/ethernet CF/pcmcia makes a real computer of both. They have 100x more resources than double mainframe I admined just 22 years ago.
However, a "secure PDA" by NSA standards somewhat tells me it must have a backdoor of some kind...
There you are, staring at me again.
It's a shame that no Palm OS 6 Cobalt devices have actually made it to market, because PalmSource has done a lot right in that version of the Palm OS to provide a sound security model.
Not only does the OS provide for digital signing of code, it provides secure databases where only signed applications can access the data. You can control which databases are synchronized to the desktop, and even which applications can access screen buffers (to prevent screen-scraping).
Hopefully either Palm OS 6 Cobalt or its Linux-based successors will make it into actual devices soon. It would be a huge step toward powerful, secure PDAs.