passwords safe

Tutorials Win: Microsoft Windows Forum

My pocketpc uses WM6. I have been reading a lot of contradictory info
on the safety of sending username/password over wireless internet
connections - particularly public networks and am uncertain who to believe.
Can I safely send personal info from my phone to my home wireless network?
Can I safely send personal info from my phone over a public network?
Do I need a pocketpc antivirus/firewall app like Norton's? Would it help?
Top

Re: passwords safe by Beverly

Beverly
Wed Mar 19 07:00:07 PDT 2008

Anything sent over network connections by any device is subject to
interception. If you are concerned but feel the need to send sensitive
info, look into encryption software.

Since wifi is easy to intercept, you should assure that connections you
have control over (such as your home wifi) use encryption and other
protections.

fwiw, the activesync connection is a secure connection compared, for
example, to sending an email or file attachment.

While there are mobile av options, the threat level has (historically)
been low, so, most of us do not use the software to avoid the
performance and resource penalties.

Beverly Howard [MS MVP-Mobile Devices]
Top

Re: passwords safe by jay

jay
Wed Mar 19 07:23:24 PDT 2008

Beverly Howard [Ms-MVP/MobileDev] wrote:
> Anything sent over network connections by any device is subject to
> interception. If you are concerned but feel the need to send sensitive
> info, look into encryption software.
>
> Since wifi is easy to intercept, you should assure that connections you
> have control over (such as your home wifi) use encryption and other
> protections.
>
> fwiw, the activesync connection is a secure connection compared, for
> example, to sending an email or file attachment.
>
> While there are mobile av options, the threat level has (historically)
> been low, so, most of us do not use the software to avoid the
> performance and resource penalties.
>
> Beverly Howard [MS MVP-Mobile Devices]

Thanks for the reply. I presume this 'most of us do not use the
software' standard also applies to public networks (e.g., Starbucks)?
Encryption software - I know almost nothing about it. Encrypts
username/password when sent over wi-fi? Encrypts ALL data sent?
Top

Re: passwords safe by Beverly

Beverly
Wed Mar 19 08:42:41 PDT 2008

>> (e.g., Starbucks) <<

Suggest you post your specific concerns to get answers to each one.

To expand on my other post, pc's have a vulnerability related to the
fact that the window's os provides a network "host" capability... i.e. a
pc without protections such as firewall, av software and network
protections such as passwords offers the possibility that an "outsider"
can access that pc from any network connection.

On the other hand, windows mobile devices are "client only" which means
that they do not offer the same options to outsiders. While traffic to
and from any windows mobile device can be intercepted, outsiders cannot
gain access to the ppc without either permission from the user or
hostile software installed on the ppc.

In general, ppc's are safer than pc's. Dave's response answers part of
your "password" question in that if a password is given over a secure
connection, it is protected, but if it is given over an unsecure
connection, it _can_ be read... but your exposure is normally low.

In your "Starbucks" scenario, the bad guy's data load is small... just
the transactions happening at that location, but, the same data is on
the internet in the same format... for example, anyone in your
neighborhood is privy to all the data running across the same "node"
The likelyhood of all your data being sniffed by "big brother" is high,
but, he too is crippled in part by the pure massiveness of the load.

Passwords and other data "stored" on your ppc are essentially safe, but,
then again, someone could read them over your shoulder or steal your ppc.

Beverly Howard [MS MVP-Mobile Devices]
Top

Re: passwords safe by jay

jay
Wed Mar 19 09:02:42 PDT 2008

Beverly Howard [Ms-MVP/MobileDev] wrote:
> >> (e.g., Starbucks) <<
>
> Suggest you post your specific concerns to get answers to each one.
>
> To expand on my other post, pc's have a vulnerability related to the
> fact that the window's os provides a network "host" capability... i.e. a
> pc without protections such as firewall, av software and network
> protections such as passwords offers the possibility that an "outsider"
> can access that pc from any network connection.
>
> On the other hand, windows mobile devices are "client only" which means
> that they do not offer the same options to outsiders. While traffic to
> and from any windows mobile device can be intercepted, outsiders cannot
> gain access to the ppc without either permission from the user or
> hostile software installed on the ppc.
>
> In general, ppc's are safer than pc's. Dave's response answers part of
> your "password" question in that if a password is given over a secure
> connection, it is protected, but if it is given over an unsecure
> connection, it _can_ be read... but your exposure is normally low.
>
> In your "Starbucks" scenario, the bad guy's data load is small... just
> the transactions happening at that location, but, the same data is on
> the internet in the same format... for example, anyone in your
> neighborhood is privy to all the data running across the same "node" The
> likelyhood of all your data being sniffed by "big brother" is high, but,
> he too is crippled in part by the pure massiveness of the load.
>
> Passwords and other data "stored" on your ppc are essentially safe, but,
> then again, someone could read them over your shoulder or steal your ppc.
>
> Beverly Howard [MS MVP-Mobile Devices]

