Forwarded from: "Bill Scherr IV, GSEC, GCIA" <email@example.com> Don't just tell us it's vulnerable! Tell us how, and how to FIX it!!! This IS irresponsible disclosure! Show me a distro (of any OS) that doesn't have vulnerabilities! And... Show me a security journalist (which Mr. Shim has crossed into from a ZDNet style sales junkie) that would get the jewels raked thru the fire for doing the same! Betcha find the OS first!!! On 12 Jul 2002 at 8:06, InfoSec News wrote: > http://news.com.com/2100-1040-943163.html?tag=fd_top > > By Richard Shim > Staff Writer, CNET News.com > July 11, 2002, 12:50 PM PT > > Sharp's Linux-based, business-oriented Zaurus handheld suffers from > security holes that could let hackers grab private data off a > corporate network, according to researchers at Syracuse University. > > In an advisory posted Wednesday to a Syracuse University > computer-science Web site, researchers said they had found > vulnerabilities in Sharp's Zaurus SL-5500 and Zaurus SL-5000D > handhelds. The flaws let attackers take control of the device's file > system, giving them the power to overwrite files or lock the device > so no data can be input through the keypad or touch screen. > > The biggest potential threat, though, exists when the device is > wirelessly connected to a company's network, where sensitive data > might be stored. The flaws would enable attackers to download and > upload files. > > "These vulnerabilities mean that the Zaurus can be used as a > launching point to attack the network," said K. Reid Wightman, one > of the researchers who worked on the advisory. > > Security holes are not likely to help Zaurus' already delicate > prospects. Bill Scherr IV, GSEC, GCIA Electronic Warfare Associates / Information Infrastructure Technologies Camp Johnson, Vermont 05446 (802) 338-3213 - ISN is currently hosted by Attrition.org To unsubscribe email firstname.lastname@example.org with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Jul 15 2002 - 07:34:56 PDT