I have just performed testing and discovered that the Palm Treo 600 is affected by the recently-discovered Find vulnerability.
My Treo 600 runs the firmware version Treo600-1.13-AWS. I will soon install dkirker’s inofficial fix – meanwhile, all I can say is take special care to keep your Treo in your pocket all the time!
Related posts:
Content, RSS
Twitter
Sorry, but that’s utter BS. To use this “exploit” one must first pry my Palm out of my dead hands…
And BTW: If you have physical access to a PalmOS-device, the system password can be removed in seconds. So actually there’s no need to use this.
The concern here is that the device won’t get stolen just for somebody else’s pleasure, but that the data on the device can be compromised. Businesses do not care about the hardware (unless it is a prototype) nearly as much as what the hardware stores.
I believe the only way to remove a system password is to hard reset the device. In this case, then yes, my fix has no effect. But, if a thief wanted what was stored on the device, I highly doubt that they would reset the device.
Hi Donald and Oliver,
thank you very much for your comments.
You two are addressing totally different aspects of security IMHO.
OWL is trying to make sure per software that the device doesn’t become useful for a thief. You are trying to protect the data.
Although, to be honest, I don’t think this flaw is serious. You would need to know exactly what to look for. What string data would you use as query?
Best regards
Tam Hanna
@donald: I can remove your system password within 2 seconds without resetting your device (Unless there are no other security-tools installed ofcourse)
Hi owl,
how would you do that?
Best regards
Tam Hanna
It is quite scary what Owl can do.
Hi,
he didn’t tell us yet how he would go to doing it – so let’s stay calm for now
BEst regards
Tam Hanna