Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

BlackBerry Server Can Be Hacked With Image File

timothy posted more than 2 years ago | from the image-of-the-emir-perhaps dept.

Blackberry 51

Trailrunner7 writes "There are remotely and easily exploitable vulnerabilities in the BlackBerry Enterprise Server that could allow an attacker to gain access to the server by simply sending a malicious image file to a user's BlackBerry device. The vulnerabilities are in several version of BES for Exchange, Lotus Domino and Novell GroupWise, and Research in Motion said that an attacker who is able to exploit one of the bugs might also be able to move from the compromised BES server to other parts of the network."

cancel ×

51 comments

Ignore This Because It Is True And Not PC (-1)

Anonymous Coward | more than 2 years ago | (#37080996)

Many people would have you believe that there is nothing whatsoever the Black people can do about racism, that it is something the White people are going to do no matter what, that it is not something the Black people have any control over. They would tell the Black man that he is powerless in this case, a helpless victim who can do nothing to help his plight. It is especially disturbing when this message comes from those who are otherwise a friend of the Black man. Like Liberalism, it is a childish conception of the world that, while well-meaning, renders its believers powerless over their own life experience due to its own short-sightedness.

So what can Black people do to effectively end racism? First, they can stop assuming that White people are inherently racist. To assume that a person is full of hatred or judgment towards others merely because of his or her light skin color is to engage in the very racism they claim to be against. Racism of that sort won't end racism, no more than gasoline will put out a fire. So we can abandon this failed idea and look to the things White people see that make them think less of the Black man. These are some steps that Black people can unite and take together if they really want to end racism:
  • Stop committing a disproportionate number of violent crimes. When White people go to other countries that also have diverse populations, and notice that the violent crimes committed by Black people is higher than any other single racial/ethnic group when adjusted for their percentage of the population, what are they supposed to think? If you don't want to be regarded as a savage people who were brought out of the tribal jungle too soon and haven't yet learned to cope with the whole civilized society thing, please stop acting the part.
  • Stop having a disproportionate number of bastard children. This one can't be emphasized enough as it is surely related to all the other points. Black men, if you don't even care about your own children enough to let them know who you are, if you think so little of them, how is the White man going to argue with you? Parenting is easily the most important responsibility any adult is likely to ever have, and you abandon it willingly. What are White people supposed to think when you do this far more than any other single racial/ethnic group? Do you think it makes you respectable? When even their own fathers shunned them, oes it surprise anyone that such bastard children are far more likely to be incarcerated, far less likely to go to college?
  • Stop glorifying the "thug" image. When you act like your highest and most noble goal in life is to be a career criminal, and talk happily about abusing women, abusing drugs, stealing, murdering, etc., it doesn't make White people think you're a good human being. It doesn't make White people respect you. It makes them think you're a menace, and when the media helps you spread this message and it influences impressionable White youth, it makes them think you're a contagious menace, like any other disease or infestation. Anyone who wants to hate you for your skin color will feel justified by all of this.
  • Stop blaming all of your problems on racism. Many groups, from the Native Americans to the Irish Catholics to the Chinese to the Japanese to the Jews and many, many others have unfortunately suffered some kind of racial or ethnic discrimination. Yet they don't top the charts on violent crime statistics. They don't have tons of bastard children. They don't glorify being a thug. The Asians in particular have had a great deal of success because they highly value education. The Jews have amassed financial empires that are the envy of many Capitalists. They all have something in common. When they fail, they blame their own bad decision-making. When they succeed, they attribute it to their hard work. They take personal responsibility for their situation, and if it sucks, they work to improve it.

    Some White people may hate your guts. They may think you're less than a human being. But no thought in a White person's head forces you to commit violent crimes. No thought in a White person's head forces you to abandon your own children and leave them fatherless. If you won't recognize and deal with your own shortcomings in order to become a stronger people, who is going to do that for you? You may have a scapegoat but it's costing you dearly.
  • Establish one stable, successful, peaceful, prosperous Black nation. Just one will do. This is a quote from Hesketh Prichard. It's pretty bad, but it illustrates what White people are thinking when they see failed Black nation after failed Black nation. If you want to shut them up, prove them wrong:

    "The present condition of Haiti gives the best possible answer to the question, and, considering the experiment has lasted for a century, perhaps also a conclusive one. For a century the answer has been working itself out there in flesh and blood. The Negro has had his chance, a fair field, and no favor. He has had the most beautiful and fertile of the Caribees for his own; he has had the advantage of excellent French laws; he inherited a made country, with Cap Haitien [A once beautiful town on the north coast of Haiti] for its Paris. . . . Here was a wide land sown with prosperity, a land of wood, water, towns and plantations, and in the midst of it the Black man was turned loose to work out his own salvation. What has he made of the chances that were given to him? . . .

