On Sun, Feb 11, 2001 at 05:15:53PM -0300, Paulo Cesar Breim wrote:
> The software Tiny Sheet, present in all versions of Palm Pilot,
To clarify: it's not included with PalmOS; it's 3rd-party software.
> has a function called IMPORT file.
> Well when this function is use ALL FILES, including the hidden files
> protetex with password, can be imported to a Sheet.
The "private" flag in PalmOS is advisory only. As has been noted in previous
discussions (most notably L0pht/@stake's PalmOS password recovery discovery),
the Palm platform is not designed to be secure. Physical access means access
to all its data. So there's not much new about Tiny Sheet apparently not
following the guidelines. It's just another example of the limitations in PalmOS.
If you want to protect data stored on a PalmOS device, encrypt it. Hmm, I'd
be interested to see some work on PalmOS memory attacks, e.g. after you've
run a crypto app, can you run another app that scours the device's memory
for information left behind, e.g., passphrases or decrypted keys?
 Unless the device is "locked" and has 3rd-party security extensions
loaded that prevent non-destructive device resets.