Well, Well, Well,,,,,Lookie here
- Accidental PostSlayer of MisinformationNew Security Flaws Found in BlackBerry 6 OS, IM Apps | PCWorld Business Center
New Security Flaws Found in BlackBerry 6 OS, IM Apps
By Al Sacco , CIO
It's been more than two months since Research In Motion (RIM) reported a BlackBerry smartphone or BlackBerry Enterprise Server (BES) security flaw, but the Canadian company has announced a handful of recently discovered vulnerabilities in its BlackBerry 6 handheld OS and BES for IBM Lotus Notes and Microsoft Exchange. BlackBerry Torch 9800 with Padlock (Image Credit: Brian Sacco)
First, RIM reports that three newly discovered vulnerabilities in the BlackBerry 6 Webkit browser could allow a hacker to access and/or modify data stored within a BlackBerry 6 smartphone's internal storage, as well as on its external media card.
From RIM:
"Successful exploitation of the vulnerabilities requires the BlackBerry smartphone user to browse to a website that the attacker has maliciously designed. A successful attack could result in remote code execution (RCE) on a smartphone running BlackBerry 6. An attacker exploiting these vulnerabilities could read or write to the built-in media storage section of a BlackBerry smartphone or to the media card but could not access user data that the email, calendar, and contact applications store in the application storage (the internal file system that stores application data and user data) of the BlackBerry smartphone."
The flaws affect a number of BlackBerry smartphones running the BlackBerry 6 OS, including the Bold 9650, Bold 9700, Bold 9780, Curve 9300, Pearl 9100, Style 9670, and Torch 9800 handhelds.
RIM recommends updating your BlackBerry 6 smartphone's OS to v6.0.0.522 for the Bold 9650, Curve 9330 smartphone, and Style 9670 smartphones; and to v6.0.0.566 for the remaining affected devices. However, some wireless carriers have not yet released these software builds, so RIM recommends contacting your carrier and requesting the appropriate software if it's not yet available to you. (Find more details on RIM's security advisory page.)
Secondly, RIM reports a new BES flaw that could affect organizations that employ Microsoft's Office Communications Server (OCS) 2007 R2 and/or the Microsoft Lync Server 2010 BlackBerry IM Client with certain versions of RIM's BES for Lotus Notes and BES for Microsoft Exchange.
From RIM:
"A vulnerability exists in the BlackBerry Collaboration Service component of the affected versions of the BlackBerry Enterprise Server. Successful exploitation of this vulnerability would allow a potentially malicious BlackBerry device user within an organization to log into the BlackBerry Collaboration Service as another BlackBerry Collaboration Service user within the organization. This would allow the potentially malicious user to send messages as the legitimate user and receive messages sent to the legitimate user, as well as prevent the legitimate user from accessing the BlackBerry Collaboration Service. This would also allow the potentially malicious user to access the legitimate user's enterprise instant messaging contact list."
To address the issue, RIM released new security updates for BES in the form of a BES 5.0.3 maintenance release 4 (MR4) software update. Both BES updates can be downloaded from RIM's server downloads page. (Find more specifics on this new BES flaw on RIM's security advisory page.)
AS
K Bear likes this.10-24-11 02:19 PMLike 1 - Wow. This is actually kind of cool. RIM actually was the one to find a potential security vulnerability and tell people how to patch it before it was discovered. Thanks for staying on the job RIM.
by the way, I'd rather have RIM continuously working on security for us than finding out we have been breached with an iphone.
Exploiting the iPhone
How To Hijack 'Every iPhone In The World' - Forbes.com
iPhone Security Issues Reported: Germany's Security Experts Warn Of Apple iOS Malware Vulnerability
http://www.huffingtonpost.com/2011/0..._n_892203.html
You must have looked pretty hard since you are a troll that repeatedly tries to get BlackBerry users to switch to iPhone and even conduct clinics on how to pretend a virtual keyboard is as natural to real one so thanks for confirming the BlackBerry is the most secure phone out there. The vulnerability was discovered and patched by RIM.
It took me two seconds to find 50 articles on iPhone vulnerability and not one they warned their users with but external groups exposing them. Like the antenna gate issue all over again.
Thanks for confirming the BlackBerry is the most secure phone out there. I'm glad RIM is on the job.
Go RIM!Last edited by guerllamo7; 10-24-11 at 02:38 PM.
10-24-11 02:35 PMLike 26 - Thread should be moved. Kind of cool rim disclosed the vulnerability and the patch.ridesno159 likes this.10-24-11 03:53 PMLike 1
- Michelle HaagI work here.While this was originally posted to incite a war, I have moved it to the correct forum and cleaned it of the arguing.
Keep it on topic, or it gets deleted. Easy as that.
Also, stop calling each other trolls. Engage in conversation, or don't say anything. No need to hide behind that word every other post. Ignore, move on, whatever.10-24-11 08:11 PMLike 2 - Sigh. I'm not sure why the article’s author categorized the WebKit browser exploits as "newly discovered," but it is clear he did not explore BlackBerry’s security advisory in depth (check the reference section). All three of the WebKit vulnerabilities he mentioned were exposed in March 2011. One of them was the exploit used during Pwn2Own. RIM did a good job at getting a fix out to the carriers for testing and approval within 2 weeks of their discovery however.10-24-11 09:08 PMLike 0
-
-
"WebKit was originally derived by Apple Inc. from the Konqueror browser's KHTML software library for use as the engine of Safari web browser..."10-24-11 09:56 PMLike 0 - The code that would become WebKit began in 1998 as the KDE project's HTML layout engine KHTML and KDE's JavaScript engine (KJS). The WebKit project was started within Apple by Don Melton on 25 June 2001[5] as a fork of KHTML and KJS. Melton explained in an e-mail to KDE developers[6] that KHTML and KJS allowed easier development than other available technologies by virtue of being small (fewer than 140,000 lines of code), cleanly designed and standards-compliant10-24-11 11:40 PMLike 0
- I love it when attempts to show off a RIM vulnerability crashes and burns. Particularly when in such a spectacular manner.
And no....when it comes to security, BBerries are not on a par with any other platform. They're way ahead, at this time.Jake Storm likes this.10-25-11 02:00 AMLike 1 - Superfly_FRRetired ModeratorNew Security Flaws Found in BlackBerry 6 OS, IM Apps | PCWorld Business Center
New Security Flaws Found in BlackBerry 6 OS, IM Apps
By Al Sacco , CIO
First, RIM reports that three newly discovered vulnerabilities in the BlackBerry 6 Webkit browser could allow a hacker to access and/or modify data stored within a BlackBerry 6 smartphone's internal storage, as well as on its external media card.
From RIM:
[...] An attacker exploiting these vulnerabilities could read or write to the built-in media storage section of a BlackBerry smartphone or to the media card but could not access user data that the email, calendar, and contact applications store in the application storage (the internal file system that stores application data and user data) of the BlackBerry smartphone."
1. Dammed Webkit based web browsers ... what would Safari/Chrome or any other webkit based browser do ?
2. Contrarily to what is unfairly suggested, BES and Internal storage (i.e the secured storage) are not impacted. But yes, accidentalpost, the pictures of you using a BB device stored on a media card may be unveilled !
3. It shows that RIM is attentive and responsive to threats (even low level ones) and reacts with appropriate methods, no more.Last edited by Superfly_FR; 10-25-11 at 02:21 AM.
10-25-11 02:18 AMLike 0 -
to able to tap a sticker to make my phone READY for the car, for sleep, for office, for restaurant, for meetings, to launch any app i have on my device is pretty useful!
you can't even tell Siri to turn on wifi, or bluetooth, or tell it to change settings...
Even John at Technobuffalo said that he found Siri to be pretty much useless after a week of use.. now he forgets it's there!
so don't generalize cause i'm sure that out of the 3 million members on CB a good hand full of them can tell you why they choose the BB over the iphone... (and i am sure it's not just Security and Keyboard)10-25-11 11:37 AMLike 0 - I was one of the many who jumped ship .. Storm2 to the iPhone 4s.. while i do love the new phone. There are plenty of things that the BB still does better. (and that i miss!!)
Notifications (sounds - more choices and settings), status light.. apps that let you set volume and vib for each type of notification
Status bar (why doesnt the iPhone show even stiff like missed call and email??? drives me nuts that i have to swipe down to check)
Themes.... sigh.... no themes on the iphone
email is better (always)
I cant multi delete emails easily!!! i have to hit edit then tap each email to mark it... i cant just use 2 fingers. lame!
I cant believe the apple still doesnt have a weather app that shows the weather on the icon??
Cant set it to turn off/on automatically
...i miss the menu button! lol
anyways.. plenty of stuff is better but i dont want this post to be "my iphone is better than your bb"
but i will say, for siri - it was fun to try asking silly questions. now I just use it while driving. Easy to tell it to text the wife, and set a reminder, or play music. Otherwise, they need add much more functionality to make it "super awesome"knowledge_6 likes this.10-25-11 11:51 AMLike 1 - Siri is soooo much fun!!! One member of my development team has a white iP4S, and I WANT that thing. Been playing with Siri. FUN! Just wish there were a male voice. With a perfect RP accent. *sigh*10-25-11 07:50 PMLike 0
- Forum
- Popular at CrackBerry
- General BlackBerry News, Discussion & Rumors
Well, Well, Well,,,,,Lookie here
LINK TO POST COPIED TO CLIPBOARD