Bugtraq mailing list archives
Re: Palm Pilot - How to view hidden files
From: Peter W <peterw () USA NET>
Date: Mon, 12 Feb 2001 15:09:48 -0500
On Sun, Feb 11, 2001 at 05:15:53PM -0300, Paulo Cesar Breim wrote:
The software Tiny Sheet, present in all versions of Palm Pilot,
http://www.iambic.com/pilot/tinysheet3/ To clarify: it's not included with PalmOS; it's 3rd-party software.
has a function called IMPORT file. Well when this function is use ALL FILES, including the hidden files protetex with password, can be imported to a Sheet.
The "private" flag in PalmOS is advisory only. As has been noted in previous discussions (most notably L0pht/@stake's PalmOS password recovery discovery), the Palm platform is not designed to be secure. Physical access means access to all its data.[0] So there's not much new about Tiny Sheet apparently not following the guidelines. It's just another example of the limitations in PalmOS. If you want to protect data stored on a PalmOS device, encrypt it. Hmm, I'd be interested to see some work on PalmOS memory attacks, e.g. after you've run a crypto app, can you run another app that scours the device's memory for information left behind, e.g., passphrases or decrypted keys? -Peter [0] Unless the device is "locked" and has 3rd-party security extensions loaded that prevent non-destructive device resets.
Current thread:
- Palm Pilot - Palm Desktop Version 4 - Password bypass Secret Ivan (Feb 10)
- Re: Palm Pilot - Palm Desktop Version 4 - Password bypass skelly (Feb 10)
- Palm Pilot - How to view hidden files Paulo Cesar Breim (Feb 12)
- Re: Palm Pilot - How to view hidden files Peter van Dijk (Feb 12)
- Re: Palm Pilot - How to view hidden files Peter W (Feb 12)
- Palm Pilot - How to view hidden files Paulo Cesar Breim (Feb 12)
- Re: Palm Pilot - Palm Desktop Version 4 - Password bypass skelly (Feb 10)