In my Mobile World

If you’ve ever seen a .menc file before, you probably saw it on an external memory card that you pulled out of your Windows Phone device.  

Essentially, .menc (Mobile Encryption) files are just your personal data (the PIM.VOL file that contains all of your Contacts for example) that are encrypted.  The extension of .menc lets the Operating System (OS) know which files are encrypted, and whether or not they can be opened by the user.   To do so, the previously recorded key (user password) must match the key provided by the user when unlocking the device.  But you won’t see those .menc files, because they are typically hidden by the OS so as not to be visible to the end-user during casual browsing.   If you ever chose to encrypt the files you store on your external storage (external memory card, etc), then they may be visible if you took that card to another computer or device for viewing.

If you’re trying to recover those files, then you have to meet some rather special requirements in order to proceed.  Unfortunately, if you have Hard Reset the device, or have a different device than the one that the files were originally created on, then the encryption/decryption keys are now lost or no longer the same, then sadly your files are totally inaccessible. 

However, if you have access to the same device that the .menc files were originally created on, and you have NOT performed a Hard Reset on the device, then you can still salvage the files:

1. Turn the storage card encryption off: Go to Start > Settings > System > Encryption (varies by your Operating System version) and uncheck the “Encrypt files when placed on a storage card” box. From this point forward, all NEW files created on that card will be unencrypted, but existing files will still be encrypted.
2. Next, bring-up your favorite File Explorer, then browse to your Storage Card. Make a new folder on the storage card, and call it “OLDData”.  This folder will, of course, be unencrypted.
3. Now, find whatever files you want to decrypt and copy them into this folder.  Those files will be decypted as they copy into the new folder.  You can now read these files on any other computer or phone.

Congratulations, you’ve just saved some data.   Hopefully it will turn out to be highly important data, which will make your victory taste just a little bit sweeter…

It didn’t take more than 15 minutes to get through the security checkpoint in the airport, so now I have an hour an a half to kill.  Having a million things to do online, I decided to take advantage of the Sacramento Metro Airport “Free Wi-Fi”, available in the food court area.  

I have a VPN tunnel connection so that I can browse the Internet securely, but I can’t quite see all the other users of this Free WiFi being aware of the inherent dangers of  Public WiFi Hotspots. 

It’s really hard to recognize a hacker, sometimes they can look very professional in a suit and tie, so you can never be sure who is who.   As I type this, I see six suits typing at their keyboards.   Walking over to pickup my order, I observed at least one conducting what appeared to be personal banking on his laptop.   I certainly hope that he practices safe computing by using a VPN tunnel.   That’s just not a good idea at Public WiFi Hotspots. 

I guess that it’s time for me to dust-off my 4 part series on Security in a Mobile world…

Since I had to give-up my Static IP Address as part of my UVerse installation, I am looking around for a way to setup a Dynamic DNS Solution that would provide consistent access to my Home Network from the outside world.

The Problem: The challenge is that since I am now using PPOE to connnect to AT&T, my IP Address changes frequently.   Since the IP Address changes frequently, I cannot consistently know when the IP Address changes, and what it changes to. 

The Partial Solution: Enter Dynamic DNS, or DynDNS.  This is a solution that works to automatically detect the new IP Address assignment and update DNS “Dynamically” whenever a change occurs.  The Router (or software package running on one of the Private Network PCs) would detect this change, then notify the DynDNS Host Server (which is always consistent) of the new IP Address.  The downside of this particular solution is that the DynDNS Host Server will traditionally only allow the new user to pick a name for a subdomain of their existing domain choices (in my case, helpdesk.dyndns.org), and some users like myself do not like this kind of restriction.  

The Rest of the Solution (I hope):  So I’m working with my provider to see if I can create a new subdomain of matson-consulting.com and have that setup to redirect incoming traffic to the helpdesk.dyndns.org URL.

I hope I can get this setup…

I just installed Shavlik’s NetChk Protect 6.1.0 (build 57), a product that that I used more than a year ago, back when it was version 5.31.   This previous product ran for a whole year and kept my six systems (one server, two laptops, and three desktops) fully up-to-date. 

Sure, Windows Update can do this for you for free, but the process is controlled by Microsoft, who does not always have the consumer’s best interest in mind when they install products like Windows Genuine Advantage, which can take a totally legitimate installation of Windows XP and disable it for no apparent reason.

