Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: PalmOS password recovery
From: Mudge <mudge () L0PHT COM>
Date: Thu, 28 Sep 2000 15:58:04 -0500

Try looking more closely at the notsync program. This enables an auditing
team or person to walk around with their own palm pilot and, upon finding
a non-guarded palm pilot, fake the hotsync negotiation over the IR port
and retrieve the password.

Often it is much more important to retrieve the password that a person has
chosen for future use in a threat scenario than to just go after the files
on the PDA device.

This is different in future threat vectors than simply wiping the password
or slurping down the files without learning how this individual chooses to
keyspace in passwords.

This has been our experience at least. Empirical evidence leads us to
believe that most people in organizations do not choose unique
passwords for each device they are using. Hence we thought it worth an
advisory.

Hope that helped.

cheers,

.mudge

On Thu, 28 Sep 2000, Nate Amsden wrote:

[disclamer: my comments do not represent that of any company or
individuals other then myself.]

I just read the advisory from @stake and was shocked. I wondered why
they considered this worthy of a "advisory" there has been a well known
program called "No Security"[1] that with a click of your stylus you can
wipe the password off the palm device(in my case a Handspring visor
deluxe) without any loss of data.


in addition you can use a 3rd party program to synch the pilot, say
Jpilot[2](which i use on linux) and it retrieves all "private" records
and does not bother to protect them, also it unmarks the private flag.


the private record security is a joke, it always has been. sure the
information in the advisiory is nice and technical but you don't need to
jump through hoops to get to the private data. must be a slow day for
@stake.


[1] http://www.geocities.com/SiliconValley/Cable/5206/nosecurity102.zip
[2] http://jpilot.linuxave.net/

have a good one!

nate


--
Nate Amsden
System Administrator
Graphon
http://www.graphon.com



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault