[13304] in bugtraq
Re: Handspring Visor Network HotSync Security Hole
daemon@ATHENA.MIT.EDU (Chris Adams)
Tue Jan 11 00:47:34 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-Id: <200001080045.QAA12137@gateway.digitaria.com>
Date: Fri, 7 Jan 2000 16:46:09 -0800
Reply-To: Chris Adams <chris@improbable.org>
From: Chris Adams <chris@IMPROBABLE.ORG>
X-To: "BUGTRAQ@SECURITYFOCUS.COM" <BUGTRAQ@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3874EABC.4671C89D@atg.com>
On Thu, 6 Jan 2000 14:19:24 -0500, Jim Frost wrote:
>> If you have Network HotSync (provided on the CD that comes with your Visor) enabled on your machine, and a malicious user knows your name (ex. John Smith), and the ip of your machine (ex.
192.168.22.22, or jsmith.company.com), he can change the name on his Visor to yours, do a Network hotsync with your ip, and download all of your email, send email as you, and perform any function
that you can.
>
>I'd think this would be true of the Palm too, since the software is
>effectively the same.
The only difference I've seen is the USB driver support and the fact that it creates its icons in a folder called "Handspring Desktop". Everything else (executable icon, splash screen, etc.) says
Palm Computing or 3Com.
