Thread: Wireless Sync option on the i500
View Single Post
Old 09-01-2003, 01:30 PM
     
  #51 (permalink)  
robo45h
Registered User
Join Date: 04-11-2003
Posts: 349
  Send a message via AIM to robo45h Send a message via Yahoo to robo45h

Re: Re: Reminder: security issue
Quote:
Originally posted by MrSandman
Most of my really personal info such as passwords, credit card numbers and bank account info is in a couple of password protected apps. How vulnerable, if at all, is this data during a wireless hotsync?
Several things to take into account:
  • If the application does not encrypt the data, but just prevents access without entering a password, then the data is going to traverse the Internet in plain text. I would hope that a password storage app would encrypt it's data.
  • It's unlikely someone could directly "target" you easily to find your data. I.e., they specifically wanted your data, they'd have to be able to monitor specifically your traffic. This would mean having access to the Vision network or to your personal LAN in order to monitor for your IP address (either the phone address or the PC address). They could also be at most "1 or 2 networks" away, such at the connection between Vision and the Internet, or between your LAN and the Internet (such as at the ISP where your company's firewall connects, etc.). But see "Your Neighbors" below.
  • However, a malicious Sprint employee or contractor with a monitor on the Vision network, or a malicious Internet backbone contractor (say at MCI/Uunet or Sprint or ATT or BBN or AlterNet, etc.) with a monitor, or a malicious employee or contractor at your ISP might randomly capture and find your data. Perhaps by logging lots of traffic and searching for some keywords. Perhaps even searching for strings that indicate a Network HotSync if they're that sophisticated and think there are enough people doing it (the last two don't seem likely).
  • Your neighbors -- if you use a "shared media" ISP such as Cablemodem. This is the worst case -- but it doesn't apply to DSL. With cablemodems, everyone in your neighborhood is sharing the media, just like non-switched ethernet in the office or on your home LAN. So they could specifically target you by monitoring your IP address and traffic. And they can do so from the comfort of their living room. Sattelite "dish" ISPs are similar. Also, i fyou use wireless on your Home LAN, especially if you don't even have the weak WEP security enabled. But if this is the case, then you have bigger problems than Network HotSync.
 
robo45h is offline   Reply With Quote