    At the end of a hundred years of trial how does the Black man govern himself? What progress has he made? Absolutely none."

If you address all of those things and still continue to experience racism, you will then have a valid case against White people. As things are now, White people are merely being objective when they see these things and wonder what's wrong with you. The only difference is that some will have compassion for you, while others will think negatively of you. Don't like that? Work on yourselves.

Re:Ignore This Because It Is True And Not PC (-1)

Anonymous Coward | more than 2 years ago | (#37081010)

Shut up you CUNDOT FAG!

Re:Ignore This Because It Is True And Not PC (-1, Troll)

Anonymous Coward | more than 2 years ago | (#37081052)

I have a more succinct suggestion. Stop black racism by shipping them all back to Africa.

Re:Ignore This Because It Is True And Not PC (-1)

Anonymous Coward | more than 2 years ago | (#37081098)

I have a more succinct suggestion. Stop black racism by shipping them all back to Africa.

Yes. They really don't seem to like it here. They're always bitching and complaining about how hard they have it. Maybe they will be happier in Africa. AFRICA: land of AIDS, killer bees, niggers, malaria, and loads of other goodies that have spread to the rest of the world to the enjoyment of everyone.

Let's send all the greasy dirty illegal alien spics to Africa too. I like that better than deporting them to Mexico so they can hop the border again. They like to hop borders? Let's see them hop over the Atlantic Ocean. Just be sure to drop them off right in the middle of the Congo as far away from any towns or villages or cities as possible. Si senor! Maybe the local warlords will pay you under the table to do menial labor for them. Failing that, well lions needs to eat too and that's something you can defnitely help them with, once anyway.

Oh and in the Congo you can drive drunk all you want... if you can find a car to drive. I know you illegal spics never drive unless you're 1) drunk and 2) have no insurance. Might have a hard time finding the staple of illegal spic beaners everywhere: the van with a ladder on top. Hey maybe Africa has hospitals with emergency rooms you can use for your primary health care, you never know until you go there you lousy fucking parasites.

Re:Ignore This Because It Is True And Not PC (-1)

Anonymous Coward | more than 2 years ago | (#37086260)

What a waste of time. -Nobody that needs to read this will read it here on /. No one else will publish it on purpose because of their worry about seeming to be racist.

It's A Trade Off (5, Funny)

WrongSizeGlass (838941) | more than 2 years ago | (#37081006)

Sure my client's BES could be hacked with an image file, but the image is of a really hot chick, so it's a fair trade.

Re:It's A Trade Off (1)

Anonymous Coward | more than 2 years ago | (#37081092)

You made me click on the TFA with your comment!

I am sad. There is no hot chick in TFA... :(

Re:It's A Trade Off (2)

girlintraining (1395911) | more than 2 years ago | (#37081560)

Sure my client's BES could be hacked with an image file, but the image is of a really hot chick, so it's a fair trade.

That's pretty sexist. Only about half the population would appreciate that.

Re:It's A Trade Off (0)

Anonymous Coward | more than 2 years ago | (#37081600)

about half? aren't you forgetting about the lesbians and bisexuals? So the OP might be sexist, but you appear to be homophobic!

don't cast stones from glass houses.
la la lala la

Re:It's A Trade Off (1)

Anubis350 (772791) | more than 2 years ago | (#37081750)

To be fair, *if* the GP were assuming that approx. 50% of the pop is male, 50% female, and that there are approximately similar numbers of gays and lesbians (no idea if that's in any way true or not), the comment would make perfect sense without being homophobic...

