Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Going Mobile - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Going Mobile

Earlier today, Symantec released a security advisory detailing a vulnerability in how Palm OS Treo smartphones allow users to access data. Users with physical access to the device are able to use the Find feature to locate data, even when the device is locked. As a fix has not yet been released, Symantec advises to notify users so they are aware of this weakness and can take other actions to prevent disclosure of sensitive data.

Virtually all of your organizations are currently supporting the use of mobile devices in one way, shape or form. That these may impact the organization's security posture has been proven by new threats such as cell phone viruses (Commwarrior, Cabir) and Bluetooth hacking. These examples show that an understanding of wireless technology needs to be built into all security capabilities within the organisation; not just into policy statements, but also in their respective translation into procedures, guidelines and the supporting awareness programs.

If you're looking for inspiration, have a look here:

Australia's DSD government policy on Blackberry security
DRAFT NIST Guidelines on Cell Phone Forensics

Any other good examples you know of ? Drop us a message.

Maarten Van Horenbeeck


158 Posts
Feb 15th 2007

Sign Up for Free or Log In to start participating in the conversation!