Re: Handspring Visor Network HotSync Security Hole

From: Jim Frost (jimfat_private)
Date: Thu Jan 06 2000 - 11:19:24 PST

Next message: Ajax: "Re: Hotmail security hole - injecting JavaScript using <IMG"

Previous message: Pavel Kankovsky: "Re: Symlinks and Cryogenic Sleep"
Maybe in reply to: Jay C Austad: "Handspring Visor Network HotSync Security Hole"
Next in thread: Chris Adams: "Re: Handspring Visor Network HotSync Security Hole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jay C Austad wrote:
> If you have Network HotSync (provided on the CD that comes with your Visor) enabled on your machine, and a malicious user knows your name (ex. John Smith), and the ip of your machine (ex. 192.168.22.22, or jsmith.company.com), he can change the name on his Visor to yours, do a Network hotsync with your ip, and download all of your email, send email as you, and perform any function that you can.

I'd think this would be true of the Palm too, since the software is
effectively the same.  I bet you could hack the UNIX hotsync software to act
as a client fairly easily, thus giving you a cheap and easy attack platform.

jim

Next message: Ajax: "Re: Hotmail security hole - injecting JavaScript using <IMG"
Previous message: Pavel Kankovsky: "Re: Symlinks and Cryogenic Sleep"
Maybe in reply to: Jay C Austad: "Handspring Visor Network HotSync Security Hole"
Next in thread: Chris Adams: "Re: Handspring Visor Network HotSync Security Hole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:27:11 PDT