HP3000-L Archives

October 2000, Week 1

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
OT: Palm password insecure
From:
"COLE,GLENN (Non-HP-SantaClara,ex2)" <[log in to unmask]>
Reply To:
COLE,GLENN (Non-HP-SantaClara,ex2)
Date:
Thu, 5 Oct 2000 17:56:33 -0600
Content-Type:
text/plain
Parts/Attachments:
text/plain (18 lines) 
It appears that Palm's built-in Security application only
obfuscates its password, rather than encrypting it.

The net result is that the obfuscated password can be acquired
(during the HotSync process, or from the Unsaved Preferences
database) and decoded.

Details are at:

http://www.securiteam.com/securitynews/PalmOS_Password_Retrieval_and_Decodin
g.html

(sorry for any wrap).

This link was reported by the Mac troubleshooting site MacFixIt.com .

--Glenn

ATOM RSS1 RSS2