![]() |
Show 20 posts from this thread on one page |
VisorCentral.com (http://discussion.visorcentral.com/vcforum/index.php)
- How To / Troubleshooting (http://discussion.visorcentral.com/vcforum/forumdisplay.php?forumid=2)
-- Visor HotSync Security Hole! (http://discussion.visorcentral.com/vcforum/showthread.php?threadid=2028)
Network Sync
If you have Network Sync enabled on your machine, and a malicious user knows your name (ex. John Smith), and the ip of your machine (ex. 192.168.22.22, or jsmith.company.com), he can change the name on his Visor to yours, do a Network hotsync with your ip, and download all of your email, send email as you, and perform any function that you can.
This needs to be password protected. If I wanted to read my co-workers email, or send a nasty message from him to his boss, all I would need to do is put his name into my visor (Jim Beam), and do a network sync to jbeam.company.com.
I have contacted Handspring about this.
This was already reported to BugTraq and relayed to 3Com. It also allows for DoS attacks.
Doh!
I wish I knew how to change the user name on my old Palm - I wanted to give it to her and let her keep most of my DB for personal addresses, etc. while letting her hotsync her own stuff. Ended up having to hard reset it and beam the stuff. Lots of extra work for both of us...
------------------
What if your sole purpose in life is to serve as a warning to others?
| All times are GMT. The time now is 02:36 AM. | Show 20 posts from this thread on one page |
Powered by: vBulletin Version 2.3.4
Copyright © Jelsoft Enterprises Limited 2000 - 2016.