Jay C Austad wrote: > > If you have Network HotSync (provided on the CD that comes with your Visor) enabled on your machine, and a malicious user knows your name (ex. John Smith), and the ip of your machine (ex. 192.168.22.22, or jsmith.company.com), he can change the name on his Visor to yours, do a Network hotsync with your ip, and download all of your email, send email as you, and perform any function that you can. > > There is no password or authentication of any kind. If I wanted to read my co-workers email, or send a nasty message from him to his boss, all I would need to do is put his name into my visor (Jim Beam), and do a network sync to jbeam.company.com. > > I have contacted Handspring about this and have heard nothing back. Unrelated to this, I've noticed that port scanning a Palm IIIe connected to my network results in the Palm hanging and shutting down. Some people use the Palm as a web browsing platform while their workstation does other things; my Palm recently got portscanned while I was doing that, which prompted me to see if the behavior was repeatable (it was). Ping flooding the Palm makes it act funny, too. - Jason
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:27:09 PDT