Bugtraq mailing list archives
PalmOS password recovery
From: Nate Amsden <natea () GRAPHON COM>
Date: Thu, 28 Sep 2000 08:08:37 -0700
[disclamer: my comments do not represent that of any company or individuals other then myself.] I just read the advisory from @stake and was shocked. I wondered why they considered this worthy of a "advisory" there has been a well known program called "No Security"[1] that with a click of your stylus you can wipe the password off the palm device(in my case a Handspring visor deluxe) without any loss of data. in addition you can use a 3rd party program to synch the pilot, say Jpilot[2](which i use on linux) and it retrieves all "private" records and does not bother to protect them, also it unmarks the private flag. the private record security is a joke, it always has been. sure the information in the advisiory is nice and technical but you don't need to jump through hoops to get to the private data. must be a slow day for @stake. [1] http://www.geocities.com/SiliconValley/Cable/5206/nosecurity102.zip [2] http://jpilot.linuxave.net/ have a good one! nate -- Nate Amsden System Administrator Graphon http://www.graphon.com
Current thread:
- PalmOS password recovery Nate Amsden (Sep 28)
- Re: PalmOS password recovery Mudge (Sep 29)
- Re: PalmOS password recovery Peter W (Sep 29)