Microsoft push email security questioned
By Guy Matthews,
A report attacking Microsoft for a lack of security in its mobile push email platform may be unfairly critical, says a UK analyst.
US-based analyst Jack Gold of J. Gold Associates published a report last week which faults Microsoft for the way it implements the push function in its Windows Mobile 5 operating system.
The report, called Microsoft's Direct Push Insecurity, alleges insecurities in the recently upgraded mobile messaging software. The 'flaws' specifically identified in the report relate to the code which updates data wirelessly between Microsoft Exchange and the mobile client. The so-called AirSync code that sits on the client can leave the device's data unencrypted, says Gold.
"The current version of AirSync can only do a file synch of specifically formatted datasets that meet certain Microsoft data requirements," says Gold in the report. "This means that any transfer of data, from Exchange Server to Pocket Outlook, for example, must be done in an unencrypted file state."
Microsoft itself has yet to respond to the criticism, but some analysts are already expressing doubts about how much risk the potential flaw represents.
"I'd say that this is an anomaly that Microsoft needs to address rather than a full blown crisis," says Rob Bamforth of consultancy Quocirca. "Whenever a product gets more complex, then there are bound to be a couple of minor security consequences in the short term. I'd say in general that there's a huge step change in robustness between the old and new versions of Microsoft's mobile platform."
The feedback that Quocirca has been getting from end users on Microsoft and its recent spate of security controversies suggests that the vendor is heading in the right direction, says Bamforth.
"Microsoft has got better at dealing with security issues more quickly," he said. "In any case it's not always easy to pinpoint whether a particular problem is the fault of the wireless technology, the device itself or the transport mechanism. Microsoft's security vulnerabilities are an easy bandwagon to jump on."
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Networking Analysis & Insight
Q&A: Cisco on servers, storage and strategy
We chat with Laurent Blanchard, Cisco's vice president of enterprise, to ask why IT should get excited about what the networking giant can offer.
- It's not about the browser, stupid!
- The Great British network squeeze
- New year: new suppliers
- Top 10 tech winners and losers of 2011
- 2011: The year in news
- UK rural broadband: too little, and too late
- HP PCs back on the menu with Dellish plans
- Top 10 social networking tips for enterprise - part one
- Q&A: Why go via telecoms to the cloud?
Latest Networking Reviews
Swyx SwyxExpress X20 review
Rating: 
- Ipswitch WhatsUp Gold Premium 15
- ForeScout Technologies CounterACT 6.3.4
- ThinPrint Printer Dashboard review: First Look
- TITUS Aware for Microsoft Outlook review
- Windows Phone 7 Mango review: First Look
- Dartware InterMapper review
- Kemp Technologies LoadMaster 3600 review
- Sangfor WANACC M5500 review
- Office 365 review: First look
advertisement
Most popular
- Will someone rid me of these troublesome Macs?
- Symantec hackers: We've released pcAnywhere source code
- BT considering Ofcom price cap appeal
- Google sends in Bouncer to sort out malicious apps
- ACTA: the basics, the controversies, and the future
- Trendnet firmware flaw exposes private videos
- Anonymous publishes FBI hacking call
- Head to Head: Mac OS X 10.7 Lion vs Windows 7
- VeriSign admits 2010 hack
- Nokia Lumia 710 review
PlayRegister for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
