On Sun, Feb 11, 2001 at 05:15:53PM -0300, Paulo Cesar Breim wrote:

> The software Tiny Sheet, present in all versions of Palm Pilot,

http://www.iambic.com/pilot/tinysheet3/

To clarify: it's not included with PalmOS; it's 3rd-party software.

> has a function called IMPORT file.
> Well when this function is use ALL FILES, including the hidden files
> protetex with password, can be imported to a Sheet.

The "private" flag in PalmOS is advisory only. As has been noted in previous
discussions (most notably L0pht/@stake's PalmOS password recovery discovery),
the Palm platform is not designed to be secure. Physical access means access
to all its data.[0] So there's not much new about Tiny Sheet apparently not
following the guidelines. It's just another example of the limitations in PalmOS.

If you want to protect data stored on a PalmOS device, encrypt it. Hmm, I'd
be interested to see some work on PalmOS memory attacks, e.g. after you've
run a crypto app, can you run another app that scours the device's memory
for information left behind, e.g., passphrases or decrypted keys?

-Peter

[0] Unless the device is "locked" and has 3rd-party security extensions
    loaded that prevent non-destructive device resets.

Reply via email to