TIP: BlackBerry PIN Security - Specifically here on CrackBerry!

[danoh]

There was a thread a few days ago that really struck me in a personal way. No, I wasn't affected by it as far as my BlackBerry was concerned, but I was affected by it because of what I do for a living.

Please, if you are concerned about receiving communication from spammers or scammers on your BlackBerry via PIN messaging or BlackBerry Messenger, read the following paper I wrote on the subject.

If I can save just one member of CrackBerry from getting unsolicited spam via their PIN, then I have served my purpose with this paper.

If a moderator feels like moving this into the BlackBerry Tips, How To & FAQ Section, please do! Or if this is too controversial, please delete it. I'm just trying to help.

Thank you.

CrackBerry.com Forums: User PIN Security

[Rapid Dr3am]

OMG he uses wget and regex to recurse through a site to get public information! He is so 1337!

I ph34r j00 so much, teach me how to hax0rz n00bs plz!

Oh wait, if you SPAM someone over PIN then you are easily traceable, and RIM would no doubt disable your PIN after complaints leaving you with a useless device.

Would you not be better using the same idea to harvest emails like regular spammers and using free systems to spam us all?

Oh and it's not like BBM even works most of the time.

[danoh]

Quote:

Originally Posted by Rapid Dr3am

OMG he uses wget and regex to recurse through a site to get public information! He is so 1337!

I ph34r j00 so much, teach me how to hax0rz n00bs plz!

Oh wait, if you SPAM someone over PIN then you are easily traceable, and RIM would no doubt disable your PIN after complaints leaving you with a useless device.

Would you not be better using the same idea to harvest emails like regular spammers and using free systems to spam us all?

Oh and it's not like BBM even works most of the time.

Thank you for reiterating how easy this is to accomplish, which was the main point of the paper.

[Tõnis]

Thanks for the article. It's very informative. I have a landline at home, and I just contacted my carrier and told it that if the telemarketing calls didn't stop immediately (particularly the ones from the auto dialers) I would be canceling my service and getting another cell. I authorized the removal of one service which I didn't use and the addition of one other (so the cost of the new service would be a wash). I told the customer service rep that I would try out her suggestion, but, if the situation didn't drastically improve in short order I would be gone anyway. So far, miraculously, the telemarketing calls have stopped, lol. So, I do think your suggestion of contacting RIM and someone else's suggestion of complaining to one's carrier (found in another topic) has merit and can be effective.

As far as the PINs go here on the site, I wonder if perhaps the forum administration could set it up so that the PINs are only visible to members, and only when a member has reached a predetermined number of posts, like 10 or 20. Perhaps this would make it more difficult for the automatic (script type) harvesters to obtain the data. It would be almost like when one has to enter a captcha code to join a site. Of course, this wouldn't prevent a spammer from pretending to be a good member by making the required number of meaningful posts and then running his script, but maybe it would add an extra layer to frustrate him so he doesn't bother.

Posted from my CrackBerry at wapforums.crackberry.com

[Radius]

When I had a land line I had a package called "call reveal" which meant the person was stopped before dialing through to my number if they hid any of their personal details.

It would prompt the user to dial 1 to reveal their info or hang up. Loved that service, almost no telemarketers after that.

Posted from my CrackBerry at wapforums.crackberry.com

[Tõnis]

Yes, Radius, that is what I added. Verizon calls it "call intercept," and it's about $6/month. So far, so good.

Posted from my CrackBerry at wapforums.crackberry.com

[todbanner]

Quote:

Originally Posted by Tõnis

As far as the PINs go here on the site, I wonder if perhaps the forum administration could set it up so that the PINs are only visible to members, and only when a member has reached a predetermined number of posts, like 10 or 20. Perhaps this would make it more difficult for the automatic (script type) harvesters to obtain the data. It would be almost like when one has to enter a captcha code to join a site. Of course, this wouldn't prevent a spammer from pretending to be a good member by making the required number of meaningful posts and then running his script, but maybe it would add an extra layer to frustrate him so he doesn't bother.

Posted from my CrackBerry at wapforums.crackberry.com

This idea makes sense to me! We don't really want to have to give up our Pin exchange because of malicious spammers do we?

Posted from my CrackBerry at wapforums.crackberry.com

[Coruptyed]

Thanks for the post I haven't been spammed yet but should help others out

Posted from my CrackBerry at wapforums.crackberry.com

[avacomputers]

Good Paper. Well Written. Thanks for sharing with us.

[Jancy10]

Thanks for the tip!...glad someone is trying to help...

[Radius]

I can't believe you actually got all the PIN's. Perhaps if you posted the complete PINs in one place so we could all see them very easily?

[Radius]

Quote:

Originally Posted by Jancy10

Thanks for the tip!...glad someone is trying to help...

Good tip, and you may want to give it a try yourself. I can see your PIN still.

[cliffr39]

Yay, I made the list haha

radius, he posted the full list on that site in first post.

[TheScionicMan]

So you're saying if I post something on the internet in a public forum, that information might be seen and/or harvested by others?

[iEattehberry]

Quote:

Originally Posted by danoh

There was a thread a few days ago that really struck me in a personal way. No, I wasn't affected by it as far as my BlackBerry was concerned, but I was affected by it because of what I do for a living.

Please, if you are concerned about receiving communication from spammers or scammers on your BlackBerry via PIN messaging or BlackBerry Messenger, read the following paper I wrote on the subject.

If I can save just one member of CrackBerry from getting unsolicited spam via their PIN, then I have served my purpose with this paper.

If a moderator feels like moving this into the BlackBerry Tips, How To & FAQ Section, please do! Or if this is too controversial, please delete it. I'm just trying to help.

Thank you.

Wow great post, thank you for sharing! Also, probably a dumb question, is there a way to "block" a pin using bbm like on aim or yahoo messenger? I know you mentioned the firewall, but that blocks everyone correct? I was wondering if it is possible to block a single user? Thanks!