Yes, hacking servers is big news, but gazing into the digital crystal ball, PDA's are sitting ducks for hackers to penetrate corporate networks. Of course, this goes hand in hand with wireless traffic vulnerabilites, which is another topic. I mean, we've got XP pro SP2 with ICF and now Windows Server 2003 with ICF (via SP1) and a very ambitious security wizard that attempts to lockdown a server based on it's installed roles. But a Windows Pocket PC's have nothing at all in terms of security except for the optional up front entry of a pin.
If I put on my hacker hat, I start thinking that this sounds pretty attractive as a way to get a trojan into a corporate network. They're everywhere and people will often log on to any wireless network than can find when traveling in order to get a link. Perfect for capturing packets and sniffing out passwords,hashes, and other secrets as well as creating opportunities for downloading malware.
So best practices would be what? Don't connect to untrusted networks, install a virus scanner, encrypt the secret stuff your PDA holds and we all know they have a lot of secrets in them, that's why they're useful, turn off your wireless capability unless you're using it, keep software updated, etc. I'm no PDA expert, although to use one you have to sorta become one like it or not, so any links or suggestions on this topic would be appreciated.
Toward that end, Trend Micro is offering a free virus scanner for PDA's for a limited time.