Security Basics mailing list archives
Re: how do you secure a blackberry
From: Aarón Mizrachi <unmanarc () gmail com>
Date: Wed, 29 Jul 2009 00:59:51 -0430
On Miércoles 29 Julio 2009 00:32:58 Joseph Williams escribió:
Atleast with Verizon, when you battery pull the phone. The service books that are pushed out by the provider are repushed out. My girlfriend's sprint blackberry comes with some "Quick Launch" icons and a small program from Sprint. Every time she has to battery pull they are redownloaded. Joe
Yes, is the service provided by the seller. if you bought your phone from a trusted/minimal one, you will be clear. And... The small program, i think, does not came with service books, probably are inserted as a ".cod" into the program memory. That can be partially/fully cleaned. Some operators also provide you themes, and booting images, to "personalize" your blackberry. The blackberry device consist in a ARM processor with different memory parts... I suppose that are structured as follows: - ARM processor firmware - ROM Memory (PIN, IMEI) - Vendor Information Memory (Boot logo, vendor code, other information) (Possibly ROM) - Basic Blackberry OS Memory (Lock information, basic connectivity) - Program Memory (Blackberry programs inserted and updated by the desktop manager, themes, whatever) - Blackberry Databases (Device information, Service Books, Configurations, Calls, whatever) and files - SD Memory
-----Original Message----- From: Aarón Mizrachi [mailto:unmanarc () gmail com] Sent: Tuesday, July 28, 2009 11:51 PM To: joseph.s.williams () gmail com Subject: Re: how do you secure a blackberry On Miércoles 29 Julio 2009 00:03:03 joseph.s.williams () gmail com escribió:http://www.berryreview.com/2009/01/22/faq-explanation-of-each-blackberr y-se rvice-book-type/ Sent from my Verizon Wireless BlackBerryI already read that looking in google. Seems to be a configuration for some services. I run my blackberry with a foreign country service book, since i bought my blackberry on a foreign country, and the limitation is very low (mms, tcp connections, and others). But, i'am connected to bis without issues. I don't know if the service book are automatically updated when i turn on my blackberry. --- In the past i tried to mitm my blackberry connection through some software for ssl mitm, and my surprise was that the data encrypted with SSL is also encrypted with another algorithm into. But, how a "mechanism for connections" could be transformed in "software installer"? Regards. Aaron. ;-)-----Original Message----- From: Aarón Mizrachi <unmanarc () gmail com> Date: Tue, 28 Jul 2009 23:45:47 To: Joseph Williams<joseph.s.williams () gmail com> Subject: Re: how do you secure a blackberry On Martes 28 Julio 2009 13:17:45 usted escribió:This isn't true. Through "Service Books" a provider can basically push anything software they want to the device. Joehow?.-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Aarón Mizrachi Sent: Tuesday, July 28, 2009 1:26 AM To: Shawn Merdinger Cc: security-basics () securityfocus com; enquiries () globalart4u com Subject: Re: how do you secure a blackberry On Lunes 27 Julio 2009 15:38:20 Shawn Merdinger escribió:Hi Aarón, On Wed, Jul 22, 2009 at 1:55 PM, Aarón Mizrachi<unmanarc () gmail com>wrote:The answer: deciding not to install the update.I don't think it is that simple if the service provider is pushing down software and controls the update process. For the user to decide not to install the update, the user must be presented with a choice. If the install is done silently over the network in the background, then there is no choice for the user.cheers, i don't really had a time to take a look in deep on thisspecificcase. I'm talking the "generic". Usually, the blackberry handheld device does not came with an automatic update software owned by your "telephony provider" or rim. Therefore and moreover, any update should be done by hand. Moreover, real software updates provided by RIM should be installedusingthe desktop manager application. Usually this is not an automaticprocessand sometimes requires your handheld password to be done. I understand that you can download blackberry updates from rim websites according to your provider, but the trust rely in RIM who publish this software.Cheers, --scm
-- Ing. Aaron G. Mizrachi P. http://www.unmanarc.com Mobil 1: + 58 416-6143543 Mobil 2: + 58 424-2412503 BBPIN: 0x 247066C1
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- how do you secure a blackberry Enquiries @ Globalart 4u (Jul 22)
- Re: how do you secure a blackberry Shawn Merdinger (Jul 22)
- Re: how do you secure a blackberry Jon Janego (Jul 27)
- Re: how do you secure a blackberry Aarón Mizrachi (Jul 27)
- Re: how do you secure a blackberry Shawn Merdinger (Jul 27)
- Re: how do you secure a blackberry Aarón Mizrachi (Jul 28)
- RE: how do you secure a blackberry Joseph Williams (Jul 28)
- RE: how do you secure a blackberry Steve Armstrong (Jul 29)
- Message not available
- Re: how do you secure a blackberry joseph . s . williams (Jul 29)
- Message not available
- RE: how do you secure a blackberry Joseph Williams (Jul 29)
- Re: how do you secure a blackberry Aarón Mizrachi (Jul 29)
- Re: how do you secure a blackberry Nicholas Harvey (Jul 29)
- Re: how do you secure a blackberry Kurt Buff (Jul 29)
- Re: how do you secure a blackberry Shawn Merdinger (Jul 27)
- Re: how do you secure a blackberry Shawn Merdinger (Jul 29)
- RE: how do you secure a blackberry Ramki B Ramakrishnan (Jul 30)
- <Possible follow-ups>
- Re: how do you secure a blackberry Mayank Aggarwal (Jul 22)
- Re: how do you secure a blackberry Andrew Kuriger (Jul 27)