-
Have you ever been surfing to a website on your BlackBerry using the default browser and a certificate error pops up? Well if this happens be sure to pay close attention before clicking continue.
Valid Certificate (Name and Domain match)
According to a Research in Motion (RIM) security warning [Click Here] on some BlackBerry Operating Systems (OS) the system allows web sites to pass domain names with null characters in them. This gives the illusion that the domain and certificate are valid when in fact they are not.
Fake Certificate (Name and Domain do not match)
RIM recommends that all users running handheld OS 4.5 or higher, check to be sure they are running the latest OS version for their handheld.
Major Carrier BlackBerry Download Pages
* Altel: Alltel Downloads
* AT&T: https://www.blackberry.com/Downloads/entry.do
* Sprint: https://www.blackberry.com/Downloads/entry.do
* T-Mobile: T-Mobile BlackBerry Downlods
* Verizon: BlackBerry® Software Updates
* Official Research in Motion Downloads Page: BlackBerry - Update your Device Software
Current Software Version
* BlackBerry Device Software v4.5.0.x NEED v4.5.0.173 or later
* BlackBerry Device Software v4.6.0.x NEED v4.6.0.303 or later
* BlackBerry Device Software v4.6.1.x NEED v4.6.1.309 or later
* BlackBerry Device Software v4.7.0.x NEED v4.7.0.179 or later
* BlackBerry Device Software v4.7.1.x NEED v4.7.1.57 or later
Unfortunately after doing a quick check of AT&T and Verizon’s BlackBerry download pages, the recommended OS versions were not readily available.
In the mean time, if you are unable to upgrade to the recommended OS level then I highly recommend you do not accept certificates from any site you do not fully trust.
[source: BlackBerry Security]
MobiMadness Article: Security Warning: BlackBerry Browser Allows Phishing Attacks | MobiMadnessLast edited by Daniel.Black; 09-29-09 at 04:29 PM.
09-29-09 01:48 PM
