BlackBerry Forums Support Community

BlackBerry Forums Support Community (http://www.blackberryforums.com/)
-   BES Admin Corner (http://www.blackberryforums.com/bes-admin-corner/)
-   -   Important Article (http://www.blackberryforums.com/bes-admin-corner/17931-important-article.html)

Dahood 10-26-2005 07:54 AM

Important Article
 
http://www.infomaticsonline.co.uk/vn...hes-blackberry

LAW 10-26-2005 09:29 AM

Probably why SP2 was pulled suddenly
 
HUGE liability problem there for RIM. No wonder they pulled SP2.

Dahood 10-26-2005 10:37 AM

Very true, but it does make you wonder about the security of BlackBerry. It has now made me think twice....!

jibi 10-26-2005 10:42 AM

one reported incident that was the result of a system (mail) that was not directly the BES... not too alarming, if you ask me.

jcoke 10-26-2005 11:02 AM

^---Amen, typical knee-jerk media response.

LAW 10-26-2005 11:08 AM

Good point, of course. It's not likely that many people would even have a chance of seeing this problem. No need to think the sky is falling if you already have SP2.

However, it's most definitely directly related to BlackBerry. When you write an application that relies on another (especially one handling sensitive information), you have to build in error-detection and error-handling capabilities.

The email server in question generated a memory allocation error, but it did not send parts of emails to the wrong people, BES did that.

By the way, the RIM statement that no messages escaped the BBC firewall is completely irrelevant to the rest of us. That was only the result of luck. They are posturing for when the lawsuit is filed.

RK1 10-26-2005 01:46 PM

Was this on MS Exchange or Domino

Dahood 10-27-2005 02:27 AM

Get real Jibi......! The fact that RIM pulled SP2 immediately shows the seriousness of this.....!

LAW 10-27-2005 09:07 AM

Well, I think what it shows is this:

Even one company that has this problem could probably own a big chunk of RIM after a successful suit. The liability for them is tremendous even if only one user has the problem.

There are also all sorts of privacy rules, Patriot Act, and other federal regulations being broken if there is ANY chance of the wrong person getting an e-mail as a result of a software screw up. Some companies would vigorously pursue legal action if this happened to them. RIM has enough legal troubles already (at least in the US).

None of this necessarily means SP2 is particularly dangerous to 99.9% of users. It could be, but it doesn't matter. RIM has to act responsibly by pulling it to protect themselves and their customers, regardles of the risk level.

jibi 10-27-2005 12:18 PM

Quote:

Originally Posted by Dahood
Get real Jibi......! The fact that RIM pulled SP2 immediately shows the seriousness of this.....!

i think that the 'fact' that SP2 was pulled may or may not even have anything to do with this. if you read the release notes for SP3, there's actually a workaround for a time zone issue that suggests downgrading to SP1. to be honest, i think that would affect more companies and BES configurations than this reported BBC issue.

easy-v 10-31-2005 06:55 AM

Quote:

Originally Posted by LAW
Well, I think what it shows is this:

<snip>

There are also all sorts of privacy rules, Patriot Act, and other federal regulations being broken if there is ANY chance of the wrong person getting an e-mail as a result of a software screw up.
<snip>


Find me an application as intricate as BES that you can guarantee with 100% certainty that nothing will go wrong. Holding a software vendor to that standard smacks of ignorance.

Having an expectation that a vendor will fix a problem once it is discovered seems to me to be more reasonable, and that is what RIM appears to have done.

LAW 10-31-2005 07:06 AM

Quote:

Originally Posted by easy-v
Holding a software vendor to that standard smacks of ignorance.

Whoa there, Bucky. No need for name calling.

If I am an application vendor and I write a program which substantially threatens the security of my customers, I can and probably will be held liable, END OF STORY.
Disregarding the current legal climate in the US/UK or any country with regard to data security will not make it go away.

MCase 10-31-2005 09:37 AM

Email is generally known to be one of the least secure modes of communication. I am not sure the Patriot Act could be used to prosecute an email software provider because an email (or portions thereof) accidentally were sent to the wrong recipient.

Interesting idea though. As an email admin that's for sure something to think about.

easy-v 11-01-2005 11:11 AM

Quote:

Originally Posted by LAW
Whoa there, Bucky. No need for name calling.

If I am an application vendor and I write a program which substantially threatens the security of my customers, I can and probably will be held liable, END OF STORY.
Disregarding the current legal climate in the US/UK or any country with regard to data security will not make it go away.

I don't see any name calling in my post. The fact is, I find it ignorant, or perhaps naive would be a better word for it, to expect that any piece of software in the league of BES would be bug free. To have that expectation is silly and unrealistic.

Of course, I am not a lawyer, and I do not play one on TV, so perhaps suing someone/some company for an unintended consequence that in reality accomplished no damage, may indeed make sense to some people.

Dan-BB 11-01-2005 12:06 PM

How many security flaws are there in every version of Windows and IE every week ??

Do you pull all pcs that have windows everytime theres a flaw announced ?
I doubt that you do. Why is this any different then a regular bug ?

LAW 11-01-2005 12:32 PM

It does not matter at all what you or I expect as far as software reliability.

If a company suffers a loss because a security breach occurs where RIM can be faulted, to protect itself that company will most likely go after RIM, and they will most likely win.

That is the only point I am trying to make here. If you decide to argue with that, by all means do, but please stop arguing with a point I never made.

And the difference between this bug and others, I think, is that with most security flaws, someone must actively attempt some illegal activity to exploit it. This one was flinging data out there all by itself.

This is the last post I intend to make on this thread.

jibi 11-01-2005 12:49 PM

Dan-BB, in most cases during a virus or worm outbreak, especially the post-Code Red days to Nimda and on into the Blaster RPC worms, a LOT of companies were sued by other companies for harming their networks, whether it was that company's direct fault or not. In some cases, companies had to turn off various switches, firewalls or proxies to limit traffic outside of their network until they were able to contain the worm or virus. The same goes for email viruses within companies - if the issue is severe enough, services are shut down. If they are severe to the point that it affects other companies, then I'll bet that a lawsuit is filed.

With that said, I think LAW has a great point. If this would have been a government and portions of emails would have been sent to external persons, then I'd say someone would be in trouble. Or if this was in the Human Resources department at a company or an executive. It does give out the sense of a lot that could go wrong, despite there being a slim chance of it doing so. Its the ultimate first 'what if' scenario where everyone is now focusing on the rare negative impact rather than the idea that this happened to a single individual most likely with a fairly unique environment.

But whatever...

aristobrat 11-01-2005 02:46 PM

Quote:

Originally Posted by LAW
If a company suffers a loss because a security breach occurs where RIM can be faulted, to protect itself that company will most likely go after RIM, and they will most likely win.

Don't you usually give up your right to sue for damages when you click the "Accept these terms" button that pops up during almost every program that you install on your system?


All times are GMT -5. The time now is 11:39 AM.

Powered by vBulletin® Version 3.6.12
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.