Re: [ISN] Sharp's Zaurus PDA suffers security holes

From: InfoSec News (isnat_private)
Date: Mon Jul 15 2002 - 03:48:19 PDT

  • Next message: InfoSec News: "[ISN] Narrator Reads Password Aloud in Terminal Services Client"

    Forwarded from: "Bill Scherr IV, GSEC, GCIA" <bschnzlat_private>
    Don't just tell us it's vulnerable!  Tell us how, and how to FIX it!!!  
    This IS irresponsible disclosure!
    Show me a distro (of any OS) that doesn't have vulnerabilities!  
    And... Show me a security journalist (which Mr. Shim has crossed into
    from a ZDNet style sales junkie) that would get the jewels raked thru
    the fire for doing the same!  Betcha find the OS first!!!
    On 12 Jul 2002 at 8:06, InfoSec News wrote:
    > By Richard Shim 
    > Staff Writer, CNET
    > July 11, 2002, 12:50 PM PT
    > Sharp's Linux-based, business-oriented Zaurus handheld suffers from
    > security holes that could let hackers grab private data off a
    > corporate network, according to researchers at Syracuse University.
    > In an advisory posted Wednesday to a Syracuse University
    > computer-science Web site, researchers said they had found
    > vulnerabilities in Sharp's Zaurus SL-5500 and Zaurus SL-5000D
    > handhelds. The flaws let attackers take control of the device's file
    > system, giving them the power to overwrite files or lock the device
    > so no data can be input through the keypad or touch screen.
    > The biggest potential threat, though, exists when the device is
    > wirelessly connected to a company's network, where sensitive data
    > might be stored. The flaws would enable attackers to download and
    > upload files.
    > "These vulnerabilities mean that the Zaurus can be used as a
    > launching point to attack the network," said K. Reid Wightman, one
    > of the researchers who worked on the advisory.
    > Security holes are not likely to help Zaurus' already delicate
    > prospects.
    Bill Scherr IV, GSEC, GCIA
    Electronic Warfare Associates / 
    Information Infrastructure Technologies
    Camp Johnson, Vermont 05446
    (802) 338-3213
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Jul 15 2002 - 07:34:56 PDT