Re: Windows mobile 5/activesync4/bluetooth over ethernet

Good answer, but again it only goes to highlight the defective nature of the
products, they should damn well fix the hole and ensure that standard
security protocols are required and cannot be circumvented.

Thinking harder about this, do you really believe that a worker can open
ports on an enterprise client PC! If he can then it is the enterprise at
fault not the worker NOR MS-activesync.

Nope, although you make a sound coffee lunch break argument, the truth of
the matter is not that simple.

File sharing is not "turned off" on winXP because someone somewhere might
open the fileshare port in windows Firewall and fail to set Admin passwords
or shares to everyone (ahem! by default ;).

Hell, why not disable the XP firewall user config! If you get my point.

The Ent.Domain (employers) can perfectly well look after themselves, if they
cant then they should increase the IT spend!!

"Sven" <sejohannsen@xxxxxxxxxxx> wrote in message
news:%23le6A9KBGHA.1676@xxxxxxxxxxxxxxxxxxxxxxx
> While VPN tunnels etc. might be difficult to set up, though they do afford
> excellent protection, the reality is that most regular consumers, don't
> bother. It was completely possible to just punch the right holes in the
> firewall or do port forwarding given the typical home NAT setup and
> ActiveSync from the local coffee shop with free WiFi....totally in the
> clear, data, authentication, the whole bit. Not a good idea. Is that a
> problem for me and maybe you? Possibly not. We may only sync via WiFi at
> home, where we have some encryption turned on. Is it an issue for
> employers who are concerned about data that probably shouldn't be on the
> PPC in the first place, and darn sure doesn't need to be flying over the
> net in the clear. Yea it is. Was the vulnerability published in both
> academic and underground circles. Yea. Could MS say, no biggie, just don't
> use it if it bothers you. Nah, doesn't work that way. Could they fix it?
> I'm sure they could, but only they could assess the effort and resources
> required.
>
> --
> Sven
> MVP - Mobile Devices
> "jd" <jd@xxxxxxxx> wrote in message
> news:eQodOSKBGHA.1676@xxxxxxxxxxxxxxxxxxxxxxx
>> "humbug" The Enterprise had nothing to do with it.
>>
>> Are we really suppose to believe that VPN tunnels, NAT and
>> WindowsAuthentication is so weak that its even concievable that someone
>> with the expertise to get in would waste his time to access a few
>> contacts and emails rather than simply access the entire domain! (which
>> he'd be able to do, if he got far enough to do an unautherised remote
>> sync)
>>
>> Come on pull the other one its got bells on it (pun intended).
>>
>> NO NO NO NO
>>
>> The reason remote sync was pulled was for 2 simple reasons:
>>
>> 1) SME and personal users struggled with the VPN, Ports etc (even with
>> the right credentials!!) generating lots of complaints and heartache!
>>
>> 2) MS thought, we can ensure SME (or Ent.) use exchange!!! $$$$$$$
>>
>> OIL.....I mean MONEY, thats what its really about.
>>
>> Not forgetting Push-eMail ;)
>>
>> JD
>>
>> "CeeBee" <ceebeechester@xxxxxxxxxxxx> wrote in message
>> news:Xns973128544727ceebeechesterstartco@xxxxxxxxxxxxxxxx
>>> "Sven" <sejohannsen@xxxxxxxxxxx> wrote in
>>> microsoft.public.pocketpc.activesync:
>>>
>>>> To be a little fair, though, considering the heat MS takes for security
>>>> in general, there was no chance this could have gone unaddressed. The
>>>> tradeoff between using resources to develop what may have been seen as
>>>> an ineffective solution, and just plugging the hole, must have fallen
>>>> on
>>>> the side of plugging the hole.
>>>
>>> Agree. That's quite the relevant addition, methinks. In a time where
>>> WiFi
>>> buzzes our collective brains out with 2.4GHz radiation all around MS
>>> should
>>> have solved the problem instead of walking around it, effectively
>>> ignoring
>>> it.
>>>
>>> My point though was that in this case the policy wasn't _initiated_ by
>>> MS,
>>> but by the enterprise users.
>>>
>>> --
>>> CeeBee
>>>
>>> *** The Cookie Has Spoken ***
>>
>>
>
>


.

Relevant Pages

  • Re: Active sync and the Internet
    ... I have disabled ethernet sync. ... Connection manager blocked from listening to ports TCP 999,1026,5679,7438 ... > Do you Have ethernet sync enabled in Activesync? ... >> dialup broadband Internet service. ...
    (microsoft.public.pocketpc.activesync)
  • Re: Active Synce
    ... you don't need those ports. ... OTA Activesync only requires 443, so leaving all those open are holes in your security you don’t' need. ... Secondly, when you get a sync error on a phone, it always has that link for "more details." ... Don't know why their phones don't sync any more. ...
    (microsoft.public.windows.server.sbs)
  • Re: IE8 or SP3 has disabled printing
    ... HP released it's fix. ... Microsoft has a reputation for maligning LPT ports when upgrading to ... I think since parallel ports are not so popular, ...
    (microsoft.public.windowsxp.general)
  • Re: Active sync and the Internet
    ... maybe it used as a part of the passthough internet conenction? ... > I have disabled ethernet sync. ... > Connection manager blocked from listening to ports TCP 999,1026,5679,7438 ... >> Do you Have ethernet sync enabled in Activesync? ...
    (microsoft.public.pocketpc.activesync)
  • Re: Fixing -pthreads (Re: ports and -current)
    ... people fix them. ... I don't have the time to fix broken ports ... transition to libpthread is making ports PTHREAD_LIBS compliant. ... has been over 2 years since, yada yada yada, and the ports ...
    (freebsd-current)