[gui-talk] Fwd: Article: Don't keep secrets on cell phone

[George and Pamela Dominguez]

It says the bad guies, so to speak, don't know about this?  Well, after the
article, they do, now.  Since I don't do text messaging, I guess the only
thing they'd get from me, and for me this is even too much, is who I called
and who the phone belongs to.  it stood me in good stead once, when an
honest person found my phone in the classroom where I was taking computer
courses and called me to let me know.  Then the phone was locked up in the
office till the next time I would be there to get it.  But it could have
turned out some other way, too.  Pam.
----- Original Message ----- 
From: "Steve Pattison" <srp at internode.on.net>
To: "GUI Talk" <gui-talk at nfbnet.org>; "Access-L" <access-l at access-l.com>
Sent: Thursday, August 31, 2006 11:36 PM
Subject: [gui-talk] Fwd: Article: Don't keep secrets on cell phone



>From: David Truong bnfiles at optusnet.com.au
>To: vip-l at softspeak.com.au
>
>AP: Don't keep secrets on cell phone
>For Education and Discussion Only. Not for Commercial Use.
>
>By TED BRIDIS, Associated Press Writer, Wed Aug 30, 2006.
>
>Don't tell your cell phone any secrets. It might not keep them. Second-hand
>phones purchased over the Internet surrendered credit card numbers and bank
>account passwords, business secrets and even evidence of adultery.
>
>One married man's girlfriend sent a text message to his cell phone: His
wife
>
>was getting suspicious. Perhaps they should cool it for a few days.
>
>"So," she wrote, "I'll talk to u next week."
>
>"You want a break from me? Then fine," he wrote back.
>
>Later, the married man bought a new phone. He sold his old one on eBay, at
>Internet auction, for $290.
>
>The guys who bought it now know his secret.
>
>The married man had followed the directions in his phone's manual to erase
>all his information, including lurid exchanges with his lover. But it
wasn't
>
>enough.
>
>A company, Trust Digital of McLean, Va., bought 10 different phones on eBay
>this summer to test phone-security tools it sells for businesses. The
phones
>
>all were fairly sophisticated models capable of working with corporate
>e-mail systems.
>
>Curious software experts at Trust Digital resurrected information on nearly
>all the used phones, including the racy exchanges between guarded lovers.
>
>The other phones contained:
>
>_One company's plans to win a multimillion-dollar federal transportation
>contract.
>
>_E-mails about another firm's $50,000 payment for a software license.
>
>_Bank accounts and passwords.
>
>_Details of prescriptions and receipts for one worker's utility payments.
>
>The recovered information was equal to 27,000 pages - a stack of printouts
8
>
>feet high.
>
>"We found just a mountain of personal and corporate data," said Nick
>Magliato, Trust Digital's chief executive.
>
>Many of the phones were owned personally by the sellers but crammed with
>sensitive corporate information, underscoring the blurring of work and
home.
>
>"They don't come with a warning label that says, 'Be careful.' The data on
>these phones is very important," Magliato said.
>
>One phone surrendered the secrets of a chief executive at a small
technology
>
>company in Silicon Valley. It included details of a pending deal with Adobe
>Systems Inc., and e-mail proposals from a potential Japanese partner:
>
>"If we want to be exclusive distributor in Japan, what kind of business
>terms you want?" asked the executive in Japan.
>
>Trust Digital surmised that the U.S. chief executive gave his old phone to
a
>
>former roommate, who used it briefly then sold it for $400 on eBay.
>Researchers found e-mails covering different periods for both men, who used
>the same address until recently.
>
>Experts said giving away an old phone is commonplace. Consumers upgrade
>their cell phones on average about every 18 months.
>
>"Most people toss their phones after they're done; a lot of them give their
>old phones to family members or friends," said Miro Kazakoff, a researcher
>at Compete Inc. of Boston who follows mobile phone sales and trends. He
said
>
>selling a used phone - which sometimes can fetch hundreds of dollars - is
>increasingly popular.
>
>The 10 phones Trust Digital studied represented popular models from leading
>manufacturers. All the phones stored information on "flash" memory chips,
>the same technology found in digital cameras and some music players.
>
>Flash memory is inexpensive and durable. But it is slow to erase
information
>
>in ways that make it impossible to recover. So manufacturers compensate
with
>
>methods that erase data less completely but don't make a phone seem
>sluggish.
>
>Phone manufacturers usually provide instructions for safely deleting a
>customer's information, but it's not always convenient or easy to find.
>Research in Motion Ltd. has built into newer Blackberry phones an
>easy-to-use wipe program.
>
>Palm Inc., which makes the popular Treo phones, puts directions deep within
>its Web site for what it calls a "zero out reset." It involves holding down
>three buttons simultaneously while pressing a fourth tiny button on the
back
>
>of the phone.
>
>But it's so awkward to do that even Palm says it may take two people. A
Palm
>
>executive, Joe Fabris, said the company made the process deliberately
clumsy
>
>because it doesn't want customers accidentally erasing their information.
>
>Trust Digital resurrected erased e-mails and other information from a used
>Treo phone provided by The Associated Press for a demonstration after it
was
>
>reset and appeared empty. Once the phone was reset using Palm's awkward
>"zero-out" technique, no information could be recovered. The AP already
used
>
>that technique to protect data on its reporters' phones.
>
>"The tools are out there" for hackers and thieves to rummage through
deleted
>
>data on used phones, Trust Digital's chief technology officer, Norm
>Laudermilch, said. "It definitely does not take a Ph.D."
>
>Fabris, Palm's director of wireless solutions, said the company may warn
>customers in an upcoming newsletter about the risks of selling their used
>phones after AP's inquiries. "It might behoove us to raise this issue,"
>Fabris said.
>
>Dean Olmstead of Fresno, Calif., sold his Treo phone on eBay after using it
>six months. He didn't know about Palm's instructions to safely delete all
>his personal information. Now, he's worried.
>
>"I probably should have done that," Olmstead said. "Folks need to know
this.
>
>I'm hoping my phone goes to a nice person."
>
>Guy Martin of Albuquerque, N.M., wasn't as concerned someone will snoop on
>his secrets. He also sold his Treo phone on eBay and didn't delete his
>information completely.
>
>"I'm not that kind of valuable person, so I'm not really worried," said
>Martin, who runs the http://www.imusteat.com Web site. "I guarantee that
>three-quarters of the people who buy these phones don't think about this."
>
>Trust Digital found no evidence thieves or corporate spies are routinely
>buying used phones to mine them for secrets, Magliato said. "I don't think
>the bad guys have figured this out yet."
>
>President Bush's former cybersecurity adviser, Howard Schmidt, carried up
to
>
>four phones and e-mail devices - and said he was always careful with them.
>To sanitize his older Blackberry devices, Schmidt would deliberately type
>his password incorrectly 11 times, which caused data on them to
>self-destruct.
>
>"People are just not aware how much they're exposing themselves," Schmidt
>said. "This is more than something you pick up and talk on. This is your
>identity. There are people really looking to exploit this."
>
>Executives at Trust Digital agreed to review with AP the information
>extracted from the used phones on the condition AP would not identify the
>sellers or their employers. They also showed AP receipts from the Internet
>auctions in which they bought the 10 phones over the summer for prices
>between $192 and $400 each.
>
>Trust Digital said it intends to return all the phones to their original
>owners, and said it kept the recovered personal information on a single
>computer under lock and disconnected from its corporate network at its
>headquarters in northern Virginia.
>
>Peiter "Mudge" Zatko, a respected computer security expert, said phone
>owners should decide whether to auction their used equipment for a few
>hundred dollars - and risk revealing their secrets - or effectively toss
>their old phones under a large truck to dispose of them.
>
>What about a case like the Lothario whose affair Trust Digital discovered?
>
>"I'd run over the phone," Zatko said. "Maybe give it an acid bath."

Regards Steve
Email:  srp at internode.on.net
Skype:  steve1963
MSN Messenger:  internetuser383 at hotmail.com

_______________________________________________
gui-talk mailing list
gui-talk at nfbnet.org
http://www.nfbnet.org/mailman/listinfo/gui-talk