I think I'm getting this.
A) username/password sent through a 'https' is encrypted automatically -
I need not worry.
B) Email clients (e,g,. Outlook Express) can be configured to encrypt
username/password and I need not worry.
C) Sounds to me like I do not need security s/w as long as I take some
simple precautions.
D) This one confuses me a little >> "The likelihood of all your data
being sniffed by "big brother" is high, but, he too is crippled in part
by the pure massiveness of the load."
'all your data' - this means all data transmitted?
'sniffed' - does this mean 'detected' or 'readable'?
Top

Re: passwords safe by Beverly

Beverly
Wed Mar 19 14:52:16 PDT 2008

>> this one confuses me a little "The likelihood of all your data being
sniffed by "big brother" is high, but, he too is crippled in part by the
pure massiveness of the load." <<

This one is in the news at the moment... one has to assume that anything
sent or received on the internet is subject to interception. The us
government program "carnivore" is one example... essentially, everything
that transits your personal internet connection is subject to monitoring
by anyone who is listening in anywhere your data is routed...

...the big question is if your data is of interest (see
http://BevHoward.com/78th for the roots of my own paranoia ;-)

Beverly Howard [MS MVP-Mobile Devices]

Top

Re: passwords safe by Jaap

Jaap
Wed Mar 19 22:41:15 PDT 2008

I made a Wiki page about it:
http://modernnomads.info/wiki/index.php?page=Securing+your+data

--
Jaap van Ekris
Microsoft MVP Mobile Devices
http://modernnomads.info
"jay lunis" <jay.lunis@gmail.com> wrote in message
news:o%7Ej.2$bf4.0@newsfe07.lga...
> My pocketpc uses WM6. I have been reading a lot of contradictory info on
> the safety of sending username/password over wireless internet
> connections - particularly public networks and am uncertain who to
> believe.
> Can I safely send personal info from my phone to my home wireless network?
> Can I safely send personal info from my phone over a public network?
> Do I need a pocketpc antivirus/firewall app like Norton's? Would it help?

Top

Re: passwords safe by jay

jay
Thu Mar 20 04:57:47 PDT 2008

Beverly Howard [Ms-MVP/MobileDev] wrote:
> >> this one confuses me a little "The likelihood of all your data being
> sniffed by "big brother" is high, but, he too is crippled in part by the
> pure massiveness of the load." <<
>
> This one is in the news at the moment... one has to assume that anything
> sent or received on the internet is subject to interception. The us
> government program "carnivore" is one example... essentially, everything
> that transits your personal internet connection is subject to monitoring
> by anyone who is listening in anywhere your data is routed...
>
> ...the big question is if your data is of interest (see
> http://BevHoward.com/78th for the roots of my own paranoia ;-)
>
> Beverly Howard [MS MVP-Mobile Devices]
>

So the feds can intercept to insure I am not an OBL robot. I'm
stretching the truth a little, but if its the feds I worry less than
some organized crime group.
Bottom line - if I use encryption and https sites, I need not worry.
Top

Re: passwords safe by jay

jay
Thu Mar 20 05:04:28 PDT 2008

Thanks for the link. One question . . .
>>Using secure connections over this open infrastructure is vital.
>>Either resort to SSL-connections, or using a VPN connection to a
>>trusted network to prevent people from listening in on your
>>communication.
This needs a little explanation. I don't know how to use either in a
public hotspot (or anywhere else).


Jaap van Ekris (MVP) wrote:
> I made a Wiki page about it:
> http://modernnomads.info/wiki/index.php?page=Securing+your+data
>

Top

Re: passwords safe by Jeff

Jeff
Thu Mar 20 12:31:02 PDT 2008

hate to burst anyone's bubble but,
any and all electronic traffic in the U.S. has been monitored for more than
a few years.
After the phone companies agreed (except at the time-Quest)to allow the govt
to effectively intercept all of their traffic, the then attorney general,
Gonzales, called all the major players of the internet to Washington for a
"discussion". All the major isp's AND MSFT themselves were at this "meeting"
in which Gonzales asserted that they also agree to the governments request
for access or face problems.
So for awhile now, all electronic traffic has been monitored (encrypted or
not )

Jeff

"jay lunis" <jay.lunis@gmail.com> wrote in message
news:%isEj.15$RP3.7@newsfe06.lga...
> Beverly Howard [Ms-MVP/MobileDev] wrote:
>> >> this one confuses me a little "The likelihood of all your data being
>> sniffed by "big brother" is high, but, he too is crippled in part by the
>> pure massiveness of the load." <<
>>
>> This one is in the news at the moment... one has to assume that anything
>> sent or received on the internet is subject to interception. The us
>> government program "carnivore" is one example... essentially, everything
>> that transits your personal internet connection is subject to monitoring
>> by anyone who is listening in anywhere your data is routed...
>>
>> ...the big question is if your data is of interest (see
>> http://BevHoward.com/78th for the roots of my own paranoia ;-)
>>
>> Beverly Howard [MS MVP-Mobile Devices]
>>
>
> So the feds can intercept to insure I am not an OBL robot. I'm stretching
> the truth a little, but if its the feds I worry less than some organized
> crime group.
> Bottom line - if I use encryption and https sites, I need not worry.

Top