"Roy Schestowitz" <newsgroups@xxxxxxxxxxxxxxx> wrote in message
news:2531820.djQCTRkLCc@xxxxxxxxxxxxxxxxxx
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Windows Mobile Bluetooth vulnerability allows access to any files
>
> ,----[ Quote ]
> | A directory traversing vulnerability in the Bluetooth OBEX-FTP server
> of
> | Windows Mobile 6 allows attackers to access files outside of the
> permitted
> | list. According to the report, using "../" or "..\\" as part of the
> path
> | name, is sufficient to traverse to other directories. An attacker could
> use
> | the technique to copy files from a device, or to install their own
> software,
> | such as a key logger, or other spyware.
> `----
>
> http://www.heise.de/english/newsticker/news/122502
>
Yeah - it's certainly a bug. But of course a dishonest lying scumbag like
Roy Schestowitz would intentionally leave out this sentence:
<quote>
The issue does require that the targeted hand held device is paired with
the attacking device, which is usually only possible with the owner's
consent.
</quote>
|
|
