BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 10-26-2005, 07:54 AM   #1 (permalink)
Knows Where the Search Button Is
 
Join Date: Apr 2005
Model: 8100
Carrier: vodafone
Posts: 35
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Important Article

Please Login to Remove!

http://www.infomaticsonline.co.uk/vn...hes-blackberry
Offline  
Old 10-26-2005, 09:29 AM   #2 (permalink)
LAW
Knows Where the Search Button Is
 
Join Date: Sep 2005
Model: 7100g
Posts: 34
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Probably why SP2 was pulled suddenly

HUGE liability problem there for RIM. No wonder they pulled SP2.
Offline  
Old 10-26-2005, 10:37 AM   #3 (permalink)
Knows Where the Search Button Is
 
Join Date: Apr 2005
Model: 8100
Carrier: vodafone
Posts: 35
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Very true, but it does make you wonder about the security of BlackBerry. It has now made me think twice....!
Offline  
Old 10-26-2005, 10:42 AM   #4 (permalink)
BlackBerry God
 
jibi's Avatar
 
Join Date: Oct 2004
Location: Jibi's Secret Place
Model: 8900
OS: 4.6.1.174
Carrier: AT&T
Posts: 11,310
Post Thanks: 0
Thanked 1 Time in 1 Post
Default

one reported incident that was the result of a system (mail) that was not directly the BES... not too alarming, if you ask me.
__________________
In the beginning the Universe was created. This has made a lot of people very angry and is widely regarded as a bad move.
Offline  
Old 10-26-2005, 11:02 AM   #5 (permalink)
Knows Where the Search Button Is
 
Join Date: Jun 2005
Model: 7100g
Posts: 41
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

^---Amen, typical knee-jerk media response.
Offline  
Old 10-26-2005, 11:08 AM   #6 (permalink)
LAW
Knows Where the Search Button Is
 
Join Date: Sep 2005
Model: 7100g
Posts: 34
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Good point, of course. It's not likely that many people would even have a chance of seeing this problem. No need to think the sky is falling if you already have SP2.

However, it's most definitely directly related to BlackBerry. When you write an application that relies on another (especially one handling sensitive information), you have to build in error-detection and error-handling capabilities.

The email server in question generated a memory allocation error, but it did not send parts of emails to the wrong people, BES did that.

By the way, the RIM statement that no messages escaped the BBC firewall is completely irrelevant to the rest of us. That was only the result of luck. They are posturing for when the lawsuit is filed.
Offline  
Old 10-26-2005, 01:46 PM   #7 (permalink)
RK1
New Member
 
Join Date: Oct 2005
Location: Washington, DC
Model: 8800
Carrier: Cingular
Posts: 9
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Was this on MS Exchange or Domino
Offline  
Old 10-27-2005, 02:27 AM   #8 (permalink)
Knows Where the Search Button Is
 
Join Date: Apr 2005
Model: 8100
Carrier: vodafone
Posts: 35
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Get real Jibi......! The fact that RIM pulled SP2 immediately shows the seriousness of this.....!
Offline  
Old 10-27-2005, 09:07 AM   #9 (permalink)
LAW
Knows Where the Search Button Is
 
Join Date: Sep 2005
Model: 7100g
Posts: 34
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Well, I think what it shows is this:

Even one company that has this problem could probably own a big chunk of RIM after a successful suit. The liability for them is tremendous even if only one user has the problem.

There are also all sorts of privacy rules, Patriot Act, and other federal regulations being broken if there is ANY chance of the wrong person getting an e-mail as a result of a software screw up. Some companies would vigorously pursue legal action if this happened to them. RIM has enough legal troubles already (at least in the US).

None of this necessarily means SP2 is particularly dangerous to 99.9% of users. It could be, but it doesn't matter. RIM has to act responsibly by pulling it to protect themselves and their customers, regardles of the risk level.
Offline  
Old 10-27-2005, 12:18 PM   #10 (permalink)
BlackBerry God
 
jibi's Avatar
 
Join Date: Oct 2004
Location: Jibi's Secret Place
Model: 8900
OS: 4.6.1.174
Carrier: AT&T
Posts: 11,310
Post Thanks: 0
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by Dahood
Get real Jibi......! The fact that RIM pulled SP2 immediately shows the seriousness of this.....!
i think that the 'fact' that SP2 was pulled may or may not even have anything to do with this. if you read the release notes for SP3, there's actually a workaround for a time zone issue that suggests downgrading to SP1. to be honest, i think that would affect more companies and BES configurations than this reported BBC issue.
__________________
In the beginning the Universe was created. This has made a lot of people very angry and is widely regarded as a bad move.
Offline  
Old 10-31-2005, 06:55 AM   #11 (permalink)
Thumbs Must Hurt
 
Join Date: Jan 2005
Location: Palos Hills, IL
Model: None
Carrier: None
Posts: 72
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by LAW
Well, I think what it shows is this:

<snip>

There are also all sorts of privacy rules, Patriot Act, and other federal regulations being broken if there is ANY chance of the wrong person getting an e-mail as a result of a software screw up.
<snip>

Find me an application as intricate as BES that you can guarantee with 100% certainty that nothing will go wrong. Holding a software vendor to that standard smacks of ignorance.

