Bugtraq mailing list archives

PalmOS password recovery

From: Nate Amsden <natea () GRAPHON COM>
Date: Thu, 28 Sep 2000 08:08:37 -0700

[disclamer: my comments do not represent that of any company or
individuals other then myself.]

I just read the advisory from @stake and was shocked. I wondered why
they considered this worthy of a "advisory" there has been a well known
program called "No Security"[1] that with a click of your stylus you can
wipe the password off the palm device(in my case a Handspring visor
deluxe) without any loss of data.


in addition you can use a 3rd party program to synch the pilot, say
Jpilot[2](which i use on linux) and it retrieves all "private" records
and does not bother to protect them, also it unmarks the private flag.


the private record security is a joke, it always has been. sure the
information in the advisiory is nice and technical but you don't need to
jump through hoops to get to the private data. must be a slow day for
@stake.


[1] http://www.geocities.com/SiliconValley/Cable/5206/nosecurity102.zip
[2] http://jpilot.linuxave.net/

have a good one!

nate


--
Nate Amsden
System Administrator
Graphon
http://www.graphon.com

Current thread:

PalmOS password recovery Nate Amsden (Sep 28)
- Re: PalmOS password recovery Mudge (Sep 29)
- Re: PalmOS password recovery Peter W (Sep 29)