The Magic Caf
Username:
Password:
[ Lost Password ]
  [ Forgot Username ]
The Magic Cafe Forum Index » » Not very magical, still... » » Technical Minds Needed Here. Just A couple Questions (0 Likes) Printer Friendly Version

daffydoug
View Profile
Eternal Order
Look mom! I've got
14072 Posts

Profile of daffydoug
I know I'm behind the times...yeah, I admit it. I just do the best with what I have.

Anyway, my brother gave me a Palm Pilot a couple days ago, and I'm tickled to death to have it. It is new, well, I should say unused. He never took it out of the package, but it's about four years old. Probably a dinosaur by today's standards...but I like it, and that's what counts.

Anyways, what I would like to know is this: If you password protect these things, (in order to store personal information), like account numbers and such, is it possible for some one with technical know how to find the password and get in anyway? Is there a way of hooking these things up to a computer or something in order to unlock the password?

I will mention that when it comes to passwords, I'm not stupid. Someone at work said, "I'll bet your password is magic"!

Uh, yeah, right...like I'm going to be that obvious. You can go through the dictionary and try every word in Webster's unabridged, and you will have wasted your time, because the password is not even a real word. It's a nonsense word that I made up that doesn't exist, or even abide by the rules of english spelling. So even if you happen to think up the same word I made up, (chances are one in a zillion) you'd still not know how I spelled it!

So guessing is pretty much out. But as I said, I would like to know if there is a way that someone could hook this thing up to a computer and still unlock it. Or perhaps there is another way of hacking into the thing? All I know, is right now, when you turn on the power button, a screen comes on that says "System locked..please type password" And unless you get that exact password, and the exact correct spelling, it just keeps going back to the same screen.

What do you think? Can these things be cracked by someone with the technical know how? This is pretty important to me, because we are talking about personal identity theft and such things.

Thanks for your thoughts.
The difficult must become easy, the easy beautiful and the beautiful magical.
Moyle with Parkinsons
View Profile
Loyal user
Australia
281 Posts

Profile of Moyle with Parkinsons
Hi daffy

Don't blame yourself your not knowing your technology, if it wasn't my job I wouldn't keep up with it either, and to be quiet honest most people in the IT field don't bother to keep up with. The following link is to a very good article from the Australian security authorities about choosing secure passwords you will notice that if you follow these guidelines using the fastest computer in the world currently it would take about 60 million years to crack the code, whilst that is not an exact number it is not an exaggeration:

http://www.auscert.org.au/render.html?it=2260

Unfortunately I am unsure of whether there are any hacks for a PalmPilot but if you search sites like http://www.securityfocus.com etc. it should not be too hard to find out. Yes you can connect it to the computer. The best way to avoid hacks is the following. In security the best practice for access is no access. In a perfect security world the internet would not exist, thus, if you are worried about hacks just try to avoid using the internet for a long period of time the say don't leave it on the net overnight the longer you leave it on the net the longer a hacker has to break into it. To be quiet honest though I wouldn't worry too much about it be secure but don't be paranoid most hackers would not be too interested in you as there is no avantage in gaining control of your PalmPilot because it cannot really be used too well as a spring board for better attacks and you probably would keep a lot of interest to a hacker on there anyway. I hope this helps PM me if it doesn't.

Moyle
"Signatures cause far too much trouble!" an original quote by Moyle With Parkinsons.
Daegs
View Profile
Inner circle
USA
4290 Posts

Profile of Daegs
Doesn't matter what the password is depending on how its stored.

These days I rainbow crack everything(precompiled hash-key pairs). Plenty availible and drive space is cheap compared to clock cycles...


I would call up palm or find out if you can figure out how the password is encrypted with what algorithm.

Much better ways to steal your indentity... besides there is no reason to leave your Social on the thing nor your bank accounts....

I don't even know if the data is encrypted... if the password is just preventing it from starting(and not actually decrypting the data) then there is no security.

Unless there is aftermarket security software on it, I'm willing to bet I could crack it pretty quickly with the right cables(to connect to it).

It's really risk vs. reward... unless you have some *REALLY* killer locks on your house, I could easily break into your house in 5 seconds leaving no trace and get more sensitive data most likely than whats on the palm... and that is with no tools or even knowledge to get into the house.

With the palm, not only would the person have to get ahold of your palm but they would have to know how to crack it AND be willing to rip you off.

Usually people that could easily crack into these things have better jobs than stealing palms from people....

There is risk in everything, its all balance between risk vs. reward.
tanselkaya
View Profile
Regular user
139 Posts

Profile of tanselkaya
Cracking a password typically requires you to have access to the device in some way. Depending on the level of access (hardware level, IP level, so on) every attempt takes some time.

If the attempt time is reasonable a dictionary attack can be used. (Here a dictionary attack refers to a subset of the password space not necessarily words. For example examining your other passwords can give the attacker a fair idea of the pattern)

If the attacker has access to your device he can easily read the memory contents without even using the operation system of the device and he'll have access to all your data. I'm assuming the data is not encrypted.
daffydoug
View Profile
Eternal Order
Look mom! I've got
14072 Posts

Profile of daffydoug
Quote:
On 2006-06-22 21:56, Moyle with Parkinsons wrote:
Hi daffy

Don't blame yourself your not knowing your technology, if it wasn't my job I wouldn't keep up with it either, and to be quiet honest most people in the IT field don't bother to keep up with. The following link is to a very good article from the Australian security authorities about choosing secure passwords you will notice that if you follow these guidelines using the fastest computer in the world currently it would take about 60 million years to crack the code, whilst that is not an exact number it is not an exaggeration:

http://www.auscert.org.au/render.html?it=2260

Unfortunately I am unsure of whether there are any hacks for a PalmPilot but if you search sites like http://www.securityfocus.com etc. it should not be too hard to find out. Yes you can connect it to the computer. The best way to avoid hacks is the following. In security the best practice for access is no access. In a perfect security world the internet would not exist, thus, if you are worried about hacks just try to avoid using the internet for a long period of time the say don't leave it on the net overnight the longer you leave it on the net the longer a hacker has to break into it. To be quiet honest though I wouldn't worry too much about it be secure but don't be paranoid most hackers would not be too interested in you as there is no avantage in gaining control of your PalmPilot because it cannot really be used too well as a spring board for better attacks and you probably would keep a lot of interest to a hacker on there anyway. I hope this helps PM me if it doesn't.

Moyle


Well, actually, what I was thinking was a scenario where I accidently misplaced it, and someone came along and found it. Of course, I probably won't do that because Im extremely careful, but what if.

Posted: Jun 23, 2006 6:03am

-------------------------------------------------------------
Quote:
-------------------------------------------------------------

On 2006-06-23 02:17, tanselkaya wrote:
Cracking a password typically requires you to have access to the device in some way. Depending on the level of access (hardware level, IP level, so on) every attempt takes some time.

If the attempt time is reasonable a dictionary attack can be used. (Here a dictionary attack refers to a subset of the password space not necessarily words. For example examining your other passwords can give the attacker a fair idea of the pattern)

If the attacker has access to your device he can easily read the memory contents without even using the operation system of the device and he'll have access to all your data. I'm assuming the data is not encrypted.

--------------------------------------------------------------------

How can he read the memory without using the device's OS?
The difficult must become easy, the easy beautiful and the beautiful magical.
gsidhe
View Profile
Inner circle
Michigan
1725 Posts

Profile of gsidhe
I wouldn't worry about it too much. 99.999% of the people that would find it if misplaced wouldn't have the technical expertise to crack it, and 98% of the people that would find it and have the technical expertise would not use it for illicit purposes.
Besides, the age of the unit gives you one advantage...Less likely to be stolen. As an item, it is less valuable than the average IPOD (Although a thousand times more useful), so there are plenty of things out there more likely to be targeted.

As for passwords...Sounds like you have a pretty good one. Made up words spelled oddly that only you would know...Pretty durned secure.
Personally, all of mine are in Welsh Gaelic. I can say them out loud, and there are only a handful of people on the planet that could spell them.
Gwyd
airship
View Profile
Inner circle
In my day, I have driven
1594 Posts

Profile of airship
What Gwyd said.

Passwords are INTENDED to only keep the general public from prying due to idle curiosity. Anyone who thinks they offer total security is decieving himself.

A password won't keep out a thief with technical expertise. Note the combination of those two concepts. Even someone with technical expertise who takes the time to 'crack' your password will likely only do it for the fun of it, and won't have the criminal proclivity to abuse your information.

In short: Don't worry! Smile
'The central secret of conjuring is a manipulation of interest.' - Henry Hay
daffydoug
View Profile
Eternal Order
Look mom! I've got
14072 Posts

Profile of daffydoug
Quote:
On 2006-06-23 13:11, airship wrote:
What Gwyd said.

Passwords are INTENDED to only keep the general public from prying due to idle curiosity. Anyone who thinks they offer total security is decieving himself.



I'm not too fond of deceiving myself..which is why I posted the original question!
The difficult must become easy, the easy beautiful and the beautiful magical.
daffydoug
View Profile
Eternal Order
Look mom! I've got
14072 Posts

Profile of daffydoug
Quote:
On 2006-06-23 10:36, gsidhe wrote:
I wouldn't worry about it too much. 99.999% of the people that would find it if misplaced wouldn't have the technical expertise to crack it, and 98% of the people that would find it and have the technical expertise would not use it for illicit purposes.
Besides, the age of the unit gives you one advantage...Less likely to be stolen. As an item, it is less valuable than the average IPOD (Although a thousand times more useful), so there are plenty of things out there more likely to be targeted.

As for passwords...Sounds like you have a pretty good one. Made up words spelled oddly that only you would know...Pretty durned secure.
Personally, all of mine are in Welsh Gaelic. I can say them out loud, and there are only a handful of people on the planet that could spell them.
Gwyd


Yours sound pretty good too! Welsh Gaelic, eh?
The difficult must become easy, the easy beautiful and the beautiful magical.
daffydoug
View Profile
Eternal Order
Look mom! I've got
14072 Posts

Profile of daffydoug
My son saw me typing here, and he anwered my question. He told me there is indeed a device, or a program that you can hook the device to, and it just begins running literaly millions of letter and number combinations at a rapid rate until it hits the jackpot.

THAT is the kind of thing I was wondering about from the start.

Does anybody know if he is right? Is there really such a thing?
The difficult must become easy, the easy beautiful and the beautiful magical.
cgscpa
View Profile
Elite user
Ashton, MD
447 Posts

Profile of cgscpa
Yes, your son is right. There are plenty of password cracker programs out there. I have a client who did not know the password to his server and it took my IT person only a few minutes to crack the password with one of these programs.

Better passwords use a combination of letters, numbers and symbols (#,$,@, etc.)

Personally, I wouldn't keep any personal information on your Palm.

(On a similiar topic - I have a Treo Phone (palm and phone combination). I was just reading about a new service that if the phone is lost or stolen a signal can be sent that will destroy all the existing data on the phone.)
daffydoug
View Profile
Eternal Order
Look mom! I've got
14072 Posts

Profile of daffydoug
That would be cool for the Palm Pilot,
The difficult must become easy, the easy beautiful and the beautiful magical.
Steve V
View Profile
Inner circle
Northern California
1878 Posts

Profile of Steve V
What exactly are you putting in an old palm pilot that you think folks will be lining up to get hold of?
Steve V
daffydoug
View Profile
Eternal Order
Look mom! I've got
14072 Posts

Profile of daffydoug
SS numbers, combinations for locks, bank account numbers, records of personal property, plans for new magic effects that I am working on, personal expenses information/records, my journal, etc ...at least I WAS until my son told me what I just explained a few posts up. Now it looks like I'm back to square one...writing things down on post it notes and notebooks, having a million pieces of paper scattered all around the house, never remembering where to find information when I need it most, and all the headaches and stress that go along with being disorganized. Smile
The difficult must become easy, the easy beautiful and the beautiful magical.
tanselkaya
View Profile
Regular user
139 Posts

Profile of tanselkaya
"How can he read the memory without using the device's OS?"

Hi daffydoug,

I can give this analogy. Say there is a PC with two harddisks. One harddisk has the OS and the second one is for storage. It is possible for the attacket to gain physical access to the computer, remove the second harddisk and read the contents without using the OS. In the PalmPilot the process is the same except for removing the memory units and accessing them.

Still if I was you, I wouldn't worry. For this to happen, you need to be the target of an attack explicitly aimed at you. People don't spend a $100 effort for a $50 treasure. By the time they get to the information you'll have everything cancelled.

If you are paranoid you can also look up applications to encrypt your data. This will make things even harder.
Dave V
View Profile
Inner circle
Las Vegas, NV
4824 Posts

Profile of Dave V
Remember this:
"Just because you're paranoid doesn't mean they're not out to get you"

;)

I got my current job by "cracking" a server. I was there on a service call and the webmaster had just been "dismissed" after failing to deliver and then trying to charge several thousand for something he didn't do. His last words were "You can't get rid of me, I changed your passwords."

After all the hot tempers settled down I quietly asked "Would you like me to fix it?"

30 minutes and one internet download later and they were back in business. That was about five years ago and I've been working full time for them ever since.

My secret? I didn't need to know the password, only how to change it. I didn't touch their OS either. I loaded my own from a different boot disk.
No trees were killed in the making of this message, but a large number of electrons were terribly inconvenienced.
tanselkaya
View Profile
Regular user
139 Posts

Profile of tanselkaya
Dave is definitely right. Physical access to a device is the ultimate compromise. Only military grade equipment is built tamper-proof. Very similar to the holder in the book Da Vinci Code, tempering results in memory erasure.

You can always use historical methods of secrecy. Hide your information inside regular text and leave it visible. Say my password is DdPtdtc, you can use the first letters of the above first two sentences to store it. Since you are using this method once, the method acts like a secret key for you, but don't overdo it Smile
The Magic Cafe Forum Index » » Not very magical, still... » » Technical Minds Needed Here. Just A couple Questions (0 Likes)
[ Top of Page ]
All content & postings Copyright © 2001-2022 Steve Brooks. All Rights Reserved.
This page was created in 0.05 seconds requiring 5 database queries.
The views and comments expressed on The Magic Café
are not necessarily those of The Magic Café, Steve Brooks, or Steve Brooks Magic.
> Privacy Statement <

ROTFL Billions and billions served! ROTFL