Hi all, I feel I should issue this warning and explanation regarding the recently found hack for the Apex.
What is it? Essentially, someone with access to a telnet or ftp client (in other words, nearly any computer at all - Windows, Mac, Linux) is able, if they know your IP address and find that your IP has ftp/telnet enabled, to access your Apex's files. You will not know it is happening, as nothing happens on the Apex end of things. This sounds like a very serious security risk and, indeed, it is. However, the practical side is that there is not too high a chance of someone doing this to you. On a home network you are completely fine, since you likely know everyone on the network already. Your chances go up as you go to public networks like an airport. Still, someone would have to be scanning for the service to find it in the first place. I am not saying that there is no risk, just that it is not like you will suddenly have your files stolen as soon as you connect to a public network. Again, as far as informal tests can tell, this affects the Apex only; mPower, PK, and Classic users are not vulnerable in this way. Also, this is read/write access, meaning that the Apex's files are open to someone who finds the ftp/telnet server open and logs on. However, the attacker cannot run code. In other words, your files may be messed with (moved, deleted, or copied) but you cannot get a virus or other form of software, not that this is much consolation. That said, there is a huge upside to this. You can use your pc to manage your bn's files, essentially playing the role of an attacker, but for good purposes. Access is just like what you find with ActiveSync (WMDC on Vista and Windows 7) but without having to use those annoying programs. The other advantage is that it works through wifi/ethernet; as long as your pc and bn are on the same network, you can do this. I posted the instructions for doing this earlier. While it is a great feature to use, I appologize to all for posting that message with no warnings attached, and I am still second-guessing posting it at all. It outlines how to access an Apex over a network, which is a great thing to have at your disposal. Unfortunately, it is also (essentially) what a person would do to access your Apex without your knowledge. The original poster (the one who discovered the security hole in the first place) basically explained what is going on, but my message made it all the easier. At the very least I should have just offered the steps to those who wanted them so the message would not be public. Once again, sorry for not thinking straight. Finally, please be aware that all of the above is in no way acknowledged, let alone endorsed, by Humanware. Therefore, if you run into a problem by deleting an important file by mistake and causing your bn to not start, there is not much they can officially do. I am not trying to warn you off, just saying to please be careful and remember that, though managing your Apex's files on the pc has little risk involved, any damages are not the fault of Humanware or anyone else. I hope I did not scare anyone (more) with this message. However, I felt that the warnings needed to be put out there. If you have questions that have not been covered in the last few days, ask me. However, we should probably take things off-list regarding this topic from here on out. -- Have a great day, Alex (msg sent from GMail website) [email protected]; http://www.facebook.com/mehgcap ___ Replies to this message will go directly to the sender. If your reply would be useful to the list, please send a copy to the list as well. To leave the BrailleNote list, send a blank message to [email protected] To view the list archives or change your preferences, visit http://list.humanware.com/mailman/listinfo/braillenote
