Forwarded from: "Bill Scherr IV, GSEC, GCIA" <bschnzl_at_bigfoot.com>
Don't just tell us it's vulnerable! Tell us how, and how to FIX it!!!
This IS irresponsible disclosure!
Show me a distro (of any OS) that doesn't have vulnerabilities!
And... Show me a security journalist (which Mr. Shim has crossed into
from a ZDNet style sales junkie) that would get the jewels raked thru
the fire for doing the same! Betcha find the OS first!!!
On 12 Jul 2002 at 8:06, InfoSec News wrote:
> http://news.com.com/2100-1040-943163.html?tag=fd_top
>
> By Richard Shim
> Staff Writer, CNET News.com
> July 11, 2002, 12:50 PM PT
>
> Sharp's Linux-based, business-oriented Zaurus handheld suffers from
> security holes that could let hackers grab private data off a
> corporate network, according to researchers at Syracuse University.
>
> In an advisory posted Wednesday to a Syracuse University
> computer-science Web site, researchers said they had found
> vulnerabilities in Sharp's Zaurus SL-5500 and Zaurus SL-5000D
> handhelds. The flaws let attackers take control of the device's file
> system, giving them the power to overwrite files or lock the device
> so no data can be input through the keypad or touch screen.
>
> The biggest potential threat, though, exists when the device is
> wirelessly connected to a company's network, where sensitive data
> might be stored. The flaws would enable attackers to download and
> upload files.
>
> "These vulnerabilities mean that the Zaurus can be used as a
> launching point to attack the network," said K. Reid Wightman, one
> of the researchers who worked on the advisory.
>
> Security holes are not likely to help Zaurus' already delicate
> prospects.
Bill Scherr IV, GSEC, GCIA
Electronic Warfare Associates /
Information Infrastructure Technologies
Camp Johnson, Vermont 05446
(802) 338-3213
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo_at_attrition.org with 'unsubscribe isn'
in the BODY of the mail.
Received on Jul 15 2002
Intro
