[SecurityRatty] tag: rim

Mobile Malware: What Happens Next?

Tue, 11 Nov 2008 21:00:00 +0000

Four years ago, F-Secure Chief Research Officer Mikko Hypponen was talking about malware infections on mobile phones while few others were paying attention. With the growing use of Internet-enabled phones, particularly Apple's iPhone and RIM's Blackberry, he sees more opportunities than ever for malicious activity. But, surprisingly, he sees a quiet mobile malware landscape at the moment.

Sucking Data off of Cell Phones

Wed, 03 Sep 2008 02:03:31 +0000

Don't give someone your phone unless you trust them:

There is a new electronic capture device that has been developed primarily for law enforcement, surveillance, and intelligence operations that is also available to the public. It is called the Cellular Seizure Investigation Stick, or CSI Stick as a clever acronym. It is manufactured by a company called Paraben, and is a self-contained module about the size of a BIC lighter. It plugs directly into most Motorola and Samsung cell phones to capture all data that they contain. More phones will be added to the list, including many from Nokia, RIM, LG and others, in the next generation, to be released shortly.

Another news article.

RIM Patches Acrobat Distiller Bug In BlackBerry Server

Tue, 22 Jul 2008 13:27:20 +0000

Recently we blogged about a serious vulnerability in the PDF distiller in the BlackBerry Attachment Service. Now RIM has announced resolutions to the problem. BlackBerry Enterprise Server version 4.1 customers can fix it by applying Service Pack 6 (bringing the product to version 4.1.6). There are also interim fixes for users of earlier versions. Follow the links in the advisory to the download pages.

RIM Patches Acrobat Distiller Bug in BlackBerry Server

Tue, 22 Jul 2008 13:27:20 +0000

Recently we blogged about a serious vulnerability in the PDF distiller in the BlackBerry Attachment Service. Now RIM has announced resolutions to the problem. BlackBerry Enterprise Server Version 4.1 customers can fix it by applying Service Pack 6 (bringing the product to Version 4.1.6). There are also interim fixes for users of earlier versions. Follow the links in the advisory to the download pages.

GOING MOBILE: Developing an Effective Corporate Mobile Policy

Tue, 22 Jul 2008 09:00:00 +0000

(Source: RIM) Mobilizing your business is a journey, and it starts with planning and ensuring that you have the right infrastructure and management tools in place to support your needs for today, and tomorrow. Download this paper now.

GOING MOBILE: Developing an Application Mobilization Plan for your Business

Tue, 22 Jul 2008 09:00:00 +0000

(Source: RIM) Mobilizing your business is a journey, and it starts with planning and ensuring that you have the right infrastructure in place to support your needs for today, and tomorrow. Download this paper now.

RIM fixes critical BlackBerry Enterprise Server bug

Fri, 18 Jul 2008 09:00:00 +0000

Research In Motion patched a critical bug in its BlackBerry Enterprise Server to stymie hackers trying to break into company networks by tricking users of the smart phone into opening rigged PDFs.

RIM warns BlackBerry admins of critical unpatched PDF bug

Thu, 17 Jul 2008 09:00:00 +0000

RIM has warned users and corporate administrators of a critical vulnerability in a component of its BlackBerry Enterprise Server that could be used to hack their company's computers.

RIM warns BlackBerry admins of critical unpatched PDF bug

Wed, 16 Jul 2008 20:00:00 +0000

Research in Motion has warned users and corporate administrators of a critical vulnerability in a component of its BlackBerry Enterprise Server that could be used to hack their company's computers.

BlackBerry PDF Distiller Vulnerability

Tue, 15 Jul 2008 17:36:34 +0000

An unpatched vulnerability in the PDF distiller in the BlackBerry Attachment Service has been revealed by Research In Motion. Thanks to the Internet Storm Center for alerting us to the problem. The distiller is a program that reads PDF files and re-renders them in a format that the BlackBerry can display. The BlackBerry Attachment Service runs on the BlackBerry Enterprise Server. The advisory is somewhat unclear as to whether the BlackBerry device is itself vulnerable; more likely it is the server on which the BlackBerry Attachment Service runs that can be compromised by a malicious PDF file. This service has been compromised in the past by malicious files, as its job is to parse a wide variety of file formats, a task that is difficult to protect against attacks, especially heap overflows. The advisory and some BlackBerry lockdown guides, such as this one from the Australian Department of Defense (PDF), recommend that the Attachment Service be run on a separate computer on an isolated network segment in order to minimize the damage that any compromise can do. The advisory also includes other workarounds you can perform, such as disabling the distiller's support for PDF files. RIM has no time frame for a resolution of the problem.