[deweya]

This is my first post on this site, I thought I better register as it has been very helpful in the past

I work in the health sector and general protocol is that if you are the first to log into any of our new systems you automatically qualify as the resident expert.

I am a complete beginner when it comes to BES and the IT Policy, so please excuse me if I miss any details.

We have recently migrated to BES 4.1.6 whilst doing our Exchange 2007 migration. We have roughly 320 users on the BES and are experiencing an issue when opening mail that is embedded with an image. It Crashes with App Error 576 and then must be reset.

I have checked the forums and tested the following fix which is to change the 'Disable Persisted Plain Text' to false which resolves the issue.

My question is what implications will this have?

I have read the policy description which quotes:

'Configure this rule only if you require that sensitive data does not persist in plain text form on a BlackBerry® device.'

We have our devices encrypted, does this mean some data will become un-encrypted? As security is a big issue in our organisation at the moment this would be un-acceptable.

Thanks in advanced for any replies.

Adam

[freakinvibe]

Are all those 320 users on 8700? Which device OS version? Try to upgrade them to the latest version as this looks like a device software issue.

The standard setting of "Disable Persisted Plain Text" is False, so I wonder why setting it to false in the policy would change anything. See

Disable Persisted Plain Text IT policy rule

[DavidAdams]

Quote:

Originally Posted by deweya

I work in the health sector and general protocol is that if you are the first to log into any of our new systems you automatically qualify as the resident expert.

The other way to become resident expert is to be told "this is new see how it works".

[deweya]

Thanks for the reply.

No we don't have only 8700s (thank the lord), but the lowly IT staff are subject to these. One of the devices that I am using for testing that has had the issue is an EDGE 8310 OS v4.5.0.55. Our service desk team have upgraded the firmware already.

I think you may have misunderstood my post, our current default policy for all users set's "Disable Persisted Plain Text" to true. Only using a test IT policy have I set it to false which does resolve the issue. I have read the policy explanation already but just wanted clarifiaction of the implication of setting this to false\default from an encryption point of view.

Thanks

[freakinvibe]

OK, now I understand. So your predecessor has set this policy to true and now nobody knows why he did this and what the impact is of setting it to false. It is definitely a security setting, but it might sound more scary than it really is because it contains the words "plain text".

If you have set the encryption level and contect protection to high, I think you are safe as the standard applications save things encrypted to the persistent store, but I can think of a third-party tool that reads something from your contacts and then temporarily stores it plain text for quicker access.

What could cause the crash is that the mail program tries to temporarily save the pictures "plain text" (unencrypted) to the persistent store to display them.

I guess to be super-safe and have the technical details you would have to contact RIM. You could also allow plain text mails only (as it was prior to 4.5) and switch the policy back on.

[deweya]

Thanks that makes a lot of sense.

I will contact support to double check, but always good to have an understanding before calling them.

[rocketronnie5]

Hi All
I have had several users hit by the error 576 issue. The organisation I work for use a UK govenment policy that insists persisted text has to be disabled.
I have managed to track down the crash to emails containing a gif with hidden text behind it. Infuriatingly it is not on all devices and I can't every get consistancy between OS version or hardware.

The message are usually HTML and cantain a GIF image with hidden details.
THe example here crashes 6 devices but not 4 other devices with the same hardware, OS and application versions.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.5730.13" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><IMG height=16
alt='Inactive hide details for "Aaaa Bbbb" <aaaa.bbbb@abcd.efg.uk>'
src="cid:156304814@05062009-0870" width=16
border=11><BR><BR><BR></DIV></BODY></HTML>

Cheers
Ron

[CCK01]

Is it same to change the third party allow to install persistent store?

[johnny_boy_uk]

Hi,

I'm in a BES Admin very similar situation to rocketronnie5, working in the public sector where the same UK Government security policy has to be applied to all our Blackberry handhelds which stipulates (along with many other security requirements) that disabling Persisted Plain Text is mandatory.

I can confirm that with that particular IT Policy applied my users are experiencing the same App Error 576 when a couple of seconds after opening HTML emails with an embedded image (JPEG, GIF and Bitmap tested) on 8700f, 8100, 8120 and 8320 handhelds running v4.5.x.x of the handheld software. It could be happening with more models, they are just the models I have tested after their users reported experiencing the problem.

From testing I've found that the embedded image doesn't appear to have to have hidden text behind it to cause the App Error 576. With the UK Government compliant IT Policy applied to a handheld, changing the policy setting to allow Persisted Plain Text does seem to stop the App Errors from occurring but this is a setting value that we are not allowed to have permanently in place.

I do hope RIM fix this issue in a future release of the handheld software as there must be a lot of frustrated Government BES Admins and BB Users in the UK this year!

Quote:

Originally Posted by rocketronnie5

Hi All
I have had several users hit by the error 576 issue. The organisation I work for use a UK govenment policy that insists persisted text has to be disabled.
I have managed to track down the crash to emails containing a gif with hidden text behind it. Infuriatingly it is not on all devices and I can't every get consistancy between OS version or hardware.

The message are usually HTML and cantain a GIF image with hidden details.
THe example here crashes 6 devices but not 4 other devices with the same hardware, OS and application versions.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.5730.13" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><IMG height=16
alt='Inactive hide details for "Aaaa Bbbb" <aaaa.bbbb@abcd.efg.uk>'
src="cid:156304814@05062009-0870" width=16
border=11><BR><BR><BR></DIV></BODY></HTML>

Cheers
Ron

[steve_rob]

Does anyone have any possible fixes for this issue other than turning off the Disable Persisted Text rule?

I'm yet another BES admin working at a UK government department who is getting hit by the 576 error, although we've only just started experiencing it since an upgrade of our BES to 4.1.6 MR7 (previously running 4.1.5 without any problems). And of course, our security guys will NOT let us turn this rule off! We really need to find a particular software version or handset firmware that isn't affected by this issue.

[johnny_boy_uk]

The only way forward I had for handhelds with device software at version 4.5.x.x or older was to allow Persisted Plain Text in the IT Policy. I'm lucky enough to be in a position where I can decide on exceptions to our IT Policy for CESG and as long as such exceptions are documented with a strong business case and are signed off by senior management then we are advised that we are covered.

I have just tested a 9000 Bold handheld with device software version 4.6.0.221 and can confirm that the issue appears to be resolved in that version. I can disable Persisted Plain Text in an IT Policy assigned to it and view an email with an embedded image OK where the same email gives App Error 576 on a handheld running an older device software version.

My guess would be this has been resolved in device software 4.6.x.x and above (9000 Bold handsets and newer), not much use for us here as the vast majority of out handhelds are older and only have device software up to version 4.5.x.x

Something tells me RIM would rather we all buy nice new handhelds than fix this for older devices.