07-13-2002, 12:32 AM
|
|
Executive Editor
Join Date: Aug 2006
Posts: 29,160
|
|
Holes put Linux handheld at risk
http://story.news.yahoo.com/news?tmpl=story&ncid=73&e=3&cid=73&u=/zd/20020712/tc_zd/943176
Lest anyone think that only Windows platforms have security issues, this article is about a problem with the Sharp Linux-based handhelds.
"Sharp's Linux ( news - web sites)-based, business-oriented Zaurus handheld suffers from security holes that could let hackers grab private data off a corporate network, according to researchers at Syracuse University. In an advisory posted Wednesday to a Syracuse University computer-science Web site, researchers said they had found vulnerabilities in Sharp's Zaurus SL-5500 and Zaurus SL-5000D handhelds. The flaws let attackers take control of the device's file system, giving them the power to overwrite files or lock the device so no data can be input through the keypad or touch screen.
The biggest potential threat, though, exists when the device is wirelessly connected to a company's network, where sensitive data might be stored. The flaws would enable attackers to download and upload files. "These vulnerabilities mean that the Zaurus can be used as a launching point to attack the network," said K. Reid Wightman, one of the researchers who worked on the advisory." Source: JonnoB
|
| |
|
|
|
07-13-2002, 01:16 AM
|
|
|
07-13-2002, 05:39 AM
|
|
Executive Editor
Join Date: Aug 2006
Posts: 29,160
|
|
Quote:
|
Originally Posted by cedrones
This one must have slipped through the cracks, sent it to you yesterday....
|
Sorry - soooo much email.  ops:
|
| |
|
|
|
07-13-2002, 06:46 AM
|
|
Moderator
Join Date: Aug 2006
Posts: 6,878
|
|
Happens to the best of 'em :wink:
|
| |
|
|
|
07-13-2002, 09:47 AM
|
|
Pontificator
Join Date: Jul 2003
Posts: 1,468
|
|
Am I alone in experiencing just a little schadenfraude at this news? :wink:
|
| |
|
|
|
07-14-2002, 04:49 AM
|
|
Intellectual
Join Date: Feb 2002
Posts: 168
|
|
Hmm.. schadenfraude is a good term to use since the Linux cult must be having kittens over this 'revelation' -- Linux isn't going to save the world!? It's not better than PPC?! D'oh! More than a few PPC folk must be smiling since the rather obnoxious superhuman claims Linux folk have been making about their OS (i.e., PPC market share will tumble in the face of such a superior OS, 100,000 applications available to run on the Linux platform, etc....)
|
| |
|
|
|
07-17-2002, 05:49 AM
|
|
Neophyte
Join Date: Feb 2002
Posts: 3
|
|
Quote:
|
Originally Posted by Take1
Hmm.. schadenfraude is a good term to use since the Linux cult must be having kittens over this 'revelation' -- Linux isn't going to save the world!? It's not better than PPC?! D'oh! More than a few PPC folk must be smiling since the rather obnoxious superhuman claims Linux folk have been making about their OS (i.e., PPC market share will tumble in the face of such a superior OS, 100,000 applications available to run on the Linux platform, etc....)
|
For your information, this hole has been discovered more than a month ago in the Zaurus community and solutions are available. If you have the control over your machine you can fix every flaws. The modification take less than 2 minutes. That's the beauty of open source, peoples looked at the code and found solutions. No need to wait for a company to fix it.
By the way, this issue is completely blown out of proportion. The hole is only exploitable to people that have a lan connection (obviously) but also only accessible to people on the same subnet. The port isn't even open on mine and i didn't do anything.
|
| |
|
|
|
|
|
|
Linear Mode
