12-03-2003, 06:00 PM
|
|
Contributing Editor Emeritus
Join Date: Aug 2006
Posts: 8,228
|
|
Windows Mobile 2003 Security Issues
http://www.cewindows.net/bugs/wm2003netsec.htm
Chris De Herrera as identified four bugs in Windows Mobile 2003 when it comes to accessing network resources and has included some workaround to prevent some of them.
"I began by setting up the following scenario: A Windows Mobile 2003 device was to access a shared folder on my Acer Tablet PC. The folder I chose to share was C:\Documents and Settings\All Users\Shared Documents with the share name Shared Documents. I used the default Simple Sharing since Microsoft recommended it."
This is an article that network admins may be particularly interested in.
|
| |
|
|
|
12-03-2003, 10:31 PM
|
|
Sage
Join Date: Feb 2002
Posts: 784
|
|
Glad I ran across this article, just the other day I set up a backup PC for home but couldn't figure out a way to have user level sharing but it sounds like disabling "Simple Sharing" will allow me to set user permissions on folders.
|
| |
|
|
|
12-03-2003, 11:23 PM
|
|
Intellectual
Join Date: Aug 2004
Posts: 170
|
|
I'm a little confused here, unless I read the article all wrong...
Isn't share access controlled by the host PC?
So if you disable a user on the host..
the client trying to attach to the host would try and the host would reject right?
Maybe WM2K3's caching the directory information?
It just doesn't seem right... To me, it just doesn't seem like it'd be an issue with the client.
|
| |
|
|
|
12-04-2003, 05:43 AM
|
|
Pupil
Join Date: Jan 2003
Posts: 11
|
|
Quote:
|
Originally Posted by DimensionZero
I'm a little confused here, unless I read the article all wrong...
Isn't share access controlled by the host PC?
So if you disable a user on the host..
the client trying to attach to the host would try and the host would reject right?
Maybe WM2K3's caching the directory information?
It just doesn't seem right... To me, it just doesn't seem like it'd be an issue with the client.
|
the share doesnt care who it is. thats the point. forget caching, you could have accessed that share from a pc running mandrake w/ samba loaded and never even specify any creds. "Everyone" means "Everyone" so there's no _wrong_ user id or password.
|
| |
|
|
|
12-04-2003, 02:44 PM
|
|
Ponderer
Join Date: Feb 2002
Posts: 69
|
|
Mischaracterization
Agreed, the persistent access from the PocketPC was because of the "Everyone" account allowance (any sysadmin knows to remove this immediately when a share is created, but, hey...) and had nothing to do with the PocketPC. However, in isolating the problem, what this DID reveal was that you can't easily remove or change a canned username/password you've saved on the PocketPC in the process of connecting to a network share, and it reveals the glitch that makes the PDA prompt for username/password even when one is not required in the share. Potentially, this fact could become a security issue, but it depends on whether the sysadmin creating the share has enacted proper security. It also means that someone could get your PDA and potential obtain a valuable username/password.
|
| |
|
|
|
|
|
|
Linear Mode
