Bugtraq mailing list archives
Pilot Private Data Not So Private
From: aleph1 () DFW NET (Aleph One)
Date: Tue, 28 Jan 1997 12:56:49 -0600
Subject: Pilot Private Data Not So Private From: "Dick" <rwisler () i-d com> Date: 21 Jan 1997 00:33:01 GMT Message-ID: <01bc0732$68783980$473bbccc@wisler> Organization: Infinite-Dimension, Seattle WA Newsgroups: comp.sys.palmtops This may have been noted before, but being new to the Pilot, I've discovered something very disturbing. One of the key features I've looked for in a PDA is the ability to maintain private records. This gives me the ability carry PIN numbers, system passwords, and other private information with me and throw away the little pieces of paper that had that information on them and were 'hidden' in my wallet. The Pilot seemed to satisfy this need. Well that information is as private as your nearest text editor, once you sync with your PC. Seems that the desktop application creates a directory under the Pilot directory that is named your Pilot username. Under that is a sub-directory for address, memo, etc. Open that and you will find a .bak and.dat file. Open them in any text editor and there is all your 'private' data, ready for anyone to look at. Really bad on my work computer, because others may look at or use my PC while I'm gone. So my PIN numbers and passwords are there for the taking. The only thing private about this information is if you use the application software. Then the record is hidden until you view them with the correct password. This is a serious security flaw in the product (in my opinion). Certainly, there is no mention or warning about this in the Pilot documentation. And it doesn't take a rocket scientist to figure out how to view the data. So, beware of your private data...it isn't too hard to look at of you share a PC with co-works or family.
Current thread:
- L0pht Advisory: Solaris libc - getopt(3) Jonathan Wilkins (Jan 26)
- Re: L0pht Advisory: Solaris libc - getopt(3) Adam Morrison (Jan 28)
- Vulnerability with Large UID's and GID's in HP-UX 10.20 Aleph One (Jan 28)
- Pilot Private Data Not So Private Aleph One (Jan 28)