Log in

View Full Version : Holes put Linux handheld at risk


Jason Dunn
07-13-2002, 12:32 AM
<a href="http://story.news.yahoo.com/news?tmpl=story&ncid=73&e=3&cid=73&u=/zd/20020712/tc_zd/943176">http://story.news.yahoo.com/news?tmpl=story&ncid=73&e=3&cid=73&u=/zd/20020712/tc_zd/943176</a><br /><br />Lest anyone think that only Windows platforms have security issues, this article is about a problem with the Sharp Linux-based handhelds.<br /><br />"Sharp's Linux ( news - web sites)-based, business-oriented Zaurus handheld suffers from security holes that could let hackers grab private data off a corporate network, according to researchers at Syracuse University. In an advisory posted Wednesday to a Syracuse University computer-science Web site, researchers said they had found vulnerabilities in Sharp's Zaurus SL-5500 and Zaurus SL-5000D handhelds. The flaws let attackers take control of the device's file system, giving them the power to overwrite files or lock the device so no data can be input through the keypad or touch screen. <br /><br />The biggest potential threat, though, exists when the device is wirelessly connected to a company's network, where sensitive data might be stored. The flaws would enable attackers to download and upload files. "These vulnerabilities mean that the Zaurus can be used as a launching point to attack the network," said K. Reid Wightman, one of the researchers who worked on the advisory." Source: JonnoB

Steven Cedrone
07-13-2002, 01:16 AM
This one must have slipped through the cracks, sent it to you yesterday....

C/Net:
Linux handheld suffers from security hole (http://news.com.com/2100-1040-943163.html?tag=dd.ne.dht.nl-sty.0)

Steve

Jason Dunn
07-13-2002, 05:39 AM
This one must have slipped through the cracks, sent it to you yesterday....

Sorry - soooo much email. :oops:

Steven Cedrone
07-13-2002, 06:46 AM
Happens to the best of 'em :wink:

Duncan
07-13-2002, 09:47 AM
Am I alone in experiencing just a little schadenfraude at this news? :wink:

Take1
07-14-2002, 04:49 AM
Hmm.. schadenfraude is a good term to use since the Linux cult must be having kittens over this 'revelation' -- Linux isn't going to save the world!? It's not better than PPC?! D'oh! More than a few PPC folk must be smiling since the rather obnoxious superhuman claims Linux folk have been making about their OS (i.e., PPC market share will tumble in the face of such a superior OS, 100,000 applications available to run on the Linux platform, etc....)

MaGNuS_Z
07-17-2002, 05:49 AM
Hmm.. schadenfraude is a good term to use since the Linux cult must be having kittens over this 'revelation' -- Linux isn't going to save the world!? It's not better than PPC?! D'oh! More than a few PPC folk must be smiling since the rather obnoxious superhuman claims Linux folk have been making about their OS (i.e., PPC market share will tumble in the face of such a superior OS, 100,000 applications available to run on the Linux platform, etc....)For your information, this hole has been discovered more than a month ago in the Zaurus community and solutions are available. If you have the control over your machine you can fix every flaws. The modification take less than 2 minutes. That's the beauty of open source, peoples looked at the code and found solutions. No need to wait for a company to fix it.

By the way, this issue is completely blown out of proportion. The hole is only exploitable to people that have a lan connection (obviously) but also only accessible to people on the same subnet. The port isn't even open on mine and i didn't do anything.