BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 01-17-2011, 04:53 AM   #1 (permalink)
Knows Where the Search Button Is
 
lop1's Avatar
 
Join Date: Feb 2009
Location: Perros-Guirec
Model: 9700
OS: 5.0.0.979
Carrier: orange
Posts: 28
Post Thanks: 3
Thanked 5 Times in 2 Posts
Angry Blackberry Browser Application Lets Remote Users Deny Service

Please Login to Remove!

SECURITY ALERT for Blackberry devices :

A remote user can create specially crafted HTML that, when loaded by the target user, will cause the target user's browser to become unresponsive. The browser will restart and display an error message. (KB24841-Partial Denial of Service (DoS) in the BlackBerry browser application)

There are fixes from RIM BUT BUT only for OS 5 and OS 6 !!

the OS 4xxx is now UNSUPPORTED ! as explain by RIM :

"RIM has issued a software update that resolves this issue in BlackBerry Device Software versions later than 5.0.0. BlackBerry Device Software version 4.7.0 and earlier is unsupported"

Here are the affected versions :

Vulnerable software and versions ( cf NVE CVE-2010-2599 )
* rim:blackberry_software:5.0.0.593
* rim:blackberry_software:5.0.0.983
* rim:blackberry_software:5.0.0.973
* rim:blackberry_software:5.0.0.1041
* rim:blackberry_software:4.0
* rim:blackberry_software:4.7
* rim:blackberry_software:4.6.1
* rim:blackberry_software:4.6
* rim:blackberry_software:4.5.0
* rim:blackberry_software:4.7.1
* rim:blackberry_software:5.0.0.882
* rim:blackberry_software:5.0.0.1036
* rim:blackberry_software:5.0.0.1039 and previous versions

I always had the feeling that RIM was very security conscious and was taking care of his users, that feeling is gone and for all.
Offline  
Old 01-17-2011, 07:41 AM   #2 (permalink)
BlackBerry God
 
aiharkness's Avatar
 
Join Date: Jul 2005
Location: Florida Panhandle
Model: Z10
OS: 10.2.1
Carrier: T-Mobile USA
Posts: 13,715
Post Thanks: 15
Thanked 499 Times in 486 Posts
Default Re: Blackberry Browser Application Lets Remote Users Deny Service

Does Microsoft still patch Windows 95? No, it is way beyond end of life.

Like it or not, that's the way it is.

Or I don't see your point.
__________________
- Ira
Offline  
Old 01-17-2011, 10:52 AM   #3 (permalink)
Knows Where the Search Button Is
 
lop1's Avatar
 
Join Date: Feb 2009
Location: Perros-Guirec
Model: 9700
OS: 5.0.0.979
Carrier: orange
Posts: 28
Post Thanks: 3
Thanked 5 Times in 2 Posts
Angry Re: Blackberry Browser Application Lets Remote Users Deny Service

OK you don't see my point ( sorry for my bad American/English, it is not one of my main languages).

- you point on windows 95, can I remind you that is was made available in 1995, 16 years ago, I can understand that microsoft ( which is not building his image on security ) stop the security updates.

- After 95 there was NT, 98, 98SE, NT4, millenium, 2000, XP, Vista and 7. If you take only XP which was made available in 2002 ( 9 years ago ). Even if it is not officially supported by Microsoft , I get the security updates on our computers every first tuesday. NOT bad for an unsupported product from a company that is not building on security...

- We bought the last batch of blackberries 81xx and 83xx in 2010 ( yes well known operators sell them ), and now one year later no more security support !

really BAD for a company

BUT deadly shocking from a company building his image on security

Can I remind you that there are several millions of blackberry 81xx and 83xx still used by RIM customers .
I can understand that they can't get OS5 because of memory constraints, BUT I can't understand the NO security support from RIM.

So YES the security image of RIM is not anymore, sorry for that, they are now just one of those...
Offline  
Old 01-17-2011, 11:21 AM   #4 (permalink)
BlackBerry God
 
aiharkness's Avatar
 
Join Date: Jul 2005
Location: Florida Panhandle
Model: Z10
OS: 10.2.1
Carrier: T-Mobile USA
Posts: 13,715
Post Thanks: 15
Thanked 499 Times in 486 Posts
Default Re: Blackberry Browser Application Lets Remote Users Deny Service

I just picked Win95 as it was first to mind as an OS that is at (actually way beyond) end of life. To me older 4.X OS devices are not any different, especially in the smart phone arena where today's new is old in eighteen months.

In the bigger scheme of things, a DoS issue isn't great, but it also doesn't strike me as catastrophic.

RIM obviosly made a cost benefit decision. It's fair to make your own assessment and do what is best for you and/or your business.

