Results 1 to 13 of 13
  1.    #1  
    There are six security gaps facing Palm users that was mentioned on a new website.

    The website also had a link to this article where prosecutors discovered 1.5 million hacked PCs involving identity theft/fraud and blackmail--at the time of arrest, investigators estimated 1,500% too low (only 100,000 PCs) despite having used bugs installed on the suspects computers. Oh the irony of bugging data thieves who bugged a million victims.

    It is obvious what files & data is most valuable for id theft, fraud, and spamming so arm yourselves with knowledge and take action. And do not fall for snake-oil that plagues the security software industry.

    Here are the six deadly security gaps facing Treo users:

    1. Palm Desktop passwords are ignored by other apps. Any text editor can view all the records you Hotsynced to your desktop PC. Even private records.

    2. Outlook .PST files reveal its password to 3rd-party recovery programs found on the Internet and P2P networks.

    3. On Windows, countless keyloggers can record everything you type into Palm Desktop.

    4. Disk encryption software generally decrypt data for all programs. Any novice can simply use Explorer to drag your Palm directory to a removable thumb drive and view all the data when they get home.

    5. File encryption software generally requires data to be temporarily decrypted to disk in order to use the file. NTFS can make copies of decrypted data when your security program tells NTFS to overwrite it.

    6. Most data security software uses weak security in order to be allowed for sale globally--i.e. including stronger security means having fewer customers because US restricts exports and other governments restrict imports.

    Hope you find this useful and take action before everyone in your address book regrets trusting you with their info (addresses, phone numbers, birthdays--primary fuel for fraud & phishing attacks).

    If you know of additional security gaps, please share so we can all be better informed.

    ps

    The website I got this from has a new patent-pending product that tackles all of the above.
    Last edited by TreoCipher; 07/01/2006 at 05:58 PM.
  2. #2  
    What is the product?
  3.    #3  
    Quote Originally Posted by dbarrett5381
    What is the product?
    The product is Innersafe for Palm Desktop

    But I hope this thread focuses more on the security issues rather than individual products.

    Most security-conscious people I know already switched to Mac or Linux at home but I have too many Windows-only software that cannot run under Wine. When enough people switch, the frequency of holes found is likely to go up (just like it did with Firefox).

    Hopefully, as more people get smart about this, they'll stop giving their full address & phone number to the remaining clueless who are most likely to be running a zombie PC infested with spyware.

    Being shunned might become enough incentive for them to stop exposing everyone in their address book to spammers and online criminals.

    I was able to guess the identity of the person that caused me to receive massive spam & phishing emails because the spammer cc'd everyone in that person's address book. That was years ago but still memorable due to the amount of spam.

    Good luck.
    Friends don't let spammers and identity thieves steal their address book.
  4. #4  
    Spam Spam Spam Spam Spam Spam Spam Spam
  5. #5  
    1. That's true of most windows programs
    2. That's an Outlook problem, don't use MS "Lookout"
    3. That's true of most windows programs
    4. That's true of most windows programs
    5. That's true of most windows programs
    6. That's true of most windows programs

    I'd be more concerened about these peeps getting ONTO my PC in the first place....past 2 firewalls, security , passwords and all than protecting someone's phone number. This info is available for most people right outta da telephone book.

    Seems much easier to steal a Treo and hack the SD card backups.
  6. #6  
    I never use a hotsyncing with desktop PC. Well, dudes make a warm reset and all security apps will give up! Even no any sec gaps needed! I still need a good security software for handheld protection!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  7.    #7  
    I think if 3 people are hijacking 1.5 million PCs, then chances are good that they are not manually examining each PC.

    They probably have a script that grabs files that are particularly useful, such as Palm Desktop files or Outlook .PST files.

    I think the problem with Windows is that even if you have two firewalls, simply opening a webpage with a specially constructed picture can cause commands to be executed within the context of the web browser. Meaning, even if you have 10 firewalls, it won't matter if you allow one open port like HTTP and you use a browser & OS that are not immune to buffer/stack overflow attacks.

    Since the browser is already authorized to connect to the network, and since the HTTP port is already allowed by the firewall(s), any file with a predictable location can be potentially be transferred. But usually, the reverse happens first--a trojan is downloaded & installed and it automatically scans the PC for predetermined desirable files (again, I imagine Palm Desktop and Outlook files are at the top of the list).

    Hackers are busy, they infect more machines than they have time to manually examine. So anything non-standard can potentially save you. For example, installing some of your programs someplace other than "c:\program files". Sometimes you'll luck out and the trojans don't bother looking in the registry for directory locations of programs--they'll just go after the default configuration.

    Think about it, if 1.5 million PCs are in a single botnet and 1 human minute is spent on each hacked PC, that is 1.5 million minutes--far to much time. Everything is automated as much as possible because of this.

    Also, I think more info is stored in our PDA than what is found in phonebooks (unless we're young and in school). If someone steals my address book, a lot of people would have their full names, birthdays, full addresses, multiple unlisted phone numbers, employer names, and other info in the hands of online criminals who sell such info in bulk (blackmarket) to those willing to attempt fraud. I wouldn't care if I were younger and the people in my phonebook have little to lose, but the stakes can be high for doctors (HIPAA), executives, and people in sales (their contacts file with 1000+ names is their livelihood).

