Problems wiping myself

Problems wiping myself

Things had been looking up for my Exchange mailbox rebuild, but they got really bad again the first time my Pocket PC tried a wireless sync. All of my contacts, which had just been imported back into Exchange from the .pst file I’d created, were seen as new entries by my phone. So it synched for a long, long time, creating second entries for hundreds of contacts, until finally I got this warning:

Storage memory is critically low. If you do not increase storage memory, you may not be able to start some programs. Use File Explorer to delete files you no longer need, or move some files to a storage card.

Don’t let this happen to you. When it does, your Pocket PC starts to behave like a machine trying to run Windows XP on 64 MB RAM.

The synchronization had created hundreds of duplicates in my new Exchange mailbox, too. I went through and deleted them on my laptop, but my phone was now too overwhelmed to sync the deletions. It didn’t have enough memory to free up more memory. And isn’t that ironic? Yeah, I really do think.

I solved the problem by moving everything I could from the built-in storage memory, which is limited to 40 MB on my XV 6700, to the 2 GB storage card. That only freed up a megabyte or two, but it was enough to get the sync started again, which freed up still more space.

If I’d let it run long enough, it might have gotten back to where it had been earlier in the week. But between this and the problems I’d had getting it to cradle-sync with Vista, I figured this was a good time to try something I’d never dared before: the remote wipe. One of the big selling points of Windows Mobile 5 is that you can erase all the sensitive data from that phone you left in the taxi back in Cleveland. Generally I don’t have the luxury of being able to cripple my equipment just for the sake of research, but my phone was doing me no good in its present state, so why not run a little test?

I didn’t get very far at first. My own server denied me access to the internal web site that runs the wiping process. Fortunately, a little Googling led me to this discussion on Experts Exchange, which further led to this blog entry by my buddy Vlad.

After I clicked “wipe,” I got a message on the phone:

Exchange Server sbs.schrag.net must enforce security policies on your device to continue synchronizing. Do you want to continue?

The choices were OK or Cancel. I don’t know about you, but if a message like that popped up on a machine from which I was illicitly trying to extract sensitive information, I would probably click Cancel. As it happened, I didn’t even have to. By the time I finished transcribing the message and writing the little joke earlier in this paragraph, the message had gone away and the phone had not been wiped. All my contacts, tasks, and calendar entries would still have been available to anyone who picked up the phone, as long as they started fiddling with it before it went into password-protect mode. (All my e-mail had been deleted from the phone as part of the contact duplication fiasco, but I don’t think that was designed as a security measure.)

Meanwhile, back at the admin website on my server, it looked like I was all set:

Microsoft doesn’t make very clear what you’re supposed to see in that Status column. This article explains the steps an administrator has to take to wipe a device, but is silent about what feedback is provided to the administrator. The Microsoft guide on using Windows Mobile 5 with SBS 2003 is even less detailed. This independent and more helpful article, actually lists the sequence of wipe statuses you can expect to see. But it doesn’t say that user action is required to allow the wipe to proceed.

This little security loophole does not seem to be widely publicized, although I am not the first to mention it. In fact, after I’d spent nearly an hour researching and writing all this up, I Googled a slightly different set of search terms and stumbled upon Chris Rue’s complete and much more thorough documentation of this same problem, which he wrote up last August. Had I found that article earlier on in the process, you would not be reading this, but now that I’ve stayed up until 4 in the morning working on it, I’m gonna publish, damn it! 

Anyway, I initiated another sync and this time said OK to the security policy message. It woiked!

Now onto the next step: rebuilding my Pocket PC. But that’s a story for another blog.

Posted in All, Exchange, Hardware, Office 2007, SBS, Software, Technology, Windows Mobile + PPC on Apr 14th, 2007, 3:14 am by David Schrag   

No comments yet. Be the first.

Leave a reply