lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu Feb  9 03:53:10 2006
From: kf_lists at digitalmunition.com (KF (lists))
Subject: Bluetooth Activesync - requesting test

You left one key thing out of this story problem...
Whos bluetooth stack are you using (on both devices)?
-KF


Greg wrote:

>OK this sounds screwy but if someone has the equipment, can you test and let
>us all know please?
>
>A PDA I was working on that had to be Activesync'd to one computer had the
>PDA name "John" rather than the standard name that comes with the PDA.
>Another PDA was already working Activesync. Both were over bluetooth
>encrypted. The other one was named "Cheryl" just for info's sake. 
>
>Anyway, "John" was a new PDA of exactly the same make and model as "Cheryl"
>(Mortein syndrome) but what I didn't know and didn't look for, initially,
>was that the computer had been set up by someone else to ONLY allow
>connections from "Cheryl" and no other device and it was set in "non
>discovery" mode, that is, no other bluetooth device supposed to be able to
>find it. When I set John up, it autosync'd for 24 hours and stopped syncing
>again. I went back and did a thorough look and found that "Cheryl" was the
>only one allowed to connect bluetooth to the computer but "John" had,
>anyway.
>
>So this makes me wonder - and this is what I am asking help with - is it
>possible that bluetooth pairing, connection in total and autosync are all at
>risk if the same model PDA is used even though they are set up with
>different PDA names and even if settings are correct and are NOT supposed to
>allow connection from anything else? If it is, this is a worry.
>
>Of course, the alternative is that I stuffed something up, I know but for
>the life of me, I cant see what it is. If data is encrypted and only paired
>devices that are NAMED are allowed to connect, I would have thought that
>meant I shouldn't have been able to set the other PDA up but I did. 
>
>Thanks for any info/help.
>
>Greg.
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>  
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