Alex, Anything executed via a telnet client connecting to the apex will run on the apex. stdin and stout (and technically stderr) are redirected across the networked telnet session. However, anything that would normally require a gui won't be redirected and will run on the apex where no one has access to it since there's no monitor on the apex. As I think I read you already guessed, telnet-ing starts cmd.exe on the apex but in interactive mode so from telnet client you'll actually be able to get output from programs instead of needing to redirect them to a file. Oh and if you do want to make a .reg file, the following link tells you nearly everything you need to know: http://support.microsoft.com/kb/310516 The only thing is since it doesn't mention WinCE specifically in that article is you'd use the same version string: REGEDIT4 You'll know what that is for if you follow the link. - Chris
On Sun, Oct 3, 2010 at 6:47 PM, Alex Hall <[email protected]> wrote: > Chris, a great idea; I will look into possibly viewing the registry, > though I think running a program via telnet will run it on the target > machine, so the telnet sees nothing of the i/o, or am I wrong? I > hesitate to try this on my apex, but if my telnet client (on the pc) > could interact with the program... > > To all on the list: please not that this is a very advanced topic that > should not be attempted by anyone who does not have a good knowledge > of what is going on here. Humanware has not yet acknowledged, much > less commented on, this sort of hack, so playing with registry and > other topics should not be tried unless you are very familiar with the > systems and programs involved. Just a friendly warning... > > On 10/3/10, Chris <[email protected]> wrote: >> Wow, that is really bad. >> If you can figure out how to update the windows registry on the device >> (and with telnet / ftp access that would be easy if I had an Apex to >> play with) you can disable those services from starting. >> >> This is the info for disabling telnet. >> http://msdn.microsoft.com/en-us/library/ee499490.aspx >> >> I found info for the FTP server at: >> http://www.embedian.com/wiki/index.php/Wince60_software#FTP_Server >> For FTP the registry path is: HKEY_LOCAL_MACHINE\Comm\FTPD >> and the key: IsEnabled should be changed to 0. >> >> Basically you'd craft a .reg text file that has those two changes, run >> the program regedit.exe with the argument set to the path to your .reg >> file and then reboot. >> >> - Chris >> >> On Fri, Oct 1, 2010 at 4:31 PM, Sabahattin Gucukoglu >> <[email protected]> wrote: >>> BrailleNote Apex offers telnet and FTP access on the standard ports, with >>> read/write privilege on the entire file system, to all comers. No >>> authentication is required. BrailleNote is unsafe on any network whose >>> devices you are not in full charge of, and which (by NAT or firewall) does >>> not protect BrailleNote from the Internet. >>> >>> I am happy and sad. In a chance port scan of my entire network looking >>> for interesting services and protocols that were not accounted for by >>> visible configuration options in all my devices, I found this disaster >>> staring me in the face on the least likely candidate of them all. On the >>> one hand, now I don't need ActiveStink in order to access my files, over >>> the network, from my Mac. I want these services running, for sure (maybe >>> just FTP) but dammit, authentication first! On the other hand, there is >>> no doubt my trust in HumanWare is badly dented, as I was clearly >>> optimistic that they would, and did, do the right thing and secure the >>> device firmware before shipping it. Anonymous FTP and telnet are obvious, >>> easily found and effectively exploited. If it isn't configurable, it >>> shouldn't be enabled. I am quite sure this was the case before now. The >>> most likely explanation is a build with a test configuration and services >>> for development still in use on the newest model; the USB vendor string is >>> further evidence of this. Note to self: that popular expression about >>> assumptions turns out to be true. >>> >>> KeySoft version 9.0.2 build 756, Windows CE 6.0, with telnet and FTP >>> services. >>> >>> While we await an update that either disables the services or allows the >>> user to specify the authentication credentials, do not use your >>> BrailleNote Apex on any untrusted network, or if you are network >>> administrator, temporarily prohibit these devices from connecting to your >>> networks. If "Bad guys" are on your network, the BrailleNote Apex is, >>> alas, easy meat. >>> >>> Cheers, >>> Sabahattin >>> >>> ___ >>> Replies to this message will go directly to the sender. >>> If your reply would be useful to the list, please send a >>> copy to the list as well. >>> >>> To leave the BrailleNote list, send a blank message to >>> [email protected] >>> To view the list archives or change your preferences, visit >>> http://list.humanware.com/mailman/listinfo/braillenote >>> >>> >> >> ___ >> Replies to this message will go directly to the sender. >> If your reply would be useful to the list, please send a >> copy to the list as well. >> >> To leave the BrailleNote list, send a blank message to >> [email protected] >> To view the list archives or change your preferences, visit >> http://list.humanware.com/mailman/listinfo/braillenote >> >> > > > -- > Have a great day, > Alex (msg sent from GMail website) > [email protected]; http://www.facebook.com/mehgcap > ___ Replies to this message will go directly to the sender. If your reply would be useful to the list, please send a copy to the list as well. To leave the BrailleNote list, send a blank message to [email protected] To view the list archives or change your preferences, visit http://list.humanware.com/mailman/listinfo/braillenote
