By Brian Prince
Research In Motion fixes a security bug it says left BlackBerry users
open to phishing attacks.
Research In Motion has plugged a security hole that left BlackBerry
users open to phishing attacks.
The bug lies in the BlackBerry browser dialog box, which provides
information about Website domain names and their associated
certificates. While the dialog box informs users when there is a
mismatch between site domain names and domain names indicated in
associated certificates, it does not properly illustrate that the
mismatch is due to the presence of some hidden characters in the site
As a result, users can be fooled more easily into logging on to
"A malicious user could create a web site that includes a certificate
that is purposely altered using null (hidden) characters in the
certificate's Common Name (CN) field or otherwise manipulated to deceive
a BlackBerry device user into believing they have connected to a trusted
web site," according to the company's advisory.
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News