Bugtraq mailing list archives
Re: Handspring Visor Network HotSync Security Hole
From: chris () IMPROBABLE ORG (Chris Adams)
Date: Fri, 7 Jan 2000 16:46:09 -0800
On Thu, 6 Jan 2000 14:19:24 -0500, Jim Frost wrote:
If you have Network HotSync (provided on the CD that comes with your Visor) enabled on your machine, and a malicious user knows your name (ex. John Smith), and the ip of your machine (ex.
192.168.22.22, or jsmith.company.com), he can change the name on his Visor to yours, do a Network hotsync with your ip, and download all of your email, send email as you, and perform any function that you can.
I'd think this would be true of the Palm too, since the software is effectively the same.
The only difference I've seen is the USB driver support and the fact that it creates its icons in a folder called "Handspring Desktop". Everything else (executable icon, splash screen, etc.) says Palm Computing or 3Com.
Current thread:
- PHP3 safe_mode and popen() Kristian Koehntopp (Jan 03)
- FWD: Redhat advisory Alfred Huger (Jan 04)
- Re: FWD: Redhat advisory (RPM --upgrade/-U vs. --freshen/-F) Peter W (Jan 04)
- Re: PHP3 safe_mode and popen() David TILLOY (Jan 04)
- Re: PHP3 safe_mode and popen() Thomas Köhler (Jan 05)
- CuteFTP saved password 'encryption' weakness Nick FitzGerald (Jan 05)
- Re: CuteFTP saved password 'encryption' weakness Brian Kifiak (Jan 05)
- Handspring Visor Network HotSync Security Hole Jay C Austad (Jan 05)
- Re: Handspring Visor Network HotSync Security Hole Jim Frost (Jan 06)
- Re: Handspring Visor Network HotSync Security Hole Chris Adams (Jan 07)
- Re: Handspring Visor Network HotSync Security Hole Jason Spence (Jan 06)
- Re: PHP3 safe_mode and popen() Kristian Koehntopp (Jan 06)
- FWD: Redhat advisory Alfred Huger (Jan 04)
- [rootshell] Security Bulletin #27 Kit Knox (Jan 04)