Home page logo

bugtraq logo Bugtraq mailing list archives

PalmOS password recovery
From: Nate Amsden <natea () GRAPHON COM>
Date: Thu, 28 Sep 2000 08:08:37 -0700

[disclamer: my comments do not represent that of any company or
individuals other then myself.]

I just read the advisory from @stake and was shocked. I wondered why
they considered this worthy of a "advisory" there has been a well known
program called "No Security"[1] that with a click of your stylus you can
wipe the password off the palm device(in my case a Handspring visor
deluxe) without any loss of data.

in addition you can use a 3rd party program to synch the pilot, say
Jpilot[2](which i use on linux) and it retrieves all "private" records
and does not bother to protect them, also it unmarks the private flag.

the private record security is a joke, it always has been. sure the
information in the advisiory is nice and technical but you don't need to
jump through hoops to get to the private data. must be a slow day for

[1] http://www.geocities.com/SiliconValley/Cable/5206/nosecurity102.zip
[2] http://jpilot.linuxave.net/

have a good one!


Nate Amsden
System Administrator

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]