Re: Handspring Visor Network HotSync Security Hole

From: Chris Adams (chrisat_private)
Date: Fri Jan 07 2000 - 16:46:09 PST

Next message: Andrew Pimlott: "Re: Hotmail security hole - injecting JavaScript using <IMG"

Previous message: Theodor Ragnar Gislason: "Re: [Hackerslab bug_paper] Solaris chkperm buffer overflow"
Maybe in reply to: Jay C Austad: "Handspring Visor Network HotSync Security Hole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 6 Jan 2000 14:19:24 -0500, Jim Frost wrote:

>> If you have Network HotSync (provided on the CD that comes with your Visor) enabled on your machine, and a malicious user knows your name (ex. John Smith), and the ip of your machine (ex.
192.168.22.22, or jsmith.company.com), he can change the name on his Visor to yours, do a Network hotsync with your ip, and download all of your email, send email as you, and perform any function
that you can.
>
>I'd think this would be true of the Palm too, since the software is
>effectively the same.

The only difference I've seen is the USB driver support and the fact that it creates its icons in a folder called "Handspring Desktop". Everything else (executable icon, splash screen, etc.) says
Palm Computing or 3Com.

Next message: Andrew Pimlott: "Re: Hotmail security hole - injecting JavaScript using <IMG"
Previous message: Theodor Ragnar Gislason: "Re: [Hackerslab bug_paper] Solaris chkperm buffer overflow"
Maybe in reply to: Jay C Austad: "Handspring Visor Network HotSync Security Hole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:27:26 PDT