Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sharp's Zaurus PDA suffers security holes

From: InfoSec News <isn () c4i org>
Date: Mon, 15 Jul 2002 05:48:19 -0500 (CDT)
Forwarded from: "Bill Scherr IV, GSEC, GCIA" <bschnzl () bigfoot com>

Don't just tell us it's vulnerable!  Tell us how, and how to FIX it!!!  
This IS irresponsible disclosure!

Show me a distro (of any OS) that doesn't have vulnerabilities!  
And... Show me a security journalist (which Mr. Shim has crossed into
from a ZDNet style sales junkie) that would get the jewels raked thru
the fire for doing the same!  Betcha find the OS first!!!


On 12 Jul 2002 at 8:06, InfoSec News wrote:


http://news.com.com/2100-1040-943163.html?tag=fd_top

By Richard Shim 
Staff Writer, CNET News.com
July 11, 2002, 12:50 PM PT

Sharp's Linux-based, business-oriented Zaurus handheld suffers from
security holes that could let hackers grab private data off a
corporate network, according to researchers at Syracuse University.

In an advisory posted Wednesday to a Syracuse University
computer-science Web site, researchers said they had found
vulnerabilities in Sharp's Zaurus SL-5500 and Zaurus SL-5000D
handhelds. The flaws let attackers take control of the device's file
system, giving them the power to overwrite files or lock the device
so no data can be input through the keypad or touch screen.

The biggest potential threat, though, exists when the device is
wirelessly connected to a company's network, where sensitive data
might be stored. The flaws would enable attackers to download and
upload files.

"These vulnerabilities mean that the Zaurus can be used as a
launching point to attack the network," said K. Reid Wightman, one
of the researchers who worked on the advisory.

Security holes are not likely to help Zaurus' already delicate
prospects.




Bill Scherr IV, GSEC, GCIA
Electronic Warfare Associates / 
Information Infrastructure Technologies
Camp Johnson, Vermont 05446
(802) 338-3213



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: