Security » TamsPalm - the Palm OS / web OS Blog

Why Palm needs to get serious about security

Oct 062007

For several years, now, security experts have been talking about the threat posed by Palm OS malware and malicious hackers. And, really, it’s all been talk. There have been a few, not-very-successful trojans, and an exploit for Treos that would let someone retrieve a few bits of info even if the Treo was locked. But that’s pretty much it.

Still, the security people have a point. The average Treo-toting businessperson uses their device as a way to carry around the documents,programs, and media that they need to have handy. In other words, the really important stuff that they use a lot resides on their Treo. Of course, that would be a luscious target for crackers if they could get in. But, with no multitasking or services, the Palm OS is probably one of the most secure operating systems developed.

Of course, that’s all going to change when Palm OS 2 comes out.

Okay, before everyone jumps on me yelling “But Linux IS secure!”, let me say:I like Linux. It’s definatley secure. But a basic truth is that the more complex you make a computer system, the more bugs you get. And the more bugs you get, the easier it is to break into a system. And let’s not forget multitasking, the lack of which has been the primary factor protecting the Palm OS from a storm of viruses and other malware.

So, how do you fix that? You focus on making a PDA, not a tiny computer that has 3000 ports wide open. At the same time though, you leave the door open for third party developers to design this sort of thing. In other words, you give your users a choice–the not-that-security-conscious business people can have a PDA, and PDA enthusiasts(who are probably more security conscious) can mod the thing to their heart’s content.

Public service announcement: SMS scam running rampage in Austria

Basics, Security, Software News 4 Responses »

Oct 052007

Dialer scams were very popular a few years ago. Cutting a long story short, a dialer is a program that calls special premium-rate numbers without your consent and generates income for the ‘scammer’. These were effectively banned in Austria and Germany a few weeks ago…and the Mafia now strikes back with premium SMS.

A premium SMS is an SMS or MMS that you are charged for by the carrier – and a part of the money goes to the sender. Now, premium SMS scammers send out SMS like the one shown below(translated: have fun, you already wasted 10€):
0 Public service announcement: SMS scam running rampage in Austria

This serves two purposes: first of all, outraged user could potentially call back, causing income for the operator. But the scammer even earns money without you calling back -the carrier charges for delivery.

In my case, the price of the SMS was 3Euros(appox 5 UsD)…a sum that many people will not notice on their bill. Given a few thousand ‘sheep’, the scammer can make a nice living.

Defending yourself against scammers is easy, however:

Check your bills
in Austria, there is an old saying that goes along the lines of: vigilance is the mother of the crate full of china. Checking your bills for weird charges as they arrive will protect you from scams – if someone tries to rip you off, just call your carrier. Every somewhat cooperative carrier will then book the charge back…if he doesn’t, swapping carriers is a very good idea.

Consider a premium rate number lock
If you don’t need premium rate numbers(call proxies,…), why not block them all. Your carrier will offer this service for almost nothing – the peace of mind gained by this could well be worth the tiny fee(T-Mobile does it for free after a scam has occurred).

I am currently pursuing an interview with T-Mobile’s on the matter – stay tuned!

SplashID 4.03 review � Brand New Ways to Protect Your Data

Productivity, Security, Software reviews 3 Responses »

Aug 152007

SplashData has recently updated their password manager to version 4.03. The new version of SplashID introduces a number of new features, including:

Enhanced Security
Web AutoFill (In the Windows version)
The ability to synchronize multiple SplashID databases
Enhanced Lookup Feature
The ability to e-mail securely encrypted SplashID records
The ability to add additional standalone desktop users
Updated Icon set (with the ability to add custom icon sets)
100% Vista Compatible

So, why, should you use SplashID over, for instance, SmartList To Go? SplashID can not only be used as a Password Manager, but also as a secure way to store other tidbits of information, such as contacts, and small notes that you would like to keep separate from your normal data set. For example, my application registration keys now exist in SplashID, rather than an unencrypted Pilot-DB database:
SplashID 4.03 Reviewed html 550eff42 SplashID 4.03 review � Brand New Ways to Protect Your Data

When you first start up SplashID, you are greeted with this rather foreboding password screen:
SplashID 4.03 Reviewed html 7e35d6dd SplashID 4.03 review � Brand New Ways to Protect Your Data

After 10 tries, you are locked out of the application and your database is erased. This prevents password cracking programs that may rely on a Brute Force Password Cracking Technique (yes, I have seen applications like this in the wild, running directly on the device…)
SplashID 4.03 Reviewed html 4ceaec8 SplashID 4.03 review � Brand New Ways to Protect Your Data

As I said before, SplashID has plenty of uses outside of a password manager; Even from the first instance you start it up, you know that there are plenty:
SplashID 4.03 Reviewed html m1536e2f1 SplashID 4.03 review � Brand New Ways to Protect Your Data

One of the features that I saw very interesting was a view called List View. As implied, List View presents you a tree that you can use to view records by categories, type, etc. Pretty cool, imho:
SplashID 4.03 Reviewed html m4946ea2c SplashID 4.03 review � Brand New Ways to Protect Your Data

So, if you have a bunch of data sitting in an unsecured database, or you have a snoopy relative, or you are just plain paranoid, SplashID is a wonderful application to keep your data safe! This review covers version 4.03 of SplashID, which can be purchased for 29.95$ at the TamsShop, however, previously registered users can snag this wonderful application at 9.95$