Blackberry servers vulnerable to new attack

Form your servers into a circle and ...

By Tony Dennis

Wed Aug 09 2006, 07:49

BE AFRAID. BE VERY AFRAID. That's basically the message to organisations running Research In Motion's (RIM's) Blackberry server behind their firewalls.

That's because code that hacks the server and has been developed by Jesse D'Aguanno, a consultant with Praetorian Global, is due for release next week. The hacking program is called BBProxy and can be installed on a Blackberry or sent as an email attachment to an unsuspecting user.

Once installed, BBProxy opens a back channel bypassing most organisations' gateway security mechanisms. That's because the data tunnel between the Blackberry and the server is encrypted, so regular intrusion detection systems typically won't detect the attack.

Secure Computing's, Paul Henry, says that any Internet facing server like a Blackberry server should be isolated on its own DMZ (De-Militarised Zone) segment.

He also says that the mail server should not be permitted to open arbitrary connexions to the internal network or Internet. Nor should users be permitted to open such connexions.

The INQ suspects that Secure Computing just might know a thing or two about how to configure servers to take these measures into account. µ

L'INQ
Secure Computing

Symantec warns about PCanywhere and Anonymous PCanywhere users at ‘increased risk’ of attack Wednesday, 25 January 2012, 15:27 PM Read more	The INQUIRER review of the year A look back at the big news stories of 2011 Friday, 23 December 2011, 08:00 AM Read more
Apple, Nokia and RIM distance themselves from Carrier IQ saga Don't look at us, Guv' Friday, 2 December 2011, 15:04 PM Read more	Web hosting intrusion results in thousands of damaged web sites Hacker replaces index files Monday, 26 September 2011, 14:36 PM Read more
Adobe patches critical vulnerabilities in Flash Player Attacks are already seen in the wild Thursday, 22 September 2011, 10:06 AM Read more	RIM advises Blackberry owners to disable Javascript Protection against vulnerability found at Pwn2Own Wednesday, 16 March 2011, 10:33 AM Read more

Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.

INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage

INQ Jobs

QA / Quality Assurance Tes

Job Title: QA / Quality Ass...

INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

Yes, companies should suffer an immediate death penalty upon being accused of copyright infringement.

Yes, the coppers said the company was breaking the law so it must be guilty.

No, the company and the people accused are innocent until proven guilty.

No, the company had millions of customers who have been harmed by having access to their data files cut off.

I don't care, I never used Megaupload anyway.

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

Blackberry servers vulnerable to new attack

Share this:

RIM Playbook OS 2.0 and Blackberry 7.1 video demo

Nokia Lumia 710 video review