A security blunder in Windows CE 2.x makes it relatively simple to capture a user's NT password after they have connected using the ActiveSync function, according to a security expert.
Windows CE programmer Jeff Zamora has revealed that when a CE device saves and supposedly "encrypts" a user's NT password, it simply applies a very basic mathematical function based on numerical values of the word susageP in order to encode the message. "susageP" is Pegasus backwards: The code name for Windows CE.
Renowned security expert Bruce Schneier highlights this flaw in his latest newsletter and comments: "It's so pathetic it's staggering."
British security consultant Matt Bevan of TigerTeam security is similarly appalled. "It's criminal," he says. "Any cryptography that's based on a single key is totally useless once that key has been compromised. It's like the DVD encryption. That is pretty useless from a security perspective now because you can fairly easily get hold of the keys. It's basically like basing the enigma code on the word 'Adolf' backwards."
Full story to follow.