Re: No SSL Should I care?
- From: "JRB" <JRBf@xxxxxxxxxx>
- Date: Mon, 22 Sep 2008 23:58:08 -0400
Thanks. I am sufficiently scared to not try it then. I'll either fix my
server issue or keep using Verizon's Wireless Sync which does use AES
encryption.
Thanks for the reply.
"Chris De Herrera" <spam@xxxxxxxxxxxxxxxx> wrote in message
news:uD3yYoMHJHA.1160@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
You are asking an statistics question about security now. I do not know
all the companies that your data will flow through unprotected starting in
the US, across the ocean and then to your destination.
Let me put it different way, any individual that has access to capture
data can get your username, password and e-mail. Since the username and
password are the same for your network, then the network is also
vulnerable.
--
Chris De Herrera
http://www.pocketpcfaq.com
http://www.pocketpctalk.com
http://www.tabletpctalk.com
http://www.mobilitytalk.com
"JRB" <JRBf@xxxxxxxxxx> wrote in message
news:OZymgaCHJHA.4600@xxxxxxxxxxxxxxxxxxxxxxx
Thanks for the reply.
I was going to use activesync over wifi in europe since my 730 won't work
there. Will I have issues with people able to steal usernames/passwords
etc as I log in using wifi with no SSL? Is that likely? What do they
have to do to get the data since I will be on a boat using their wifi and
using brand name hotels wifi.
I can't use a local cert because I have an invalid common name in my host
name field or some such thing. I also have a samsung I760 running WM
6.1 and I couldn't get that to work using SSL either.
"Chris De Herrera" <spam@xxxxxxxxxxxxxxxx> wrote in message
news:OoOV323GJHA.3628@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
Yes you should care about not having SSL to sync with SBS. SSL secures
your data from being accessible over the internet by others because it
is encrypted. The risk depends on where and how you connect to the
internet and the people that have access to those systems including all
the communications from each site to your server. Any one of them could
capture your data.
You can always use a locally issued cert on the SBS server, export it on
your PC and install it on your i730.
--
Chris De Herrera
http://www.pocketpcfaq.com
http://www.pocketpctalk.com
http://www.tabletpctalk.com
http://www.mobilitytalk.com
"JRB" <JRBf@xxxxxxxxxx> wrote in message
news:%23wkbXzwGJHA.728@xxxxxxxxxxxxxxxxxxxxxxx
I have a server running SBS 2003. I have a Samsung I760 pocket pc
running WM 6.0 and a Samsung I730 running WM 5. Verizon is my carrier.
Normally, I run Verizon's wireless sync program and as I understand it,
that provides SSl encryption between my server and the verizon web
pages it syncronizes with and verizon itself provides some encryption
while my data is being transmitted between towers.
I just started using my 730 as a wifi only phone. I had to activate
activesync since I can only have 1 active phone. Problem is that I am
not a tech guy and have never been able to correctly install a
certificate on my server so I have to leave the SSL box unchecked on my
730. It works fine and synchronizes fine also.
My question is do I really care that SSL is unchecked? What are the
possible security problems and what is the REALISTIC risk that
something bad will happen? What kind of bad things can happen? You
get the point <G> Can I just keep using activesync over wifi since the
risks are so small? I know the official microsoft position has to be
to use SSL but I just want to know the risks and likely outcome of this
choice.
Thanks in advance for any help you can offer.
.
- References:
- No SSL Should I care?
- From: JRB
- Re: No SSL Should I care?
- From: Chris De Herrera
- Re: No SSL Should I care?
- From: JRB
- Re: No SSL Should I care?
- From: Chris De Herrera
- No SSL Should I care?
- Prev by Date: Re: ActiveSync 4.5 and Microsoft's amazing ignorance of the true problem therein!
- Next by Date: How do I get direct push to work on WM6.1 and Exchange Server
- Previous by thread: Re: No SSL Should I care?
- Next by thread: synch never completes
- Index(es):
Relevant Pages
|
Loading
