Information Security News mailing list archives
RIM Plugs BlackBerry Security Hole
From: InfoSec News <alerts () infosecnews org>
Date: Mon, 5 Oct 2009 03:07:25 -0500 (CDT)
http://www.eweek.com/c/a/Security/RIM-Plugs-BlackBerry-Security-Hole-165742/ By Brian Prince eWEEK.com 2009-10-02 Research In Motion fixes a security bug it says left BlackBerry users open to phishing attacks. Research In Motion has plugged a security hole that left BlackBerry users open to phishing attacks. The bug lies in the BlackBerry browser dialog box, which provides information about Website domain names and their associated certificates. While the dialog box informs users when there is a mismatch between site domain names and domain names indicated in associated certificates, it does not properly illustrate that the mismatch is due to the presence of some hidden characters in the site domain name. As a result, users can be fooled more easily into logging on to malicious sites. "A malicious user could create a web site that includes a certificate that is purposely altered using null (hidden) characters in the certificate's Common Name (CN) field or otherwise manipulated to deceive a BlackBerry device user into believing they have connected to a trusted web site," according to the company's advisory. [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.org
Current thread:
- RIM Plugs BlackBerry Security Hole InfoSec News (Oct 05)