Security Basics mailing list archives

Re: how do you secure a blackberry

From: Kurt Buff <kurt.buff () gmail com>
Date: Wed, 29 Jul 2009 15:03:57 -0700

Take a 2.5lb sledge...

On Wed, Jul 29, 2009 at 09:55, Nicholas Harvey<hattrickinc () gmail com> wrote:

Can we discuss how to secure an iPhone afterwards? :)

Sent from my iPhone

On Jul 29, 2009, at 1:29 AM, Aarón Mizrachi <unmanarc () gmail com> wrote:

On Miércoles 29 Julio 2009 00:32:58 Joseph Williams escribió:


Atleast with Verizon, when you battery pull the phone. The service books
that are pushed out by the provider are repushed out. My girlfriend's
sprint blackberry comes with some "Quick Launch" icons and a small
program
from Sprint. Every time she has to battery pull they are redownloaded.

Joe


Yes, is the service provided by the seller.  if you bought your phone from
a
trusted/minimal one, you will be clear.

And... The small program, i think, does not came with service books,
probably
are inserted as a ".cod" into the program memory. That can be
partially/fully
cleaned. Some operators also provide you themes, and booting images, to
"personalize" your blackberry.

The blackberry device consist in a ARM processor with  different memory
parts... I suppose that are structured as follows:

- ARM processor firmware
- ROM Memory (PIN, IMEI)
- Vendor Information Memory (Boot logo, vendor code, other information)
(Possibly ROM)
- Basic Blackberry OS Memory  (Lock information, basic connectivity)
- Program Memory (Blackberry programs inserted and updated by the desktop
manager, themes, whatever)
- Blackberry Databases (Device information, Service Books, Configurations,
Calls, whatever) and files
- SD Memory


-----Original Message-----
From: Aarón Mizrachi [mailto:unmanarc () gmail com]
Sent: Tuesday, July 28, 2009 11:51 PM
To: joseph.s.williams () gmail com
Subject: Re: how do you secure a blackberry

On Miércoles 29 Julio 2009 00:03:03 joseph.s.williams () gmail com escribió:


http://www.berryreview.com/2009/01/22/faq-explanation-of-each-blackberr
y-se rvice-book-type/ Sent from my Verizon Wireless BlackBerry


I already read that looking in google. Seems to be a configuration for
some
services.

I run my blackberry with a foreign country service book, since i bought
my
blackberry on a foreign country, and the limitation is very low (mms, tcp
connections, and others). But, i'am connected to bis without issues.

I don't know if the service book are automatically updated when i turn on
my blackberry.

---

In the past i tried to mitm my blackberry connection through some
software
for ssl mitm, and my surprise was that the data encrypted with SSL is
also
encrypted with another algorithm into.

But, how a "mechanism for connections" could be transformed in "software
installer"?


Regards.
Aaron.

;-)

-----Original Message-----
From: Aarón Mizrachi <unmanarc () gmail com>

Date: Tue, 28 Jul 2009 23:45:47
To: Joseph Williams<joseph.s.williams () gmail com>
Subject: Re: how do you secure a blackberry

On Martes 28 Julio 2009 13:17:45 usted escribió:


This isn't true. Through "Service Books" a provider can basically push
anything software they want to the device.

Joe


how?.

-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com] On Behalf Of Aarón Mizrachi
Sent: Tuesday, July 28, 2009 1:26 AM
To: Shawn Merdinger
Cc: security-basics () securityfocus com; enquiries () globalart4u com
Subject: Re: how do you secure a blackberry

On Lunes 27 Julio 2009 15:38:20 Shawn Merdinger escribió:


Hi Aarón,

On Wed, Jul 22, 2009 at 1:55 PM, Aarón Mizrachi<unmanarc () gmail com>


wrote:


The answer:
deciding not to install the update.


I don't think it is that simple if the service provider is pushing
down software and controls the update process.  For the user to
decide not to install the update, the user must be presented with a
choice. If the install is done silently over the network in the
background, then there is no choice for the user.


cheers, i don't really had a time to take a look in deep on this


specific

case.

I'm talking the "generic". Usually, the blackberry handheld device does
not came with an automatic update software owned by your "telephony
provider" or rim. Therefore and moreover, any update should be done by
hand.

Moreover, real software updates provided by RIM should be installed


using

the desktop manager application. Usually this is not an automatic


process

and sometimes requires your handheld password to be done.

I understand that you can download blackberry updates from rim websites
according to your provider, but the trust rely in RIM who publish this
software.

Cheers,
--scm


--
Ing. Aaron G. Mizrachi P.

http://www.unmanarc.com
Mobil 1: + 58 416-6143543
Mobil 2: + 58 424-2412503
BBPIN: 0x 247066C1


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Re: how do you secure a blackberry, (continued)
- Re: how do you secure a blackberry Jon Janego (Jul 27)
- Re: how do you secure a blackberry Aarón Mizrachi (Jul 27)
  - Re: how do you secure a blackberry Shawn Merdinger (Jul 27)
    - Re: how do you secure a blackberry Aarón Mizrachi (Jul 28)
    - RE: how do you secure a blackberry Joseph Williams (Jul 28)
    - RE: how do you secure a blackberry Steve Armstrong (Jul 29)
    - Message not available
    - Re: how do you secure a blackberry joseph . s . williams (Jul 29)
    - Message not available
    - RE: how do you secure a blackberry Joseph Williams (Jul 29)
    - Re: how do you secure a blackberry Aarón Mizrachi (Jul 29)
    - Re: how do you secure a blackberry Nicholas Harvey (Jul 29)
    - Re: how do you secure a blackberry Kurt Buff (Jul 29)
- RE: how do you secure a blackberry Ramki B Ramakrishnan (Jul 29)
  - Re: how do you secure a blackberry Shawn Merdinger (Jul 29)
    - RE: how do you secure a blackberry Ramki B Ramakrishnan (Jul 30)
- Re: how do you secure a blackberry Mayank Aggarwal (Jul 22)
  - Re: how do you secure a blackberry Andrew Kuriger (Jul 27)