Re:It's A Trade Off (2)

jmac_the_man (1612215) | more than 2 years ago | (#37081984)

To be even more fair, the question was about "is into chicks." If gays and lesbians occur with the same frequency in the population of men and women, respectively, they would cancel each other out. But if bisexuals ALSO occur with the same frequency regardless of gender, they don't cancel each other out, but instead that number counds twice.

Re:It's A Trade Off (2)

Anubis350 (772791) | more than 2 years ago | (#37082142)

unless there's enough asexuals to cancel them out :-p

Re:It's A Trade Off (0)

Anonymous Coward | more than 2 years ago | (#37082536)

And everyone is forgetting about the pedophiles. They need to be counted too!

Re:It's A Trade Off (1)

Scott Scott (1531645) | more than 2 years ago | (#37083236)

Actually, anyone who's read girlintraining's user page would know she's anything but homophobic.

(Did someone say something about glass houses?)

Re:It's A Trade Off (0)

Anonymous Coward | more than 2 years ago | (#37083068)

I'm a male and I don't think that's a fair trade for a compromised client's BlackBerry server...but if it were a DOS attack sending many images...

Re:It's A Trade Off (0)

Anonymous Coward | more than 2 years ago | (#37090580)

Only about half the population would appreciate that.

A fair bit more than half the population because bisexual people get two votes. Sex is not a democracy.

Re:It's A Trade Off (1)

drinkypoo (153816) | more than 2 years ago | (#37093276)

That's a lot of crap, there are tons of (straight) women who look at the pictures in Playboy because they can appreciate a pretty woman, but virtually no (straight) men who will even open a copy of Playgirl.

FUCKING NIGGERS!! (-1)

Anonymous Coward | more than 2 years ago | (#37081020)

damn NIGGERS always hacking shit up!

It's all about the image (4, Funny)

SilverHatHacker (1381259) | more than 2 years ago | (#37081036)

1. Send goatse image to BB.
2. BB holder frozen in shock.
3. Walk up to frozen holder, appropriate keys/saved passwords/etc.
4. ???
5. Profit!

Re:It's all about the image (-1, Offtopic)

dev534 (2437052) | more than 2 years ago | (#37081278)

Why goatse? There is absolutely no need to use that.

I rather would send this [aeonity.com] image which is both annoying and SFW, and should do the trick.

Re:It's all about the image (1)

Kell Bengal (711123) | more than 2 years ago | (#37081440)

Obvious goatse troll is obvious.

Re:It's all about the image (1, Insightful)

dev534 (2437052) | more than 2 years ago | (#37081502)

not obvious to 70 victims that clicked on that link....

Re:It's all about the image (1)

Pseudonym Authority (1591027) | more than 2 years ago | (#37082570)

I knew it was goatse and still clicked. What kind of effeminate pansy is still shocked by goatse after all these years. For fucks sakes this is the internet. At least link to Last Measure [nimp.org] so that the jews.wma will annoy people. (And it's run by the GNAA, a fine organization with a deep and fulfilling history on slashdot.)

Re:It's all about the image (1)

dev534 (2437052) | more than 2 years ago | (#37090214)

I knew it was goatse and still clicked. What kind of effeminate pansy is still shocked by goatse after all these years. For fucks sakes this is the internet. At least link to Last Measure [nimp.org] so that the jews.wma will annoy people. (And it's run by the GNAA, a fine organization with a deep and fulfilling history on slashdot.)

Well, you have good points here.
For start, sadly, Last measure is blacklisted in both Firefox and Chrome. Do you know a Last measure mirror that works and isn't?
I am very aware of Last measure though.

Then sure, Goatse is supposed not to shock anyone. Well unless your boss doesn't pass by... Dunny, but I get the angriest responses when I troll Goatse. Would love to use something stronger, and tried few times.
The Mac user [themacuser.org] scored not bad, but still Goatse seems to be better.

