AOH :: ISNQ5476.HTM

RIM Plugs BlackBerry Security Hole

RIM Plugs BlackBerry Security Hole
RIM Plugs BlackBerry Security Hole


http://www.eweek.com/c/a/Security/RIM-Plugs-BlackBerry-Security-Hole-165742/ 

By Brian Prince
eWEEK.com
2009-10-02

Research In Motion fixes a security bug it says left BlackBerry users 
open to phishing attacks.

Research In Motion has plugged a security hole that left BlackBerry 
users open to phishing attacks.

The bug lies in the BlackBerry browser dialog box, which provides 
information about Website domain names and their associated 
certificates. While the dialog box informs users when there is a 
mismatch between site domain names and domain names indicated in 
associated certificates, it does not properly illustrate that the 
mismatch is due to the presence of some hidden characters in the site 
domain name.

As a result, users can be fooled more easily into logging on to 
malicious sites.

"A malicious user could create a web site that includes a certificate 
that is purposely altered using null (hidden) characters in the 
certificate's Common Name (CN) field or otherwise manipulated to deceive 
a BlackBerry device user into believing they have connected to a trusted 
web site," according to the company's advisory.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org

Site design & layout copyright © 1986- CodeGods