In my mind I still put RIM's security consciousness and practices way, way above the competition.
Posted via BlackBerryForums.com Mobile
Offline  
Old 01-17-2011, 02:11 PM   #5 (permalink)
BlackBerry Elite
 
knottyrope's Avatar
 
Join Date: Jan 2008
Location: Massachusetts
Model: Z30
OS: 10.2.1
PIN: t of blood has been taken
Carrier: AT&T-US with I dee ten tee errors
Posts: 6,681
Post Thanks: 270
Thanked 282 Times in 267 Posts
Default Re: Blackberry Browser Application Lets Remote Users Deny Service

FYI, all trackball devices will be discontinued soon.
__________________
irony : many old timer posters have de-evolved into the trolls they once fought
I am on http://supportforums.blackberry.com
BES 10 running sweet for my Z30, Z10 and Q10
Offline  
Old 01-18-2011, 10:15 PM   #6 (permalink)
CrackBerry Addict
 
Jagga's Avatar
 
Join Date: Oct 2004
Location: Toronto
Model: Z10
Carrier: Lord Rogers - 107
Posts: 862
Post Thanks: 6
Thanked 6 Times in 5 Posts
Default Re: Blackberry Browser Application Lets Remote Users Deny Service

If not already discontinued.

I find it ODD how a retailer provider or authorized 3rd party or direct channel found it reasonable to sell you such old units: 83xx units are at least 2yrs old now; and did they state how long warranty is supported and guaranteed for?! Why didn't you purchase the most recent curve models? or 1 generation behind?!
__________________
Senior help desk administrator (rim_db_admin_sr_helpdesk)
Serious Mobile
Offline  
Old 01-19-2011, 12:22 PM   #7 (permalink)
Knows Where the Search Button Is
 
lop1's Avatar
 
Join Date: Feb 2009
Location: Perros-Guirec
Model: 9700
OS: 5.0.0.979
Carrier: orange
Posts: 28
Post Thanks: 3
Thanked 5 Times in 2 Posts
Default Re: Blackberry Browser Application Lets Remote Users Deny Service

These 83xx were still available six months ago at the operator shop. So we bought them for our teams.
Why them, just because they have all what we need ( mail security and stability ) and they have the BEST keyboard ( from my point of view better than the 9520, the 9300 and the 9700 ) and the price was nice ( important for a small company).

As they are still under waranty we may ask the operator to change them or refund.
Offline  
Old 01-22-2011, 09:07 PM   #8 (permalink)
BlackBerryForums.com Super Moderator
 
SteveO86's Avatar
 
Join Date: Sep 2007
Location: Florida
Model: 9650
OS: 6.0.0.280
PIN: I heard it drop!
Carrier: VZW BIS
Posts: 6,534
Post Thanks: 0
Thanked 4 Times in 1 Post
Default Re: Blackberry Browser Application Lets Remote Users Deny Service

I'm with aiharkness on this one.. The 83xx's are a 3/4 year old device. That's why it was cheap.. the 93xx is the replacement for the 83xx devices.
__________________
8830 -> 8330 -> 9550 -> 9650
Just think about how far BlackBerries have come from then till now... And what else is coming.

Follow me on Twitter
Offline  
Old 01-23-2011, 02:18 PM   #9 (permalink)
BlackBerry God
 
aiharkness's Avatar
 
Join Date: Jul 2005
Location: Florida Panhandle
Model: Z10
OS: 10.2.1
Carrier: T-Mobile USA
Posts: 13,715
Post Thanks: 15
Thanked 499 Times in 486 Posts
Default Re: Blackberry Browser Application Lets Remote Users Deny Service

On this one? I hope not just on this one.

My first two BlackBerrys I bought when they were soon to be taken off the retail market and T-Mobile was practically giving them away. It was a good deal for me as far as $'s, but there are downsides as the OP has found.

Depends on what you want.
__________________
- Ira
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads for: Blackberry Browser Application Lets Remote Users Deny Service
Thread Thread Starter Forum Replies Last Post
New Blackberry Server wants to reactivate users after power outage! Urlryn BES Admin Corner 19 12-27-2007 02:55 PM
Blackberry Activation(s)... Barry_Black General BlackBerry Discussion 5 06-07-2007 12:07 PM
Blackberry Enterprise Activation Woes rgf207 BES Admin Corner 2 05-23-2007 02:21 PM
Vodafone and Dimension Today Installation Information (7130e) zarza Media Center 42 06-12-2006 09:14 PM
BES for Exchange 4.0.4 Available Now BlackBerryLinks BES Admin Corner 28 05-06-2006 10:38 AM





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.