Here take a look at favorite responses (and mind that most responses are about Goatse):

Funny:
"What an ass. Warning: Unpleasant picture in the link. That's what I get for browsing at 1, I guess."
"I'm just curious what gratification you get from this... do you jerk off to your hit counter?"
"O neat, you quoted me! Now I have to ask, why do you do this? seriously whats the motivation?"
"1999 called they want their overused shock pictures back."
"Parent post is a goatsex picture. Do not follow. You're an asshole of the proportions in that picture."
"Link above is to goatse. Fuck you douchebag."
"Turn on TinyUrl previews. It saves lives."
"Ugh. Goatse. NSFW. Asshole (poster and picture, both)."
"Seriously ... new account to post that ... what a douche!"
"You're a fucking douchbag." - "That is the most accurate comment yet"
"Not gonna click it to find out, but I'd be surprised if parent's link wasn't goatse... It appears you would be correct sir. Why oh why do I always forget..."
"My word, what is wrong with your anus? I'd get that checked out."
"It's because of Assholes like you that I can no longer trust URL shorteners"
"Thanks, I'm reading slashdot in class like a good student and just got tubgirl'd."
"Watching second monitor, there was something wrong with the other screen. Control + w. Phew..."
"Hey family! Come look! They're opening the Google Talk client! Now, click here......" (sees goatse)
"I tried to post warnings about the goaste loving jerk yesterday but was modded into oblivion as a karma whore"
"Posting your picture online again?", "Really? Are you not tired of this yet?"
(Me posts goatse link and tells that it is SFW): "You mean NSFW asshole."
"Can you not afford normal entertainment?" "This is grown up talk, 4chan is that way ->"
"Oops. goatse link" - "The AC speaks truth! (Well I didn't let it finish loading, but the browser was connecting to goatse.ru...)"
"He likes his urinal cakes nice and sudsy, so he tries to piss us off."
"Link is Goatse" - "Thanks. Does nerd soccer attract nerd hooligans?"
"You must be really bored, eh? Take your shit somewhere else. We don't serve your kind around here."

Hate:
"Motherfucker. Some of us are at work and don't want to have a drilled out anus pop up on their fucking screen. Christ."
"BAN HIM!" "Ur a faggot for posting that."
"Death to all assholes - Let's put you first into the guillotine"
"You fucker" - "I had the same thought as you. What a fucking asshole. The link is nsfw."
"I hate your guts.", "WTF you fucking asshole.", "Fucking troll, do not click there"
"I hope you die in a fire before you are old enough to contaminate the gene pool."
"It would be more interesting if I had a piece of pipe and your face, in close proximity so I could smash your face beyond recognition,"
"Bravo teeny bopper. You're a really mature mother fucker (or do you prefer father fucking? Damn you homo erotic shittter)."
"Wait! I think I hear your mommy calling to give your tongue a good soap washing. And maybe she'll execute you too"
"I did not even bother to look, but this same idiot has been doing this for weeks now. Fuck off asshole."
"Asshole. literally. Goatse is so old. Grow up you fool."
"Asshole... Ginormous asshole, in fact." "Ugh. Goatse. You asshole."
"Better than you, you arse bandit." "You're a lowlife faggot piece of shit."
"Ah, a sheep troll. "Baaa! I post disgusting photos! Baaa!"
"I hate you"

"First time testemonies:
"Wow, all these years I managed to avoid seeing the goatse.cx guy, priding myself on my resilience to clicking on random image links from friends and trolls alike, taking comfort in the fact that I could identify a shock JPG based on a few lines of pixels while the holding the clipped window at the edge of my screen, and yet... now it's all for naught."

"After all these years, I finally fell for it. Just off to bleach my eyes.. thanks for that."
"Damnit, mod this guy up before GP gets any one else. My eyes, dear god my eyes, I'd managed not to see that until today!"
"WARNING: Don't click on the parent's link! Damn goatse! The first I experienced, no less.
"Parent is goatse. Dammit, and I've avoided it for a decade."
"ALERT ! goatse ya got me :("
"The fuck is a goatse? it's some dude pulling his arse open."

