BlackBerry Browser Certificate Vulnerability Brought To Light
Page 1 of 2 12 LastLast
Results 1 to 20 of 35

Thread: BlackBerry Browser Certificate Vulnerability Brought To Light

  1. #1
    sunkast Guest

    BlackBerry Browser Certificate Vulnerability Brought To Light


    A new knowledge base article on the BlackBerry web site acknowledges a security vulnerability affecting all current official operating systems. Those being OS's 4.5 through 4.7. Everyone should be aware of this issue.

    According to RIM, it is possible to trick a user into thinking they are on a trusted, and secure web site using a null character in the domain certificate when clicking on a link from an email or SMS message. What may appear to be a simple mismatch domain error is an bug that could exploit anyone who is unaware of the vulnerability.

    From RIM's article:

    "This advisory relates to a BlackBerry Browser dialog box that provides information about web site domain names and their associated certificates. The BlackBerry Browser dialog box informs the BlackBerry device user when there is a mismatch between the site domain name and the domain name indicated in the associated certificate, but does not properly illustrate that the mismatch is due to the presence of some hidden characters (for example, null characters) in the site domain name."


    To correct this issue RIM recommends that you upgrade your OS to the latest version. However, and this is a little alarming, it is up the carrier to release the updated OS, which none have done yet. The table below shows which versions are affected and which version you need to upgrade to in order to patch the vulnerability.


    [CIO]
    Last edited by sunkast; 09-29-2009 at 03:56 PM.




  2. #2
    TemperamentalMan's Avatar
    TemperamentalMan is offline BlackBerryOS Addict Follow TemperamentalMan On Twitter
    Join Date
    Aug 2009
    Location
    Raleigh, NC
    PIN
    's and nee
    Device
    9550
    OS
    5.0.0.607
    Posts
    937
    Liked
    6 times
    Any information on a leak/download site for any of these OS's Sunkast? 4.7.1 here, and I'm sure some Pearl/Pearl Flip/Curve owners would love to find out.

  3. #3
    RANDYRKELLY's Avatar
    RANDYRKELLY is offline BlackBerryOS Fanatic Follow RANDYRKELLY On Twitter
    Join Date
    Mar 2009
    Location
    Oak Cliff, Texas, Un
    PIN
    Not Requir
    Device
    Incredible
    OS
    Android
    Posts
    1,339
    Liked
    2 times
    4.7.179 intresting . great find :hail:

  4. #4
    TemperamentalMan's Avatar
    TemperamentalMan is offline BlackBerryOS Addict Follow TemperamentalMan On Twitter
    Join Date
    Aug 2009
    Location
    Raleigh, NC
    PIN
    's and nee
    Device
    9550
    OS
    5.0.0.607
    Posts
    937
    Liked
    6 times
    It seems as though the releases are "sneaking" out. Several search results in Google for Sprint releasing the OS update.

    Sprint 4.7.1.57

  5. #5
    sunkast Guest
    Sprint may be releasing .57 soon.

  6. #6
    olta777 is offline BlackBerryOS Wizard
    Join Date
    Apr 2009
    Device
    VZW Droid
    OS
    Custom ROM
    Posts
    4,702
    Liked
    3 times
    Good thing 5.0 is not on the list

  7. #7
    TemperamentalMan's Avatar
    TemperamentalMan is offline BlackBerryOS Addict Follow TemperamentalMan On Twitter
    Join Date
    Aug 2009
    Location
    Raleigh, NC
    PIN
    's and nee
    Device
    9550
    OS
    5.0.0.607
    Posts
    937
    Liked
    6 times
    Yeah I found a boatload of posts ABOUT it...not sure if it is being pushed to everyone yet. I tried to complete a wireless update via VZW but I get an error. QuickPull and re-checking but I doubt it. I'm running the .53 release that was found the other day. We'll see.

    P.S. Thanks for the info Sun!

  8. #8
    TemperamentalMan's Avatar
    TemperamentalMan is offline BlackBerryOS Addict Follow TemperamentalMan On Twitter
    Join Date
    Aug 2009
    Location
    Raleigh, NC
    PIN
    's and nee
    Device
    9550
    OS
    5.0.0.607
    Posts
    937
    Liked
    6 times
    Quote Originally Posted by olta777 View Post
    Good thing 5.0 is not on the list
    Yeah really. If I could ever get my Tour to connect to my PC while I was running 5.0 I would keep it. I get "USB charging is insufficient" on every port, powered hub, and camel in site. I finally was able to wipe it (after about 1 hour on two computers) and revert to .53. But I miss it :1244:

  9. #9
    cooltech59's Avatar
    cooltech59 is offline BlackBerryOS Inspired
    Join Date
    Aug 2009
    Location
    Sunny SW Florida
    PIN
    Pain In Neck yup
    Device
    9630 Tour
    OS
    Irtehun V-8
    Posts
    112
    Liked
    0 times
    So this isn't having an effect to any of the 5.0 OS's that have been leaked does it? If I read the info right it is only effecting the Official 4.7.1.xx systems is that correct? If so I just might have to download .230 to my wifes phone.
    http://i1014.photobucket.com/albums/...techBanner.jpg
    Seek The Final Victorywned2:

    Remember If Someone Helps You Hit The "Thank You" Icon :buttkick:

  10. #10
    TemperamentalMan's Avatar
    TemperamentalMan is offline BlackBerryOS Addict Follow TemperamentalMan On Twitter
    Join Date
    Aug 2009
    Location
    Raleigh, NC
    PIN
    's and nee
    Device
    9550
    OS
    5.0.0.607
    Posts
    937
    Liked
    6 times
    Quote Originally Posted by cooltech59 View Post
    So this isn't having an effect to any of the 5.0 OS's that have been leaked does it? If I read the info right it is only effecting the Official 4.7.1.xx systems is that correct? If so I just might have to download .230 to my wifes phone.
    I miss my 5.0 But I was also instructed NOT to load 5.0 on the wife's phone until it's an official release. LOL. I don't want to join Natemz in the "I'm locked out the bedroom" club

  11. #11
    Natemz's Avatar
    Natemz is offline BlackBerryOS Wizard Follow Natemz On Twitter
    Join Date
    Mar 2009
    Location
    Nashville, Tennessee
    PIN
    DROOOOIIII
    Device
    Droid X
    Posts
    3,209
    Liked
    19 times
    Wirelessly posted (storm 9530)

    Quote Originally Posted by TemperamentalMan
    Quote Originally Posted by cooltech59 View Post
    So this isn't having an effect to any of the 5.0 OS's that have been leaked does it? If I read the info right it is only effecting the Official 4.7.1.xx systems is that correct? If so I just might have to download .230 to my wifes phone.
    I miss my 5.0 But I was also instructed NOT to load 5.0 on the wife's phone until it's an official release. LOL. I don't want to join Natemz in the "I'm locked out the bedroom" club
    Lol nice Temp!
    Droooooiiiiiid!
    Follow me @Natemz

  12. #12
    skygear is offline BlackBerryOS Friend
    Join Date
    Sep 2009
    Location
    in a tree
    PIN
    her down
    Device
    9700
    OS
    6.0.0.344
    Posts
    23
    Liked
    4 times
    Quote Originally Posted by Natemz View Post
    Wirelessly posted (storm 9530)



    Lol nice Temp!
    mine could care less

  13. #13
    cooltech59's Avatar
    cooltech59 is offline BlackBerryOS Inspired
    Join Date
    Aug 2009
    Location
    Sunny SW Florida
    PIN
    Pain In Neck yup
    Device
    9630 Tour
    OS
    Irtehun V-8
    Posts
    112
    Liked
    0 times
    Quote Originally Posted by TemperamentalMan View Post
    I miss my 5.0 But I was also instructed NOT to load 5.0 on the wife's phone until it's an official release. LOL. I don't want to join Natemz in the "I'm locked out the bedroom" club
    mfg:Yeah it seems you and I discussed this before. I told ya how my wife is. But with this security issue she might ease up. Beside's I'm always in an out of doghouse. Like the song says "Move over ol' dog the new dogs coming in"
    http://i1014.photobucket.com/albums/...techBanner.jpg
    Seek The Final Victorywned2:

    Remember If Someone Helps You Hit The "Thank You" Icon :buttkick:

  14. #14
    TemperamentalMan's Avatar
    TemperamentalMan is offline BlackBerryOS Addict Follow TemperamentalMan On Twitter
    Join Date
    Aug 2009
    Location
    Raleigh, NC
    PIN
    's and nee
    Device
    9550
    OS
    5.0.0.607
    Posts
    937
    Liked
    6 times
    Quote Originally Posted by cooltech59 View Post
    mfg:Yeah it seems you and I discussed this before. I told ya how my wife is. But with this security issue she might ease up. Beside's I'm always in an out of doghouse. Like the song says "Move over ol' dog the new dogs coming in"
    I just put an add-on the bedroom. I even have the vinyl doors LOL

    P.S. No problem Natemz!!! LMAO

  15. #15
    smcoldbb is offline BlackBerryOS Champion Follow smcoldbb On Twitter
    Join Date
    Mar 2009
    Location
    vancouver bc
    Device
    9630
    OS
    5.0.0.XXX
    Posts
    1,573
    Liked
    0 times
    So how many people have called their carrier today?


    hahaha
    Bellshare - Premium Blackberry Apps

  16. #16
    AdamSiK's Avatar
    AdamSiK is offline BlackBerryOS Friend
    Join Date
    Sep 2009
    PIN
    30515985
    Device
    9550
    OS
    5.1.0.93 plt 5.0
    Posts
    22
    Liked
    0 times
    good to know

  17. #17
    guanuck's Avatar
    guanuck is offline BlackBerryOS Gifted
    Join Date
    Mar 2009
    Location
    Canada
    PIN
    GUIN
    Device
    9630
    OS
    5.0.0.230
    Posts
    385
    Liked
    1 times
    Wirelessly posted

    Calling DNA to see what Telus will do about this! Ill post what they in 30min
    Have a Telus related question? Just ask!

  18. #18
    P3Designs's Avatar
    P3Designs is offline BlackBerryOS Addict Follow P3Designs On Twitter
    Join Date
    Jul 2009
    Location
    Arizona
    PIN
    ky Swear O
    Device
    Droid/Storm/Cur
    OS
    5.0.0.238
    Posts
    753
    Liked
    1 times
    I find this to be alarming that carries knew about this problem before it hit the net, yet have failed to release an appropriate upgrade to fix this problem. I will be calling VZW today and voicing my concern.

  19. #19
    porkrind's Avatar
    porkrind is offline BlackBerryOS Gifted
    Join Date
    Apr 2009
    Location
    LA-Lower Alabama
    Device
    Droid Incredible
    Posts
    314
    Liked
    0 times
    Hmmm... seems like all carriers would want to get 5.0 out like NOW!!
    From my experience, the problem is usually what you think isn't the problem...NEOLANTIS

  20. #20
    sunkast Guest
    So wheres the 5.0 leak for the 8320?

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •