Re: Handspring Visor Network HotSync Security Hole

Subject: Re: Handspring Visor Network HotSync Security Hole
From: Chris Adams (chrisIMPROBABLE.ORG)
Date: Fri Jan 07 2000 - 18:46:09 CST

• Next message: Theodor Ragnar Gislason: "Re: [Hackerslab bug_paper] Solaris chkperm buffer overflow"
• Previous message: vendicatorUSA.NET: "Stack Sheild 0.7 and SFP Overwrites"
• In reply to: Jim Frost: "Re: Handspring Visor Network HotSync Security Hole"
• Next in thread: Jason Spence: "Re: Handspring Visor Network HotSync Security Hole"
• Reply: Chris Adams: "Re: Handspring Visor Network HotSync Security Hole"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 6 Jan 2000 14:19:24 -0500, Jim Frost wrote:

>> If you have Network HotSync (provided on the CD that comes with your Visor) enabled on your machine, and a malicious user knows your name (ex. John Smith), and the ip of your machine (ex.
192.168.22.22, or jsmith.company.com), he can change the name on his Visor to yours, do a Network hotsync with your ip, and download all of your email, send email as you, and perform any function
that you can.
>
>I'd think this would be true of the Palm too, since the software is
>effectively the same.

The only difference I've seen is the USB driver support and the fact that it creates its icons in a folder called "Handspring Desktop". Everything else (executable icon, splash screen, etc.) says
Palm Computing or 3Com.

• Next message: Theodor Ragnar Gislason: "Re: [Hackerslab bug_paper] Solaris chkperm buffer overflow"
• Previous message: vendicatorUSA.NET: "Stack Sheild 0.7 and SFP Overwrites"
• In reply to: Jim Frost: "Re: Handspring Visor Network HotSync Security Hole"
• Next in thread: Jason Spence: "Re: Handspring Visor Network HotSync Security Hole"
• Reply: Chris Adams: "Re: Handspring Visor Network HotSync Security Hole"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Mon Jan 10 2000 - 23:05:02 CST