Subscribe to this blog's feed

Amazon

Recent Posts

Bio

  • David Rice is a globally recognized cybersecurity leader, Executive Director of The Monterey Group, a strategic consulting firm, and Consulting Director for Policy Reform at the U.S. Cyber Consequences Unit. Called upon by high-performance organizations for his ability to achieve, integrate, and drive deep corporate objectives in the face of globalized competition, rapid technological advances, and increased sophistication of cyber adversaries, David is a key figure shaping the discussion and practice of cybersecurity.

    Prior to his current roles, David served as an Global Network Vulnerability Analyst for the National Security Agency and Special Duty Cryptologic Officer for the United State Navy. The U.S. government recognized and awarded David for “significant contributions” to the Department of Defense and the National Security Agency for developing security configuration and design guidance for critical national infrastructure and global networks.

Archives

More...

Links

Blog powered by TypePad

The views and opinions expressed are those of the author and do not reflect the official policy, position, or recommendations of the author's affiliations, partners, employers, or clients.

« Geekonomics on TechTalk, KFNX AM1100 | Main | Geekonomics on the Troy Neff Show »

July 17, 2008

iPocalypse Now: Part 3, Blackberry Zero Day

Just so owners of the iPhone don't feel left out, the Blackberry crowd (myself included) can enjoy the growing attention of attackers also...

BlackBerry server faced with critical zero-day

To quote:

A critical zero-day flaw in BlackBerry Enterprise Server could be exploited by attackers to gain access to sensitive data, according to an advisory issued by the French Security Incident Response Team (FrSIRT).

The flaw is a PDF attachment handling error in the BlackBerry Attachment Service, FrSIRT said. An attacker could exploit the flaw by tricking a user to open a malicious PDF file attachment.

The vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.0. FrSIRT has rated it "critical."

BlackBerry maker Research in Motion has confirmed the flaw and issued a warning to customers. A patch has not been released for Enteprise Server. As a workaround, companies can prevent the server from processing PDF Files.

"This issue has been escalated internally to our development team," RIM said in its advisory. "No resolution time frame is currently available."

Well, see there you go, the issue has been escalated. Whew. I will twiddle my thumbs and not read any PDFs from my Blackberry until a resolution time frame have been worked out..and then wait for the patch. I mean really, how many business people read PDFs anyway?!?
 


 

Posted on July 17, 2008 |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e54f9408a3883400e553bddffc8834

Listed below are links to weblogs that reference iPocalypse Now: Part 3, Blackberry Zero Day:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.