BlackBerry Forums Support Community
              

Closed Thread
 
Thread Tools
Old 01-17-2011, 05:53 AM   #1
lop1
Knows Where the Search Button Is
 
lop1's Avatar
 
Join Date: Feb 2009
Location: Perros-Guirec
Model: 9700
OS: 5.0.0.979
Carrier: orange
Posts: 28
Angry Blackberry Browser Application Lets Remote Users Deny Service

Please Login to Remove!

SECURITY ALERT for Blackberry devices :

A remote user can create specially crafted HTML that, when loaded by the target user, will cause the target user's browser to become unresponsive. The browser will restart and display an error message. (KB24841-Partial Denial of Service (DoS) in the BlackBerry browser application)

There are fixes from RIM BUT BUT only for OS 5 and OS 6 !!

the OS 4xxx is now UNSUPPORTED ! as explain by RIM :

"RIM has issued a software update that resolves this issue in BlackBerry Device Software versions later than 5.0.0. BlackBerry Device Software version 4.7.0 and earlier is unsupported"

Here are the affected versions :

Vulnerable software and versions ( cf NVE CVE-2010-2599 )
* rim:blackberry_software:5.0.0.593
* rim:blackberry_software:5.0.0.983
* rim:blackberry_software:5.0.0.973
* rim:blackberry_software:5.0.0.1041
* rim:blackberry_software:4.0
* rim:blackberry_software:4.7
* rim:blackberry_software:4.6.1
* rim:blackberry_software:4.6
* rim:blackberry_software:4.5.0
* rim:blackberry_software:4.7.1
* rim:blackberry_software:5.0.0.882
* rim:blackberry_software:5.0.0.1036
* rim:blackberry_software:5.0.0.1039 and previous versions

I always had the feeling that RIM was very security conscious and was taking care of his users, that feeling is gone and for all.
Offline  
Old 01-17-2011, 08:41 AM   #2
aiharkness
BlackBerry God
 
aiharkness's Avatar
 
Join Date: Jul 2005
Location: Florida Panhandle
Model: BBPP
OS: 10.3.3
Carrier: T-Mobile USA
Posts: 14,081
Default Re: Blackberry Browser Application Lets Remote Users Deny Service

Does Microsoft still patch Windows 95? No, it is way beyond end of life.

Like it or not, that's the way it is.

Or I don't see your point.
__________________
- Ira
Offline  
Old 01-17-2011, 11:52 AM   #3
lop1
Knows Where the Search Button Is
 
lop1's Avatar
 
Join Date: Feb 2009
Location: Perros-Guirec
Model: 9700
OS: 5.0.0.979
Carrier: orange
Posts: 28
Angry Re: Blackberry Browser Application Lets Remote Users Deny Service

OK you don't see my point ( sorry for my bad American/English, it is not one of my main languages).

- you point on windows 95, can I remind you that is was made available in 1995, 16 years ago, I can understand that microsoft ( which is not building his image on security ) stop the security updates.

- After 95 there was NT, 98, 98SE, NT4, millenium, 2000, XP, Vista and 7. If you take only XP which was made available in 2002 ( 9 years ago ). Even if it is not officially supported by Microsoft , I get the security updates on our computers every first tuesday. NOT bad for an unsupported product from a company that is not building on security...

- We bought the last batch of blackberries 81xx and 83xx in 2010 ( yes well known operators sell them ), and now one year later no more security support !

really BAD for a company

BUT deadly shocking from a company building his image on security

Can I remind you that there are several millions of blackberry 81xx and 83xx still used by RIM customers .
I can understand that they can't get OS5 because of memory constraints, BUT I can't understand the NO security support from RIM.

So YES the security image of RIM is not anymore, sorry for that, they are now just one of those...
Offline  
Old 01-17-2011, 12:21 PM   #4
aiharkness
BlackBerry God
 
aiharkness's Avatar
 
Join Date: Jul 2005
Location: Florida Panhandle
Model: BBPP
OS: 10.3.3
Carrier: T-Mobile USA
Posts: 14,081
Default Re: Blackberry Browser Application Lets Remote Users Deny Service

I just picked Win95 as it was first to mind as an OS that is at (actually way beyond) end of life. To me older 4.X OS devices are not any different, especially in the smart phone arena where today's new is old in eighteen months.

In the bigger scheme of things, a DoS issue isn't great, but it also doesn't strike me as catastrophic.

RIM obviosly made a cost benefit decision. It's fair to make your own assessment and do what is best for you and/or your business.

In my mind I still put RIM's security consciousness and practices way, way above the competition.
Posted via BlackBerryForums.com Mobile
Offline  
Old 01-17-2011, 03:11 PM   #5
knottyrope
BlackBerry Elite
 
knottyrope's Avatar
 
Join Date: Jan 2008
Location: Massachusetts
Model: DT60
OS: 123456789
PIN: t of blood has been taken
Carrier: AT&T-US with I dee ten tee errors
Posts: 7,325
Default Re: Blackberry Browser Application Lets Remote Users Deny Service

FYI, all trackball devices will be discontinued soon.
__________________
I had to fall
To lose it all
But in the end
It doesn't even matter

Rocking the Motion with out lotion.
Offline  
Old 01-18-2011, 11:15 PM   #6
Jagga
CrackBerry Addict
 
Jagga's Avatar
 
Join Date: Oct 2004
Location: Toronto
Model: Z10
Carrier: Lord Rogers - 107
Posts: 862
Default Re: Blackberry Browser Application Lets Remote Users Deny Service

If not already discontinued.

