Re: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass
From: chgsupra1@xxxxxxx
Date: 22 Feb 2007 02:51:35 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

I can understand why Palm does not want to fix it. This is my opinion, it stems 
from feature richness: The initial state the phone is lock and then you 
received a call, then it provides the user the ability to search for 
contact/number/meeting/memo...etc (header/prefix only). If this Find feature is 
blocked, then user would have to hang-up the call and unlock the phone to 
retrieve the info, then call the user back.  I have run into this situation on 
many occasion, since I did not know of Find feature can be used in this mode.

The SecurityLockFindFix.prc is available to block the Find feature, but for the 
non-security minded person flexibility may way overshadow security, but that is 
a personal matter. There is no personal choice when the Palm Treo is corporate 
own, so the fix should be applied.

Follow-Ups:
- RE: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass
  - From: Roger A. Grimes

Prev by Date: Pics Navigator Directory Traversal Vulnerability
Next by Date: SYMSA-2007-002-1: Palm OS Treo Find Feature System Password Bypass
Previous by thread: Re: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass
Next by thread: RE: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass
Index(es):
- Date
- Thread