Testimonies:
"Well done. I haven't been suckered into a goatse link in years."
"Now *that* is how you goatse. Even got me, and I'm an oldfag."
"Long time since I've been rickrolled with goatse!"
"Goatse URL - Haven't seen that guy in a while"
"Damnit! nearly 15 years reading /. and I still fall in a goatse.cx trap !"
"Well played, sir. It's been a while since I've been Goatse'd"
"Congrats. It's been a long time since I saw goatse."
"Looks very open to me... (congrats, 'twas a while ago I was goatsed the last time)"

Strong emotion:
""No ads? Kwel!" click... "WTF!! My eyes!!!! rip.... them.... OFF!!"
"FUCK.YOU.ASS.HOLE."
"i WAS eating lunch you ass!"
"Oh dear god my eyes. Haven't seen THAT awful image in a while."
"My eyes are burning... argh! Damn you!"
"MY EYES... dude i am at work here "S "
"Oh goddammit. I didn't need that right before bed."
"Goatse warning! I'm still recovering."
"Please friends, I beg of you, do not click that link! Do not look at that image, whatever you do! It is a bad image! It is a goatse image."
"Man you made me barf .... disgusting little fellow the GOATSE Guy"
"Ok I did not need to see this. kindly please go die in a fire."

Dumbassess talking:
"Oh wow, retro-trolling. Soon we'll be back to page-widening, Steven King is dead and bell bottoms."
"Hey moron, try using different links."
"You fucking piece of shit!" , "You sorry piece of shit.", "You cunt.", "Fuck you." "Get fucked"
"What a retard..... enough said...." "Nice. Asshole."
"Yup, this is what your life amounted to. Posting goatse on Slashdot and collecting comment trophies."

Frustration:
"Enough of that you sick fuck"
"Can someone make a fucking goatse blocker firefox plugin please? This is pissing me off now."
"I am sick and tired of that crap on /. "
"Don't visit the link above, everyone. -sigh- Especially at work."
"Doh! One has to also recognize data urls. *sigh*"
"Damn! Mod this fucker to hell"
"*sigh* Goatse alert..."

Philosophy:
"When did you people stop being content with a simple rickroll? This is why Slashdot needs a "delete for spam" option."
"Goatse trolls are getting better these days..."
"Why the sudden coordinated campaign for Goatse? Is someone making money off this?"
"You're right, this is the most coordinated troll campaign in a long time. Multiple accounts, multiple pages."
"Urgh...dammit, am I the only one thinking the goatse trolls are getting worse lately than they have been in the past five years?"
"Who found a way to monetize goatse at this late date? If we got half the effort of that campaign on real stuff we'd all have better software by now."
"Boy Goatsex is out in force today... - Every topic is littered with them..."
"You can't actually expect the Slashdot users to actually know enough not to respond to a goatse troll, right ?"
"Can we start banning people who post that hiding it behind a url shortening link like goo.gl?"
"How many times are you going to spam this link? Like we don't know where that goes......"
"The GP's post is just to get you to click a link with the Goatse man's picture on it."
"One of these days, this asshole gonna have a hard drive crash and lose his precious list, consigning his life's work to oblivion. He'll probably kill himself."

Admiration:
"Cool goatse link bro"
"Giggles. That made my day. Thank you."
"You are one dedicated troll."
"Well played, sir. Well played."
"A link that redirects to a page containing goatse? How clever of you!"
"Thank you for that informational link"
"Interesting use of Data URLs for Goatse linking."
"Nice Goatse dude"
"Good one, Sir."
"Nice link to have!"

Funny warnings:
"DO NOT CLICK - goatse" - "Too late :/ "
"Why the fuck would you post something like that? Warning to all: scatology in its worst form. Do not look."
"Would advise against clicking the link in the troll post above. Especially if you're at work atm."
"Link Warning!!! Not for those at work or of a nervous disposition, or even those bored with the stupid Goatse image."
"You really don't want to click the fundamental link, you'll be scarred for life."
"Above Link NSFW... The picture was just wrong... wrong..."
"WARNING! Above link is not something anyone wants to see!"
"Parent should be modded down. Link is NSFW and mentally scarring."
"High likelyhood of being a Goatse link. Proceed with caution"
"Didn't click it, but the magic 8-ball says goatse."
"Danger, goatse" "Don't click the link! Goatse wannabe."
"Someone please mod this guy down... Don't click his link."
"I dunno if this is supposed to be goatse or what, but clicker beware on parent."
"Don't click link, Its a trap" - "Get an ax!"

Misc:
"MODS please ban this guy"
"What the hell is up with this guy? can somebody gag him or something please"
"Just post the damn url, i'm not going to click on a tinyurl link and get goatse'd or something.."
"That's somewhat clever, but some of us do know what base-64 encoding is."
"Could not someone at slashdot write a small script to blacklist url's that have been flagged troll? I'll do it if you pay me a slave wage..."
"Mod to -1, please. this guy is an 'asshole'.... (yes, you guessed it)"
"That link is goatse-esque. Yuck."

Re:It's all about the image (1)

Pseudonym Authority (1591027) | more than 2 years ago | (#37091298)

Well, one particularly nasty person posted some CP of a kid being raped a while back, during a discussion on Tor vulnerabilities (I think). /. is total garbage when it comes to search, so I can't point you to it until CmdrTaco gets off his ass to fix it. If you are really serious about the road you are taking, you could always try that. May be hard to avoid prison with though. Not to mention that it kinda crosses the lines from asshole to monster pretty quick. Might want to leave that to the /b/tards.

Good luck in your adventures of false advertisements, what ever you decide!

Re:It's all about the image (1)

Taty'sEyes (2373326) | more than 2 years ago | (#37082580)

I'm a little disturbed by your opinion of SFW. What type of work do you do exactly?

Re:It's all about the image (1)

hairyfeet (841228) | more than 2 years ago | (#37084494)

PC repair maybe? I know my old boss would never warn me before giving me the PC of "latino guy" or "buttgirl" to fix. Thanks a lot Doug, asshole. Latino guy would always end up with porn bugs for gay sites, usually some Latino oiled up nasty shit, and buttgirl? /Shivers at the horror/ Old buttgirl had a BF that had to weigh a good 350 and was hairy as a damned wookie and she would take all these thong pics of his big old hairy ass and make them her wallpapers, the icons for folders, her screensavers...fuck that was rough. the shit we PC guys get to see sometimes, like the gal that had dildos that i swear needed their own fricking gun rack...eek!

As for TFA...people still use Blackberry? I thought everyone had switched to iPhone and Android by now. If MSFT has any brains left at that outfit they'll make sure to have excellent AD and GPU support in their Nokia WinPhones and will drive the final nail in the coffin that is RIM. Frankly TFA doesn't surprise me as that company has just gone from one mistake after another lately and having a serious security hole just seems like the icing on the cake.

Once upon a time everywhere I went it was crackberries, but now all I ever see is iPhones and the HTC Androids. If a security hole appears but nobody is there to exploit it, does it still count?

Re:It's all about the image (0)

Anonymous Coward | more than 2 years ago | (#37088230)

And in the Tottenham riots in London the rioters used Blackberry's Message service because the police could not monitor it but thankfully they looted iPhones rather than gym equipment or golf clubs so the police will be able to monitor next time they, um, get upset about being poor and disenfranchised. Or something else worth rioting over.

If it was iOS Server... (0)

Anonymous Coward | more than 2 years ago | (#37081062)

... you would have to use an image of an effeminate, scarf wearing Mac user to hack it

Haven't you heard? (0)

Anonymous Coward | more than 2 years ago | (#37081180)

Haven't you heard? Servers aren't trendy. Servers aren't hip. You can't take a server to your local Starbucks and doodle on it while you sip your latte macchiato. A server in a social setting like that would be un-cool.

But NIST certified it! (0)

Anonymous Coward | more than 2 years ago | (#37081076)

So it must be secure. Really!

Re:But NIST certified it! (1)

belg4mit (152620) | more than 2 years ago | (#37081170)

No, they certified the (stupidly named) PlayBook tablet.

SNOW CRASH!!! (0)

Anonymous Coward | more than 2 years ago | (#37081248)

...Snow crash.....

A Malicious Image File eh? (1)

Anubis350 (772791) | more than 2 years ago | (#37081256)

I always knew we needed an emoticon for "pwned!"

Do they think I'm stupid? (4, Funny)

MacGyver2210 (1053110) | more than 2 years ago | (#37081480)

So you want me to click a link to an article about hacking via image files...?

*opens lynx*

Re:Do they think I'm stupid? (0)

Anonymous Coward | more than 2 years ago | (#37081774)

Unless your browsing the internet on your BES Server I think you'll be fine.

This article is illegal! (2)

xmorg (718633) | more than 2 years ago | (#37081540)

This article violates teh DMCA and has been sent to the DHS for immediate action against the terrorists who wrote it.
All those involved will be hand molested by the TSA before being sent to Guantanamo bay.

