[13288] in bugtraq
Re: Handspring Visor Network HotSync Security Hole
daemon@ATHENA.MIT.EDU (Jason Spence)
Fri Jan 7 17:09:41 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <38758AE3.655370A7@technologist.com>
Date: Thu, 6 Jan 2000 22:42:43 -0800
Reply-To: Jason Spence <thalakan@TECHNOLOGIST.COM>
From: Jason Spence <thalakan@TECHNOLOGIST.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Jay C Austad wrote:
>
> If you have Network HotSync (provided on the CD that comes with your Visor) enabled on your machine, and a malicious user knows your name (ex. John Smith), and the ip of your machine (ex. 192.168.22.22, or jsmith.company.com), he can change the name on his Visor to yours, do a Network hotsync with your ip, and download all of your email, send email as you, and perform any function that you can.
>
> There is no password or authentication of any kind. If I wanted to read my co-workers email, or send a nasty message from him to his boss, all I would need to do is put his name into my visor (Jim Beam), and do a network sync to jbeam.company.com.
>
> I have contacted Handspring about this and have heard nothing back.
Unrelated to this, I've noticed that port scanning a Palm IIIe connected to
my network results in the Palm hanging and shutting down. Some people use
the Palm as a web browsing platform while their workstation does other
things; my Palm recently got portscanned while I was doing that, which
prompted me to see if the behavior was repeatable (it was). Ping flooding
the Palm makes it act funny, too.
- Jason
