<div class='os_post_top_link'><a href='http://www.theregister.co.uk/2004/09/01/pda_sec/' target='_blank'>http://www.theregister.co.uk/2004/09/01/pda_sec/</a><br /><br /></div><i>"Worker apathy about PDA security is putting corporate data in jeopardy. The storage of the names and addresses of corporate customers on PDAs is now common - but security practices are struggling to keep up with technology usage. Two thirds of users do not use any kind of encryption to protect confidential data on mobile devices, according to a survey commissioned by Pointsec Mobile Technologies and Infosecurity Europe. The Mobile Vulnerability Survey 2004 found that a third of users do not even use password protection on their devices, leaving the information vulnerable to opportunists, hackers or competitors."</i><br /><br />One of the scary things about this survey was that one in eight respondents to the survey had lost their PDAs. That's a lot of loses. The most popular(?) locations to inadvertently dispose of PDAs were in taxis (30 per cent), in cars (20 per cent), at home (20 per cent), at an airport (10 per cent) or in a restaurant (10 per cent). So, next time you leave a restaurant to take a taxi to the airport, be sue to check down the back of your seat. You never know what you may find. ;-)<br /><br />So, fes' up. How many of you good folks have lost you PPC and where did you lose it? Was your data secure, or were you wide open? What did you do to ensue that it did not happen again?

We run Pylon Anywhere with the Systems Management add-on. This allows us to blow away (hard reset) the unit and wipe SD cards remotely. All the user has to do is call me and I can intiate a synch to have it destroyed. We also have forced power login, three times wrong and it hard resets. We also have enabled 30 day required sync, if it doesn't sync in 30 days, hard reset.

All traffic to Pylon Anywhere server is encrypted too.

Not much more I can do.

I lost an iPAQ in a plane, It was after my wedding, my wife and I were heading HongKong (our home at this time). I was so tired that I just leave the plan and left my iPAQ on the seat...
Well I was not that sad at this time, it gave me an excuse to buy a new one ;)

I lost my HP 568 down a cinema seat. My only security was the fact that it would go blank in a few days if not charged. Ive always found the start-up password to make impromptu use of the PDA much more difficult.

These days I use a belt-clip (did not then, because as we know the HP 568 did not need a case at all (killer feature))) and I know instantly when my XDA II is not on my person.

Surur

Well I was not that sad at this time, it gave me an excuse to buy a new one ;)

Sounds like you did OK there Daimaou. :wink:

I'm fortunate enough not to have lost a device, but I set my password to come on as soon as the unit automatically switches off (after 2 minutes inactivity). I don't find it too much of a hassel & better safe than sorry. I also use the MS Powertool to give me a strong password with characters and alphanumerics & don't store any data on the CF card.

Lost mine at WalMart. I was highly upset. I had a Krussel compact flash case (it was an iPaq 3975), a 1 gig compact flash card in the device, and a Socket compact flash card and a $100 bill tucked in the case. I am, however, MUCH happier with my 4155 And my Vaja case now.

I am in the high bracket..........

Lost my 1910 in a Taxi 2 years ago. Everything Important was in Ewallet and secure.......... I hope!

This is a little off-topic...

I currently have the built-in Pocket PC password utility set to a 4 digit numerical password with a 0 minute prompt. I have the "Memory" screen open, and every time I turn my Pocket PC off then on and type in my password I've lost 270-300 KB of memory.

I suspected this was happening a while ago because my Pocket PC seemed to run out of memory very fast and the only thing I had changed was turning this password utility on, but I never really checked to see if it was really happening. Does anyone else have this problem??? Is there a fix for this?

I have to admit, although I've never lost a Pocket PC (but I have been unable to remember which SCOTTeVEST pocket I put it in) and I keep my passwords safe and encrypted with CodeWallet Pro, I don't have any security in place to protect my Contacts list. I don't really have anything that's all that sensitive, but it could be kinda useful to a competitor, I guess.

I think I better at least turn on the power-on password...

I think I better at least turn on the power-on password...

:way to go:

I find that using an entry method that lets you store text macros makes entering the password much less of a hassle....hence I am more likely to use it.

Also currently trialing PDA Secure Premium at the moment.

Cheers,

Philb.

I have never lost any of my PDAs. And I don't really use any security protection on it. But then again, I don't keep any sensitive materials on it.

I use Nice Start as my entry password program and it's set to lock after 4 attempts. I also use Flexwallet and it has its own password. Work related stuff is on an SD card protected by F-Secure and its password. Hopefully if I ever lose or misplace the Ipaq, I can feel safe....but what a pain in the a** getting to things. :lol:

Do you guys have a memory leak with the power-on password like I mentioned on the first page? This is the only reason I don't use a power-on password... :(

I have lost my PPC twice now, that's how I ended up with a iPAQ 2210 from my HP548 at no extra cost. Both times it was stolen from my car at supermarket car parks, along with everything else in my 'briefcase' such as my laptop and digital camera.

I always use the login password, set to 2 minutes and all passwords are stored in Flexwallet. No sensitive files are stored on a flash card, only music and games.

Touch wood, my next PPC I will purchase.

Have not lost any PDAs yet, and not looking forward to :)

I considered myself as a person who is quite disciplined. Everytime I got up from a chair, my hands automatically pat 4 places on my body :
- back right pants pocket, checking for wallet
- front right pants pocket, checking for axim
- belt pocket, checking for V600 and T720
- shirt pocket, checking for minolta dimage

I dont have any security in my axim, no password, no encryption.
I kept my contacts, passwords and financial info in the axim.
Passwords and fiancial info are in cleartext (notes) and self-encrypted, example : suppose my actual password is armageddon$() .. what I put in the notes is 'arm'. I just have to remember what arm means.

I considered myself as a person who is quite disciplined. Everytime I got up from a chair, my hands automatically pat 4 places on my body :
- back right pants pocket, checking for wallet
- front right pants pocket, checking for axim
- belt pocket, checking for V600 and T720
- shirt pocket, checking for minolta dimage

I bet you can't wait till PDAs are biologically integrated into our head! :lol:

I considered myself as a person who is quite disciplined. Everytime I got up from a chair, my hands automatically pat 4 places on my body :
- back right pants pocket, checking for wallet
- front right pants pocket, checking for axim
- belt pocket, checking for V600 and T720
- shirt pocket, checking for minolta dimage

I bet you can't wait till PDAs are biologically integrated into our head! :lol:

:p

Of course all the patting above only occurs during office hours, because when I am out of the office, for security reason I put everything into the laptop bag, except wallet and a mobilephone. So I just need to check 1 item. if the laptop bag is with me, then I am OK. :)

I got an interesting experience with leather laptop bag. I was walking in a mall with my laptop bag, and suddenly I realized that there is a kid right behind me. When I turn around to see him, he run away from me. I realized that there must be something wrong. I checked the laptop bag, there is a hole in the back of the laptop bag, and one of my mobilephone is almost fell out from the hole. Apparently the kid successfully made a hole in my laptop bag, and he was in the process of retrieving my mobilephone when I turn around.

Now I use a samsonite extralight laptop hardcase. One will need to have a lightsaber to make a hole on it :)

Is the power-on password memory leak only a problem with my Pocket PC??? :?

Softwinter's Sentry 2020 for PPC (http://www.softwinter.com/sentry_ce.html) provides rock solid security without the file-by-file encryption-decryption routine. The price is a bit steep but pays off for those seeking high-end security and ease of use. (Of course, it is always good to run Sentry 2020 for PPC with the power on password).
PS The PC version also works like a charm.

Is the power-on password memory leak only a problem with my Pocket PC??? :?

By the fact that noone responded to your problem, I would say the answer is 'yes'. But I could be wrong though.