I find it ODD how a retailer provider or authorized 3rd party or direct channel found it reasonable to sell you such old units: 83xx units are at least 2yrs old now; and did they state how long warranty is supported and guaranteed for?! Why didn't you purchase the most recent curve models? or 1 generation behind?!
__________________
Senior help desk administrator (rim_db_admin_sr_helpdesk)
Serious Mobile
Offline  
Old 01-19-2011, 01:22 PM   #7
lop1
Knows Where the Search Button Is
 
lop1's Avatar
 
Join Date: Feb 2009
Location: Perros-Guirec
Model: 9700
OS: 5.0.0.979
Carrier: orange
Posts: 28
Default Re: Blackberry Browser Application Lets Remote Users Deny Service

These 83xx were still available six months ago at the operator shop. So we bought them for our teams.
Why them, just because they have all what we need ( mail security and stability ) and they have the BEST keyboard ( from my point of view better than the 9520, the 9300 and the 9700 ) and the price was nice ( important for a small company).

As they are still under waranty we may ask the operator to change them or refund.
Offline  
Old 01-22-2011, 10:07 PM   #8
SteveO86
BlackBerryForums.com Super Moderator
 
SteveO86's Avatar
 
Join Date: Sep 2007
Location: Florida
Model: 9650
OS: 6.0.0.280
PIN: I heard it drop!
Carrier: VZW BIS
Posts: 6,534
Default Re: Blackberry Browser Application Lets Remote Users Deny Service

I'm with aiharkness on this one.. The 83xx's are a 3/4 year old device. That's why it was cheap.. the 93xx is the replacement for the 83xx devices.
__________________
8830 -> 8330 -> 9550 -> 9650
Just think about how far BlackBerries have come from then till now... And what else is coming.

Follow me on Twitter
Offline  
Old 01-23-2011, 03:18 PM   #9
aiharkness
BlackBerry God
 
aiharkness's Avatar
 
Join Date: Jul 2005
Location: Florida Panhandle
Model: BBPP
OS: 10.3.3
Carrier: T-Mobile USA
Posts: 14,081
Default Re: Blackberry Browser Application Lets Remote Users Deny Service

On this one? I hope not just on this one.

My first two BlackBerrys I bought when they were soon to be taken off the retail market and T-Mobile was practically giving them away. It was a good deal for me as far as $'s, but there are downsides as the OP has found.

Depends on what you want.
__________________
- Ira
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads for: Blackberry Browser Application Lets Remote Users Deny Service
Thread Thread Starter Forum Replies Last Post
New Blackberry Server wants to reactivate users after power outage! Urlryn BES Admin Corner 19 12-27-2007 03:55 PM
Blackberry Activation(s)... Barry_Black General BlackBerry Discussion 5 06-07-2007 12:07 PM
Blackberry Enterprise Activation Woes rgf207 BES Admin Corner 2 05-23-2007 02:21 PM
Vodafone and Dimension Today Installation Information (7130e) zarza Media Center 42 06-12-2006 09:14 PM
BES for Exchange 4.0.4 Available Now BlackBerryLinks BES Admin Corner 28 05-06-2006 10:38 AM


BISSELL 3-in-1 Turbo Lightweight Stick Vacuum, 2610 (Black) picture

BISSELL 3-in-1 Turbo Lightweight Stick Vacuum, 2610 (Black)

$36.06



Bissell 3-in-1 Lightweight Corded Stick Vacuum 2030 picture

Bissell 3-in-1 Lightweight Corded Stick Vacuum 2030

$27.44



ELITech Group Selectra ProM Vacuum Pump Membrane Kit EPDM 6003-153-00 picture

ELITech Group Selectra ProM Vacuum Pump Membrane Kit EPDM 6003-153-00

$129.95



Shop Vacuum upholstery extractor conversion kit auto vac detail carpet or home.  picture

Shop Vacuum upholstery extractor conversion kit auto vac detail carpet or home.

$192.00



3 CFM Air Vacuum Pump HVAC Manifold Gauge Set AC A/C Refrigeration Kit picture

3 CFM Air Vacuum Pump HVAC Manifold Gauge Set AC A/C Refrigeration Kit

$49.30



Commercial Vacuum Sealer Machine Chamber Food Saver Bag Packing Sealing 110V picture

Commercial Vacuum Sealer Machine Chamber Food Saver Bag Packing Sealing 110V

$270.89







Copyright © 2004-2016 BlackBerryForums.com.
The names RIM © and BlackBerry © are registered Trademarks of BlackBerry Inc.