Re: OTF Encryption? Basic PPC2003 se security questions? (newbie)
From: Roger Parks (CompletelybogusAddress_at_Privacy.net)
Date: 12/29/04
- Next message: alan smith: "Re: Countdown clock?"
- Previous message: Oz: "Programmes to send mass SMSs???"
- In reply to: Beverly Howard [Ms-MVP/MobileDev]: "Re: OTF Encryption? Basic PPC2003 se security questions? (newbie)"
- Next in thread: Beverly Howard [Ms-MVP/MobileDev]: "Re: OTF Encryption? Basic PPC2003 se security questions? (newbie)"
- Reply: Beverly Howard [Ms-MVP/MobileDev]: "Re: OTF Encryption? Basic PPC2003 se security questions? (newbie)"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 29 Dec 2004 01:58:27 +0100 (CET)
THANK YOU for your response!!
> Beverly Howard [Ms-MVP/MobileDev] wrote:
> in general... there are no current ppc exploit threats... the ppc is a
> client only, which deals with most exploit methods... there have been
> some "proof of concept" exploits, but no known current threats to
> default installs.
Good to know.
The concern here would be coming across one of those "overflow/arbitrary
code" exploits that gets I.E 6+ even though ActiveX is disabled. Or, I
suppose, an active daemon (com?) is attacked.
>
> os is in rom, but called from ram space... complicated, but "half true"
> since rom files can be displaced by replacement files.
This suggests that the loader looks at a "replacement" folder before
loading in a file from rom? e.g. a dated "ms.dll" in rom would be
replaced at load time by an updated "ms.dll"? What is the name of that
folder (or is it specified in some .ini or registry key?)
>
> added programs can be loaded into ram or memory cards, and are loaded
> into "program memory" (start/settings/system/memory)
>
> There are some third party encryption packages.
>
> However, the device "password" is very secure with respect to anything
> in ram (not on memory cards or "safe storage") It increases intervals
> between attempts and the only way to recover from a lost password is to
> hard reset the device which erases all ram content.
Excellent!!
And "safe storage" is non-volatile memory!? So a hard-reset erasure is
an active action!?
If so, then someone could - hypothetically - physically remove the
"safe-storage" memory and then read it!?
And if so, then an encryption program that decrypts from one file in
safe-storage to another would be undesirable; whereas on that decrypts
"on the fly" into execution memory would be better!?
(sorry 'bout the questions; a friend experienced identity theft :-(
>
> "power down" does not erase ram... it simply puts the device into
> "suspend" mode.
Heh...... learned that this afternoon when I powered up and there was my
last program open and ready to continue :-)
however, afaik, there is no way to extract ram data
> such as using a hex editor.
>
> Happy Holidays,
> Beverly Howard [MS MVP-Mobile Devices]
THANK YOU again!!
- Next message: alan smith: "Re: Countdown clock?"
- Previous message: Oz: "Programmes to send mass SMSs???"
- In reply to: Beverly Howard [Ms-MVP/MobileDev]: "Re: OTF Encryption? Basic PPC2003 se security questions? (newbie)"
- Next in thread: Beverly Howard [Ms-MVP/MobileDev]: "Re: OTF Encryption? Basic PPC2003 se security questions? (newbie)"
- Reply: Beverly Howard [Ms-MVP/MobileDev]: "Re: OTF Encryption? Basic PPC2003 se security questions? (newbie)"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