Having an expectation that a vendor will fix a problem once it is discovered seems to me to be more reasonable, and that is what RIM appears to have done.
Offline  
Old 10-31-2005, 07:06 AM   #12 (permalink)
LAW
Knows Where the Search Button Is
 
Join Date: Sep 2005
Model: 7100g
Posts: 34
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by easy-v
Holding a software vendor to that standard smacks of ignorance.
Whoa there, Bucky. No need for name calling.

If I am an application vendor and I write a program which substantially threatens the security of my customers, I can and probably will be held liable, END OF STORY.
Disregarding the current legal climate in the US/UK or any country with regard to data security will not make it go away.

Last edited by LAW : 10-31-2005 at 07:07 AM. Reason: remove more name calling ;o)
Offline  
Old 10-31-2005, 09:37 AM   #13 (permalink)
New Member
 
Join Date: Oct 2005
Model: 7290
Posts: 12
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Email is generally known to be one of the least secure modes of communication. I am not sure the Patriot Act could be used to prosecute an email software provider because an email (or portions thereof) accidentally were sent to the wrong recipient.

Interesting idea though. As an email admin that's for sure something to think about.
Offline  
Old 11-01-2005, 11:11 AM   #14 (permalink)
Thumbs Must Hurt
 
Join Date: Jan 2005
Location: Palos Hills, IL
Model: None
Carrier: None
Posts: 72
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by LAW
Whoa there, Bucky. No need for name calling.

If I am an application vendor and I write a program which substantially threatens the security of my customers, I can and probably will be held liable, END OF STORY.
Disregarding the current legal climate in the US/UK or any country with regard to data security will not make it go away.
I don't see any name calling in my post. The fact is, I find it ignorant, or perhaps naive would be a better word for it, to expect that any piece of software in the league of BES would be bug free. To have that expectation is silly and unrealistic.

Of course, I am not a lawyer, and I do not play one on TV, so perhaps suing someone/some company for an unintended consequence that in reality accomplished no damage, may indeed make sense to some people.
Offline  
Old 11-01-2005, 12:06 PM   #15 (permalink)
Knows Where the Search Button Is
 
Join Date: Oct 2005
Location: Ottawa
Model: 8100
Carrier: Rogers
Posts: 16
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

How many security flaws are there in every version of Windows and IE every week ??

Do you pull all pcs that have windows everytime theres a flaw announced ?
I doubt that you do. Why is this any different then a regular bug ?
Offline  
Old 11-01-2005, 12:32 PM   #16 (permalink)
LAW
Knows Where the Search Button Is
 
Join Date: Sep 2005
Model: 7100g
Posts: 34
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

It does not matter at all what you or I expect as far as software reliability.

If a company suffers a loss because a security breach occurs where RIM can be faulted, to protect itself that company will most likely go after RIM, and they will most likely win.

That is the only point I am trying to make here. If you decide to argue with that, by all means do, but please stop arguing with a point I never made.

And the difference between this bug and others, I think, is that with most security flaws, someone must actively attempt some illegal activity to exploit it. This one was flinging data out there all by itself.

This is the last post I intend to make on this thread.

Last edited by LAW : 11-01-2005 at 12:34 PM. Reason: Added last line due to futility of this conversation
Offline  
Old 11-01-2005, 12:49 PM   #17 (permalink)
BlackBerry God
 
jibi's Avatar
 
Join Date: Oct 2004
Location: Jibi's Secret Place
Model: 8900
OS: 4.6.1.174
Carrier: AT&T
Posts: 11,310
Post Thanks: 0
Thanked 1 Time in 1 Post
Default

Dan-BB, in most cases during a virus or worm outbreak, especially the post-Code Red days to Nimda and on into the Blaster RPC worms, a LOT of companies were sued by other companies for harming their networks, whether it was that company's direct fault or not. In some cases, companies had to turn off various switches, firewalls or proxies to limit traffic outside of their network until they were able to contain the worm or virus. The same goes for email viruses within companies - if the issue is severe enough, services are shut down. If they are severe to the point that it affects other companies, then I'll bet that a lawsuit is filed.

With that said, I think LAW has a great point. If this would have been a government and portions of emails would have been sent to external persons, then I'd say someone would be in trouble. Or if this was in the Human Resources department at a company or an executive. It does give out the sense of a lot that could go wrong, despite there being a slim chance of it doing so. Its the ultimate first 'what if' scenario where everyone is now focusing on the rare negative impact rather than the idea that this happened to a single individual most likely with a fairly unique environment.

But whatever...
__________________
In the beginning the Universe was created. This has made a lot of people very angry and is widely regarded as a bad move.
Offline  
Old 11-01-2005, 02:46 PM   #18 (permalink)
Talking BlackBerry Encyclopedia
 
Join Date: Jan 2005
Location: Virginia Beach, VA
Model: 7130e
Carrier: VZW
Posts: 444
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by LAW
If a company suffers a loss because a security breach occurs where RIM can be faulted, to protect itself that company will most likely go after RIM, and they will most likely win.
Don't you usually give up your right to sue for damages when you click the "Accept these terms" button that pops up during almost every program that you install on your system?
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.