// archives

security

This tag is associated with 9 posts

RIM says “Would you like a password hint?”

By January 8, 2010 Post a comment

It would appear that RIM is planning to provide end-users with a mechanism to remember their passwords.  According to patent application 20090307498, RIM proposes to allow a user to store his password with unique version data to help him remember it later.  As per the patent application, the version data will be in the form [...]

Mice, Permissions and a Solution?

By November 28, 2009 One comment

The BlackBerry default application permissions should be one of the most important things to a BlackBerry Internet Service (BIS) user. But how can these application permissions be monitored and checked for those times when they are changed (creating a potentially risky situation) and the user forgets to revert to its original setting? This post will highlight a possible mechanism of checking for the most critical permissions. There’s also some sample program source code that users can download and play with.

The ‘Security Timer Reset’ permission

By November 6, 2009 3 comments

Did you ever wonder what some of those Application Permissions were on your BlackBerry?  I’m putting together a paper that details the more important ones and why you should be careful in changing them.  For now, I thought I’d share some information about the “Security Timer Reset” permission and what you can do with it. [...]

The theory behind BlackBerry phone taps

By October 31, 2009 8 comments

The new version of FlexiSpy (which I dissected and posted about) promises to allow a user to spy on a target when he is on a call.  They call it Call Interception.  The site says: “Call Interception is the ability to listen in to an active phone call on the target device. You specify the [...]

Kiss your BlackBerry spyware goodbye

By October 27, 2009 15 comments

I have released the latest version of Kisses.  I promised everyone in my Hack In The Box presentation that I would release newer versions of the toolkit Bugs & Kisses.  Today, I hopefully deliver on that promise.  As far as I’m aware, this tool is the first of its kind to be offered to BlackBerry [...]

BlackBerry OS 5.0.0 knows what you install

By October 25, 2009 4 comments

I took a look at the new BlackBerry version 5.0.0 Operating System API.  RIM is offering the simulator and development kit as a Beta release and I think the OS has already been leaked online.  One excellent feature that RIM have added is the CodeModuleListener.  This interface allows a developer to design an application that [...]

Remote Listening for the BlackBerry

By October 23, 2009 57 comments

I first blogged about PhoneSnoop, a component of Bugs, a few days ago.  PhoneSnoop demonstrates how a BlackBerry can be used to spy on its owner.  It cannot listen into phone conversations or conduct phone taps on BlackBerry handhelds at the moment.  It is, however, possible to add a feature that makes phone taps work.  [...]

How I tell my clients that XSS is bad

By September 14, 2009 One comment

The mixed bag of reactions to XSS or Cross Site Scripting vulnerabilities is interesting to watch.  As a security professional, I’ve audited banking applications based on web technologies and have in all cases come away with at least one XSS vulnerability.  When presented to the client and to the vendor, I get some interesting reactions. [...]

Three reasons why you should segment your SCADA networks

By September 10, 2009 Post a comment

The recent report on eWeek regarding how attackers managed to get a foot hold into an energy company through a phishing attack is not something new.  It is not magical because stuff like this happens elsewhere on a more frequent basis.  What makes this so noteworthy is the fact that the company was in control [...]