On 1 Oct 2010, at 22:50, Alex Hall wrote: > While I am shocked at this sort of security risk on a bn, I wonder how > you use it to access your files without, as you say, using ActiveSync? > I am on a public network at school and am therefore rather worried > about this (then again, I doubt anyone on campus knows what telnet is, > let alone how to isolate my machine).
I brought this to public attention precisely because, not knowing how long a fix is due and being as how this has been the case since Apex was released, both FTP and telnet are common and easy to find. If people on your network use port scanners, they will discover your BrailleNote and the fact that it runs telnet and FTP and in no time. You can't keep it a secret, not to somebody who intends any kind of mischief. It gives me no pleasure saying this. > Please email hw with the details of this as soon as possible so they > can see that, even if they meant to do it, it is of concern to users. My original email (and your reply, by the looks of it) have gone to HumanWare. However this is urgent enough (at least for me) that you should probably take steps now. > If you can tell me how to do this and I can confirm it, I will also > email them. I do not doubt your findings, I just would like to provide > details of my setup so that hw can see that these are two independent > use cases. Find the IP address of your BrailleNote (Options, Connectivity, Active connection details). From another computer on the network, browse to ftp://1.2.3.4/ (replace 1.2.3.4 with IP address). You can also use the command line, telnet 1.2.3.4 or ftp 1.2.3.4. Behold, all your data. Cheers, Sabahattin ___ Replies to this message will go directly to the sender. If your reply would be useful to the list, please send a copy to the list as well. To leave the BrailleNote list, send a blank message to [email protected] To view the list archives or change your preferences, visit http://list.humanware.com/mailman/listinfo/braillenote