    Anyway, this is what I was told recently by someone I trust very much. He setup 2 firewalls (software & hardware) for me and each website needs to be placed on a whitelist for HTTP connections to be allowed. I'm amazed at the number of incoming connection attempts and the outgoing attempts made by commercial software "phoning home". I really wish people would boycott software that phones home--especially operating systems.
  8. #8  
    If that was the case, I think there would be a lot more infected PC's around. One of the things the hackers need to do anything significant is an IP address. NAT takes care of that pretty well. Most important however is looking for trouble....for example, looking for "game cracks" is one way to end up at a bad site.

    I have ten machines here and our routine malware searches have'nt found anything more than a tracking cookie in years. If you follow the security recommendatiosn on sites such as grc.com, I think you gonna give a hacker more trouble than your worth.

    It's just that I don't see what use it is hardening Palm Desktop when, under the scenario you have described, the hackers would have full access to Ecco Pro, Lotus Organizer, Outlook, Notes and whatever on top of a much more easily grabbable and hackable Treo.
  9.    #9  
    Quote Originally Posted by JackNaylorPE
    If that was the case, I think there would be a lot more infected PC's around.
    What does "a lot more" mean? And are you saying there aren't many infected PCs today? What is considered "many" to you?

    You do know where spam comes from, don't you? Zombie PCs owned by unsuspecting victims. I'm guessing dozens of infected PCs try to send you email every hour every day.

    By the way, regarding the 1.5 million PCs exploited by 3 arrested men: Bruce Schneier (renowned security expert) commented about that incident saying that reputable sources said actual numbers are much higher. If you look at Bruce's background, he wrote highly-respected books and regularly destroys the reputation of security vendors by exposing their insecurities & false marketing claims.

    Also, if you google about the arrest involving 1.5 million PCs, you'll see that the ISP helping police dismantle the botnet said it was just the tip of the iceburg. I believe it was the same ISP that originally tipped off the police. The person I know at Innersafe has the article saved so I can send it to you by PM if you are interested in this topic. (you seem like you know more than the average user so I'm guessing some interest about security)

    When you research the extent of infections, you will find that it takes effort to uncover the true extent of the problem. The lazy will continue to rely on statistics designed to head off panic (like theft stats ignoring Zombie PCs) or exaggerated stats by vendors (like categorizing cookies as trojans).

    Right now, details from arrest reports and spam volume give us rather unbiased evidence about this problem.

    The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is. -Winston Churchill
  10. #10  
    I don't get what ANY of this has to do with the Treo except for his "oh....... but if you load my program, it will fix this for you" part, which is just spam.. Should be moved to another forum.
  11. #11  
    <moved>
    V > Vx > m505 > m515 > T/T > T3 > TC > 650 > 680
    <script type="text/javascript" src="http://download.skype.com/share/skypebuttons/js/skypeCheck.js"></script>
    <a href="skype:wwgamble?call"><img src="http://mystatus.skype.com/balloon/wwgamble" style="border: none;" width="150" height="60" alt="My Skype status" /></a>
  12. #12  
    lol OT's the spam forum now
  13. #13  
    Scene: A cafe. One table is occupied by a group of Vikings wearing horned helmets. Whenever the word "spam" is repeated, they begin singing and/or chanting. A man and his wife enter. The man is played by Eric Idle, the wife is played by Graham Chapman (in drag), and the waitress is played by Terry Jones, also in drag.

    Man: You sit here, dear.
    Wife: All right.
    Man: Morning!
    Waitress: Morning!
    Man: Well, what've you got?
    Waitress: Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam; spam bacon sausage and spam; spam egg spam spam bacon and spam; spam sausage spam spam bacon spam tomato and spam;
    Vikings: Spam spam spam spam...
    Waitress: ...spam spam spam egg and spam; spam spam spam spam spam spam baked beans spam spam spam...
    Vikings: Spam! Lovely spam! Lovely spam!
    Waitress: ...or Lobster Thermidor a Crevette with a mornay sauce served in a Provencale manner with shallots and aubergines garnished with truffle pate, brandy and with a fried egg on top and spam.
    Wife: Have you got anything without spam?
    Waitress: Well, there's spam egg sausage and spam, that's not got much spam in it.
    Wife: I don't want ANY spam!
    Man: Why can't she have egg bacon spam and sausage?
    Wife: THAT'S got spam in it!
    Man: Hasn't got as much spam in it as spam egg sausage and spam, has it?
    Vikings: Spam spam spam spam... (Crescendo through next few lines...)
    Wife: Could you do the egg bacon spam and sausage without the spam then?
    Waitress: Urgghh!
    Wife: What do you mean 'Urgghh'? I don't like spam!
    Vikings: Lovely spam! Wonderful spam!
    Waitress: Shut up!
    Vikings: Lovely spam! Wonderful spam!
    Waitress: Shut up! (Vikings stop) Bloody Vikings! You can't have egg bacon spam and sausage without the spam.
    Wife: I don't like spam!
    Man: Sshh, dear, don't cause a fuss. I'll have your spam. I love it. I'm having spam spam spam spam spam spam spam beaked beans spam spam spam and spam!
    Vikings: Spam spam spam spam. Lovely spam! Wonderful spam!
    Waitress: Shut up!! Baked beans are off.
    Man: Well could I have her spam instead of the baked beans then?
    Waitress: You mean spam spam spam spam spam spam... (but it is too late and the Vikings drown her words)
    Vikings: Spam spam spam spam. Lovely spam! Wonderful spam! Spam spa-a-a-a-a-am spam spa-a-a-a-a-am spam. Lovely spam! Lovely spam! Lovely spam! Lovely spam! Lovely spam! Spam spam spam spam!

Posting Permissions