lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20030710001123.V18605@zealot.blacknet.de>
Date: Thu, 10 Jul 2003 00:11:23 +0200
From: Goetz Bock <bock@...cknet.de>
To: bugtraq@...urityfocus.com
Subject: Re: PalmOS Memo Record Hiding Vulnerability.



> -[BACKGROUND]-:
> 
> PalmOS includes a pre-installed 'Security'
> Application, which allows a Palm enabled device to add
> weak security, to hide data and protect the PDA from
> casual snoopers.  One particular feature is the
> ability to "Hide" Memos set as "Private" in the
> Security section of MemoPad, and set a password so
> that "Private" memos can only be read by those
> possessing the Password.
this "bug" is known since the very beginning of PalmOS v1.x. IIRC the
SDK even mentioned that it is the task of the author of any Palm OS
software to check and honor the "private"/"hidden" flag on it's own. 

While it's sad that Palm Inc did not fix this, I'm actually surprised
that this fact is new to anyone who spend any time checking the security
of PalmOS.

BTW: it's trivialy possible to remove the password and even retrive it
     in clear text with a small 3rd part application.
     Search the mailing list on ultraviolette.org (iirc, and if it still
     exists) for the program to get your password. It was posted there
     years ago.
-- 
Goetz Bock       (c) 2003 as     blacknet.de - Munich - Germany   /"\
IT Consultant    GNU FDL 1.1    secure mobile Linux everNETting   \ /
                                                                   X
 ASCII Ribbon Campaign against HTML email & microsoft attachments / \


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