|
Vulnerability Tiny Sheet Affected Tiny Sheet Description Paulo Cesar Breim found following. The software Tiny Sheet, present in all versions of Palm Pilot, has a function called IMPORT file. Well when this function is use ALL FILES, including the hidden files protetex with password, can be imported to a Sheet. The "private" flag in PalmOS is advisory only. As has been noted in previous discussions (most notably L0pht/@stake's PalmOS password recovery discovery), the Palm platform is not designed to be secure. Physical access means access to all its data. So there's not much new about Tiny Sheet apparently not following the guidelines. It's just another example of the limitations in PalmOS. Solution The Palm's password protection stops people that roam around your notes with physical posession of your palm but not the ability to install Apps. No more, no less.