According to a warning released by network security applications and device provider Secure Computing, organizations with their BlackBerry servers installed behind their gateway intrusion detection boxes could be compromised when researcher Jesse D'Aguanno, a consultant with risk management experts Praetorian Global, of Placerville, Calif., releases his code the week of Aug. 14. D'Aguanno first revealed his vulnerability exploit on Aug. 5 at the Defcon hacker convention in Las Vegas.
For its part, RIM maintains that the so-called vulnerability illustrated at Defcon merely proves that third-party applications can run on its devices, not that the handhelds or their back-end systems are necessarily open to attack. By administering the various security tools available in its systems, IT administrators can greatly reduce the potential for any attack by banning or limiting the privileges of various types of applications, company officials said.
"I wouldn't characterize this as a flaw, but the ability to run a program on the network," said Scott Totzke, director of RIM's Global Security Group, in Waterloo, Ontario. "We have tools [that can be used] to manage and control third-party applications, and administrators can close the door to third-party applications completely, or use a whitelist approach that can allow them to be very granular in what they might allow."
The company also maintains that the attack described by D'Aguanno, which requires that a user consciously download malware to the device, could be used to access systems on almost any mobile device, including smart phones, PDAs and laptops.
For full story:
http://www.eweek.com/article2/0,1895,20 ... 081006WBS1
CISSP, MCSE, CSTA, Security+ SME