HZGN.COM
welcome to my space
X
Feng Shui | Graphic Design | Cosmetics | Causes and Organizations | Regulatory Compliance | Gadgets and Gizmos | Computer Forensics | Tools and Equipment | Related articles
Search:  
Welcome to:hzgn.com
 HOME   Zaurus Bugs Put Corporate Networks at Risk

Zaurus Bugs Put Corporate Networks at Risk

Published by: jane 2008-11-22

Researchers at Syracuse University have found multiple bugs in Sharp's Zaurus SL-5000D and SL-5500 handheld devices that puts corporate networks at risk.

MacDiner :: All You Can Eat Apple and Macintosh News ::::
at all; it was only making sure that its mobile search products would not risk they can put 400,000 iPhones on their network without paying Apple a dime, why
http://macdiner.com/news/details/18194HOME
A warning from the school's Center for Systems Assurance said the bugs would allow a remote attacker to take full control of the Zaurus file system, including the ability to overwrite files and/or programs with Trojans.

Hackers Center Security Blogs - More Firefox Addons ownage - POC::
Our aim is to retrieve a file and put it on the local hard drive. Our file can be an executable. Corporate trainings. Meeting compliance
http://www.hackerscenter.com/index.php?/My-Blog-Dashboard/1935-Moox-Addons-ownage-POC.htmlHOME
The researchers also found a second vulnerability that affects the Zaurus passcode function, which locks the Zaurus so that no data can be input via the keypad and touch screen.

The suspect handhelds use FTP for synching operations and the SU team found that the FTP daemon on both Zaurus units was built into QPE, the default windowing system for the units, on port 4242. The daemon binds to all network interfaces on the Zaurus, including any wireless network or PPP interfaces.

"This FTP service gives any remote user access to the Zaurus filesystem as root, via any network interface. Setting the root password on the Zaurus has no effect, as the FTP daemon does not actually authenticate the user. By default, the Zaurus has no root password," it said.

The screen-locking passwords are stored in the file /home/root/Settings/Security.conf and the security alert noted that the passcode program uses the same salt value every time the passcode is set: A0. "Knowing this, a cracker can generate a passcode table approximately 4G in size, which can be used to look up the passcode given the file Security.conf," it warned.

It said Sharp's support team had been notified of both vulnerabilities and promised a fix. In the meantime, the school's researchers urged Zaurus users who use ethernet or PPP to attach to a network to either discontinue use of QPE or place themselves behind a firewall until a patch for QPE is released.


Nokia, SGI Team on Wireless 3D Standard
Microsoft Unleashes New .Net Tools

PRINT Add to favorites
  • xbmc doesn 39 t recognize files on burned dvd
  • saving custom video setting
  • problem with mkv files matroska
  • filezilla xml
  • digital 5 1 sound
  • sorting broken
  • music tags
  • dvr universal remote problems
  • booting problems
  • help xbmc frooze
  • xboxdash cfg error
  • unreadable discs
  • can 39 t set up share with smb or xbms
  • team xbmc need you 33 33 33

  • streamed avis are crashing using ccx gui
  • xbmc freezes when i try to run anything
  • delete doesnt work over smb
  • 39 x y 39 isn 39 t working for me
  • freeze on divx play
  • exit to dash from game via shortcut won 39 t work
  • need some help xbmc cvs 2006 05 21 t3ch
  • problem with mkv subs
  • videos too big for screen
  • my streams work great when my network is busy
  • settings in popup dialog
  • new build question
  • networking my laptop with xbmc
    • #If you have any other info about this subject , Please add it free.#
    Your name:
    E-mail:
    Telphone:

    Your comments:


    If you have any other info about Zaurus Bugs Put Corporate Networks at Risk , Please add it free.

    About us -Site map -Advertisement -Jion us -Contact usExchange linksSponsor us
    Copyright© 2008 hzgn.com All Rights Reserved
    Site made&Support support@hzgn.com    E-mail: web@hzgn.com