Also, NetChk Protect updates a lot of common non-MS applications like Adobe Reader,  WinZip, etc…

I will be performing a product review of the NetChk Protect application in the future, so we’ll see how this product does in the next month or so…

Today I got to work on a new brand of Router currently being distributed to Verizon High Speed Internet (HSI) customers: the ActionTec modem & DSL Router GT704-WG (presumably for “Wireless-G”).

It had a nice browser interface, but a very limited implementation of WPA, in that it only allowed alpha and numeric characters for key-entry.  This goes against the industry standard, which is to allow additional characters (specifically special characters) to be used in key generation.  If the intention is to secure the connection between the client and the access point, then why reduce the effectiveness of that security by limiting the character-set the key is based on?  Sigh…

Today I posted the last part of my four part article “Security in a Mobile World”.   This article part, as well as the prior 3 parts, can be found at Mobility Today.

Security on the PocketPC platform is a great deal different than your laptop. Security issues considered minor on the Laptop platform like Physical Access, Application/Data Access, and Theft/Loss Mitigation are more substantial on the PocketPC platform, because the PocketPC is infinitely easier to steal than a laptop. And larger issues on the Laptop like Firewalls, AntiVirus, and AntiSpyware become less predominant because the PocketPC platform offers less of a potential target for hackers. Because there is currently more interest in cracking Windows PC data and applications, the PocketPC platform is relatively safe, but that will change soon enough.

If you would like to read the entire 4th part of this article, click here.

Today I posted the third part of my four part article “Security in a Mobile World”.   This article part, the prior 2 parts, and the remaining  part will continue to be published at Mobility Today.

It is a well known fact that most every Laptop user could stand to improve their privacy (and overall security) when utilizing their PC for everyday use. This installment is geared towards getting you started on the right path towards accomplishing this goal.

If you would like to read the entire 3rd part of this article, click here.

Today I posted the second part of my four part article “Security in a Mobile World”.   This article part, the prior part, and the remaining 2 parts will continue to be published at Mobility Today.

Public wireless hotspots are, by definition, meant to be public, and so it goes that private hotspots are meant to be private, regardless as to whether or not the hotspot is encrypted to keep unauthorized users out. This is the same as recognizing the difference between a grocery store and a residential home. A grocery store is open to the public, and you can walk through the door and browse among the aisles to your hearts content. Likewise, it is generally understood that it is completely unacceptable for someone to just walk into another person’s home unannounced. It needs to be understood and accepted that a private Wi-Fi LAN is essentially an extension of someone’s personal property.

If you would like to read the entire 2nd part of this article, click here.

Today I posted the first part of my four part article “Security in a Mobile World”.   This article part, and the following 3 parts will continue to be published at Mobility Today.

Security is a multilevel concept, in both the mindset and it’s practical application. The mindset refers to keeping the concepts of security at the front of your mind while you go through your daily activities. The practical application is Security itself. For now, I will only attempt to touch on the important levels (under the heading of Practical Application) that Mobile Users need to consider in today’s environments. Later I will touch on the mindset aspect of Security.

If you would like to read the entire 1st part of this article, click here.

To obtain the most functionality out of your iPAQ, we suggest you configure your settings to reflect “WORK” instead of “The Internet” whenever possible, as a lot of methods of connectivity are NOT supported under “The Internet” (see table below).

Function/Ability		Work		The Internet
VPN
ActiveSync
Socks/Winsock		(Both)
Host Access		WINS Style (no periods)		DNS Style (periods)
Proxy Server

I would whole-heartedly suggest that EVERYONE set their connection to WORK (aka “My Work Network”), as it offers so much more than THE INTERNET. Here’s how to do it:

1.) Go to START > SETTINGS > CONNECTIONS > ADVANCED (tab). Choose “Select Networks” button and make sure BOTH of the entries on the subsequent page are set to “My Work Network”. Click “OK”.
2.) Then, click on the “Network Card” button, and then choose the Network Adapters tab (if it’s not already the default tab). Make sure this selection also refers to “My network card connections to:” and then the choice “Work”. Click on OK.
3.) Then the last verification: Go to START > SETTINGS > CONNECTIONS, then on the (default) Tasks Tab, choose SET UP MY PROXY SERVER option and make sure the top option “This network connects to the Internet” is checked, and that the 2nd option is UNCHECKED!

You’re done!