What pisses me off is that Compaq made huge strides in PDA security by including a biometric reader (fingerprint) with the iPAQ 5xxx series (as well as limitless expansion capabilities), and Carly Fiorina has gone to great lengths to ensure that the PocketPC is brought years back in both security and expansion capability. May Carly burn in H - E - double hockey sticks. Grrrr. Carly, will you please just DieDieDie already, and let somebody else take over HP?

Is the power-on password memory leak only a problem with my Pocket PC??? :?
How do you check for a memory leak ?

How do you check for a memory leak ?

1. Run the PocketPC
2. Open and close the same application over and over, or perform the same function repeatedly (e.g., create new document, enter contents, save document, delete document, repeat et al until memory errors are encountered or the memory growth is otherwise obvious)
3. Observe available memory decrease, usually in a linear fashion.

This is obviously much easier to nail down on Windows on the desktop, thanks to the availability of task mangler^H^H^H^Hager, performance monster^H^H^H^H^Hitor, and other tools, but I believe that gnu tools such as "top" are available for the PocketPC now, and that will allow you to track advanced statistics on a per-process basis.

Alternatively:

1. Run in a debugger using NuMega tools (now Compuware DevPartner)
2. Read the code, line by line, following all possible decision branches, and make sure that each malloc() (or other allocation call) is accompanied by a free () (or other appropriate deallocation call) whenever required. Of course these alternative solutions require access to the source. ;)

Way back when, I had my car broken into where I had neglected to bring in my Newton. sadly, that was the last I saw of it :(

I have had a couple of scares with my current iPaq 2200, with not being able to find it, but It was always in the house somewhere...

AXE

I opened and closed (a real close using Magic Button) several applications 5-6 times each and didn't see any change in memory. I based the readings on the memory percent indicated on my Today screen by a program called Powerlevel. If that's how you test for leaks, then I don't have any.

This is a little off-topic...
I currently have the built-in Pocket PC password utility set to a 4 digit numerical password with a 0 minute prompt. I have the "Memory" screen open, and every time I turn my Pocket PC off then on and type in my password I've lost 270-300 KB of memory.
I suspected this was happening a while ago because my Pocket PC seemed to run out of memory very fast and the only thing I had changed was turning this password utility on, but I never really checked to see if it was really happening. Does anyone else have this problem??? Is there a fix for this?
T, I tried to replicate your "leak" & indeed I saw the available memory reduced by ~200K after turning it off & on again. In less than 2 seconds though it went right back up! Are you saying that's not happening in your PPC? Try waiting a little, see if the memory is released again. If it's not I'm afraid you might indeed be having a specific problem.

FYI, I'm used an iPaq 2210 with nothing else open, only the memory screen, standard 4-digit password setting.

Rosie

I lost my first HP 1910 while in the car. I was returning to Dallas from a client in Oklahoma City and at some point the PPC fell out of its cubbyhole in my car's center console onto the floor and I must have kicked it out when I was getting out of the car. I made several stops on the way home, so I was never sure exactly where I left it.

Somewhat fortunately, it was raining hard that day, so I figure it probably got ruined before someone could use it.

Now I have password at power-up (using Picture Password) and I keep all sensitive data in FlexWallet or other password-protected apps.

I lost my very first Pocket PC, a HP Jornada 545, after an alcohol-laden night out. Now I try not to bring any of my toys with me when I know I'll be drinking, but it's hard - I'm always worried that I may need it for something!

The only thing I want to add is that it is very very important to secure your PDA or Smartphone.
Especially corporate employees have to do this.
When people start adding their bank accounts and their PINS into PDAs it starts getting critical without a password or data encryption.
When people synchronize EMAILS - it gets really really important to protect the information , maybe of customers, partners and suppliers that are critical for business access.
When you look at a regular PC, Notebook, the devices are centrally adminstered and secured.
The same should happen with PDAs ans Samrtphones - because the network is not closed anymore with these devices - except you find a solution for it.
The best solution we have found in the market is:
PDA-Secure. It establishes mobile networks with PDAs and Smartphones and offers an intrusion detection and prevention system.
A good link is:
www.handheld-security.com