Results 1 to 9 of 9
  1.    #1  
    I recently heard about the service Avantgo.com provides to the handheld devices. Being able to browse the web offline on my Palm sounds very exciting, however, I am a bit concern about security. To update web pages on my Palm, a link is created between it and the Avantgo web site during a hot sync. Althought, not a programmer myself, I do beleive the link allows information to travel to and from the Palm. During this process, is it at all possible that other infomation, such as records from the Memo, Datebook, and other applications be pulled into the internet as well? Like most handheld users, I do store a fair bit of personal information in them. As a result, I like to clear up this issue before going ahead to use their service.

    Thanks
  2. #2  
    this link is no different than the link created between your PC and the Web... the only difference is that rather than download pages dynamically like on a PC, you dowlnoad precached pages. You dont worry that yahoo.com is going to get your solitaire hight scores do you? inotherwords, use the service. its cool and not a security hazard.
  3. #3  
    AvantGo itself uses SSL in its latest version (3.3) to provide for secure connections. Take a look through the AvantGo online help for further information.
    .
    .....
    MarkEagle
    .....<a href="http://discussion.treocentral.com/tcforum/index.php?s=">TreoCentral</a> | <a href="http://discussion.visorcentral.com/vcforum/index.php?s=">VisorCentral</a> Forum Moderator - Forum Guidelines
    .....Sprint PCS Treo 650
    .....God bless America, my home sweet home...
  4. #4  
    The AvantGo client application can access any data file on your Visor. A version of MobileLink could be hacked to upload non-AvantGo data files (the hack) to a site that has nothing to do with AvantGo's service (a feature of MobileLink). Remember, there is no file system security with the Palm OS.

    Your desktop conduit has whatever rights you do (if you are running on Win9x or ME - that means it can go anywhere it wants to). There is nothing to stop a hacked conduit from doing just about anything it wants to.

    However, after listing some of the vulnerabilities, it is only fair to point out that it would take time, some programming talent, and clever planning to put together a AvantGo-based data stealing operation that would provide profitable results. It would have to be very low profile (no noticable increase in sync times, not create sync errors, untraceable SendTo address, etc.). Also, consider that the vast majority of users are running IE on Win9x/ME - a combo that is much easier to exploit without any real risk of getting caught; and you have to ask yourself why someone would go through the trouble of attacking one Palm app (and its conduit) when there is still all this ripe low hanging fruit courtesy of Microsoft.

    Put very simply: our only real defense is that the herd is vast; and the wolves can easily feed off other game - prey that is fatter, more plentiful and easier to kill than we are.
  5. #5  
    Originally posted by california boyhead
    this link is no different than the link created between your PC and the Web... the only difference is that rather than download pages dynamically like on a PC, you dowlnoad precached pages. You dont worry that yahoo.com is going to get your solitaire hight scores do you?
    Well, when I connect to Yahoo (or most other web addresses) the connection doesn't start banging around in my various drives. When I hotsync to Avantgo, my A: drive, hard drive (obviously) AND zip drive all get calls by something and come on then off after a few seconds. The calls are sequenced; C:\, A:, zip. It's not a maze from my PC to my cradle. What is Avantgo looking for?

    "Just beam it to me."
  6. #6  
    Originally posted by bjornsen
    Originally posted by california boyhead
    this link is no different than the link created between your PC and the Web... the only difference is that rather than download pages dynamically like on a PC, you dowlnoad precached pages. You dont worry that yahoo.com is going to get your solitaire hight scores do you?
    Well, when I connect to Yahoo (or most other web addresses) the connection doesn't start banging around in my various drives. When I hotsync to Avantgo, my A: drive, hard drive (obviously) AND zip drive all get calls by something and come on then off after a few seconds. The calls are sequenced; C:\, A:, zip. It's not a maze from my PC to my cradle. What is Avantgo looking for?
    Upgrade to a newer version of avntgo. This should solve your problem.

    Felipe
    On the road to 5,000 posts
    Life is what happens between Firmware releases.
  7. #7  
    Originally posted by Felipe
    Upgrade to a newer version of avntgo. This should solve your problem.
    I have been using v3.3 for some time now and (seeing nothing more recent on the Avantgo page) must conclude that the version is not the issue.

    "Just beam it to me."
  8. #8  
    Originally posted by bjornsen
    When I hotsync to Avantgo, my A: drive, hard drive (obviously) AND zip drive all get calls by something and come on then off after a few seconds. The calls are sequenced; C:\, A:, zip. It's not a maze from my PC to my cradle. What is Avantgo looking for?
    In the prior version of AvantGo, something to do with the security was causing it to look at all local drives (including network drives) before making a connection to the server. I can't recall exactly what it was doing or why. This was supposedly fixed in 3.3 (I used to have the same problem, now it's gone).
    .
    .....
    MarkEagle
    .....<a href="http://discussion.treocentral.com/tcforum/index.php?s=">TreoCentral</a> | <a href="http://discussion.visorcentral.com/vcforum/index.php?s=">VisorCentral</a> Forum Moderator - Forum Guidelines
    .....Sprint PCS Treo 650
    .....God bless America, my home sweet home...
  9. #9  
    Originally posted by bjornsen
    Originally posted by Felipe
    Upgrade to a newer version of avntgo. This should solve your problem.
    I have been using v3.3 for some time now and (seeing nothing more recent on the Avantgo page) must conclude that the version is not the issue.
    Build 403?

    Felipe
    On the road to 5,000 posts
    Life is what happens between Firmware releases.

Posting Permissions