Sad. (1)

m1ndcrash (2158084) | more than 2 years ago | (#37081550)

BlackBerry's selling point is high-end security. Unfortunately, we learn again that anything can be broken and/or hacked. Moreover, the fact that exploit doesn't require any user action and launches arbitrary code is simply scary; since most of the mobile malware need to be downloaded and installed manually.

Sad is how negative this was written! (1)

Anonymous Coward | more than 2 years ago | (#37081596)

RIM announced the problem, WITH the solution, it wasn't. Announced by a 3rd party, so RIM remains dedicated to security.

The problem is on servers, not on devices, maintaining device security. One would need intimate knowledge of the BES set up to actually extract information from the server.

Their communication between device and server has yet to be hacked

Re:Sad is how negative this was written! (1)

Alex Zepeda (10955) | more than 2 years ago | (#37082778)

I think you forgot the quotes around "security". As long as they're decrypting stuff voluntarily for various governments, there's nothing secure about it.

Re:Sad is how negative this was written! (0)

Anonymous Coward | more than 2 years ago | (#37083346)

They can't decrypt BES data (which is what this article is about), as the BES keys are generated by the BES server administrator which are not known to RIM.

How about you get your facts straight before you start spreading FUD?

The servers control the devices. (1)

apparently (756613) | more than 2 years ago | (#37083528)

While this may be true:

Their communication between device and server has yet to be hacked

This isn't:

One would need intimate knowledge of the BES set up to actually extract information from the server.

Their communication between device and server has yet to be hacked

From the KB warning:

"Vulnerabilities exist in how the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent process PNG and TIFF images for rendering on the BlackBerry smartphone. Successful exploitation of any of these vulnerabilities might allow an attacker to gain access to and execute code on the BlackBerry Enterprise Server. Depending on the privileges available to the configured BlackBerry Enterprise Server service account."

Access to the besadmin account gives an attacker all sorts of access to the server. That account has sendas permissions on all users mailboxes, can make configuration changes to the BES configuration, including changing device settings, and pushing applications to the devices.

It really wouldn't be all that hard to completely compromise an organization's Blackberry configuration -- server and device -- and there's a good chance that you'd be able to escalate privileges onto other servers within the network.

Re:The servers control the devices. (1)

kevinmenzel (1403457) | more than 2 years ago | (#37084312)

But what is true is that the Slashdot editors or the submitter has decided that instead of even mentioning the patch, they would just focus on the exploit.

Strange of course, as the source material for this post is titled "Severe Remote Flaw Fixed in BlackBerry Enterprise Server", and the source for THAT article does indeed include the patch itself.

Re:The servers control the devices. (1)

lennier (44736) | more than 2 years ago | (#37102570)

But what is true is that the Slashdot editors or the submitter has decided that instead of even mentioning the patch, they would just focus on the exploit.

But of course the patch has automagically applied itself to every BES server in the world, instantly, leaving no window of vulnerability while sysadmins scramble to apply it.

I mean, that's what patches do, right?

TNG (1)

Kebis (1396783) | more than 2 years ago | (#37082672)

Isn't this exploit pretty much what Captain Picard wanted to do to the Borg in the episode with Hue?

Another reason (0)

Anonymous Coward | more than 2 years ago | (#37083598)

not to use a Riotberry

This hasn't been a problem for a while (1)

narcc (412956) | more than 2 years ago | (#37089570)

RIM shipped a patch for these vulnerabilities almost a week ago. The headline should read "Blackberry Server Can't Be Hacked With Image File"

That's right, this was discovered and fixed long before it could become a problem. That's what I expect from RIM's best-in-class security.

Re:This hasn't been a problem for a while (0)

Anonymous Coward | more than 2 years ago | (#37101410)

Super duper double ungood! You are interpreting the facts wrong! SJ, Infinite Loop, RDF.

Fix (0)

Anonymous Coward | more than 2 years ago | (#37106928)

Hi @Trailrunner7,

Alex from RIM here. I just wanted to jump in here to let you know that a fix was issued to this and you can find it here: http://bbry.lv/rkbQJk.

Cheers,
Alex, RIM Social Media Team

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...