Information Security News mailing list archives
Re: Sharp's Zaurus PDA suffers security holes
From: InfoSec News <isn () c4i org>
Date: Mon, 15 Jul 2002 05:48:19 -0500 (CDT)
Forwarded from: "Bill Scherr IV, GSEC, GCIA" <bschnzl () bigfoot com> Don't just tell us it's vulnerable! Tell us how, and how to FIX it!!! This IS irresponsible disclosure! Show me a distro (of any OS) that doesn't have vulnerabilities! And... Show me a security journalist (which Mr. Shim has crossed into from a ZDNet style sales junkie) that would get the jewels raked thru the fire for doing the same! Betcha find the OS first!!! On 12 Jul 2002 at 8:06, InfoSec News wrote:
http://news.com.com/2100-1040-943163.html?tag=fd_top By Richard Shim Staff Writer, CNET News.com July 11, 2002, 12:50 PM PT Sharp's Linux-based, business-oriented Zaurus handheld suffers from security holes that could let hackers grab private data off a corporate network, according to researchers at Syracuse University. In an advisory posted Wednesday to a Syracuse University computer-science Web site, researchers said they had found vulnerabilities in Sharp's Zaurus SL-5500 and Zaurus SL-5000D handhelds. The flaws let attackers take control of the device's file system, giving them the power to overwrite files or lock the device so no data can be input through the keypad or touch screen. The biggest potential threat, though, exists when the device is wirelessly connected to a company's network, where sensitive data might be stored. The flaws would enable attackers to download and upload files. "These vulnerabilities mean that the Zaurus can be used as a launching point to attack the network," said K. Reid Wightman, one of the researchers who worked on the advisory. Security holes are not likely to help Zaurus' already delicate prospects.
Bill Scherr IV, GSEC, GCIA Electronic Warfare Associates / Information Infrastructure Technologies Camp Johnson, Vermont 05446 (802) 338-3213 - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Sharp's Zaurus PDA suffers security holes InfoSec News (Jul 12)
- <Possible follow-ups>
- Re: Sharp's Zaurus PDA suffers security holes InfoSec News (Jul 15)