Handspring Visor Network HotSync Security Hole

Subject: Handspring Visor Network HotSync Security Hole
From: Jay C Austad (JCABIGCHARTS.COM)
Date: Wed Jan 05 2000 - 19:55:45 CST

• Next message: William R. Lorenz: "FW: Flaw in 3c59x.c or in Kernel?"
• Previous message: Kristian Koehntopp: "Re: PHP3 safe_mode and popen()"
• Next in thread: Jim Frost: "Re: Handspring Visor Network HotSync Security Hole"
• Reply: Jim Frost: "Re: Handspring Visor Network HotSync Security Hole"
• Reply: Jason Spence: "Re: Handspring Visor Network HotSync Security Hole"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If you have Network HotSync (provided on the CD that comes with your Visor) enabled on your machine, and a malicious user knows your name (ex. John Smith), and the ip of your machine (ex. 192.168.22.22, or jsmith.company.com), he can change the name on his Visor to yours, do a Network hotsync with your ip, and download all of your email, send email as you, and perform any function that you can.

There is no password or authentication of any kind. If I wanted to read my co-workers email, or send a nasty message from him to his boss, all I would need to do is put his name into my visor (Jim Beam), and do a network sync to jbeam.company.com.

I have contacted Handspring about this and have heard nothing back.

----------
Jay Austad
Network Administrator
CBS Marketwatch
612.817.1271
jaustadbigcharts.com
http://cbs.marketwatch.com
http://www.bigcharts.com

• Next message: William R. Lorenz: "FW: Flaw in 3c59x.c or in Kernel?"
• Previous message: Kristian Koehntopp: "Re: PHP3 safe_mode and popen()"
• Next in thread: Jim Frost: "Re: Handspring Visor Network HotSync Security Hole"
• Reply: Jim Frost: "Re: Handspring Visor Network HotSync Security Hole"
• Reply: Jason Spence: "Re: Handspring Visor Network HotSync Security Hole"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Thu Jan 06 2000 - 14:18:04 CST