What is Digg?26 Comments
- oGMo, on 10/12/2007, -1/+9This sounds like a *LOT* of spin. Someone writes a proxy/VPN for a blackberry, and now they're suddenly ELITE CORPORATE STEALTH HACKERS.
This is pretty much BS. You can't download and install something on these without being explicit (encrypted wifi, limited bluetooth, what's the vector here?), and you have to interactively grant code permissions, even to make a net connection. Details in the article are scant. This sounds like someone who hacked up a few lines of Java with his extensive "consultant" experience, emailed Wired, and "in theeeeory you miiiight...".
Sounds much more useful as a tool for users trying to proxy into the network *themselves*, or mostly someone trying to drum up attention. - WorldBuilder, on 10/12/2007, -1/+8Hack a wireless device? Unthinkable...
- snownskate, on 10/12/2007, -0/+6You've obviously never used one for a period of time. Nothing out there compares to the BES/handheld combo right now.
- bluemeep, on 10/12/2007, -0/+4I had to read the title four times before I finally "got" it.
First time, I though it was about hacking actual blackberries. Second time, I though it was about the molestation of juice at Target stores. Third time, I though it was about turning your PDA into a drink dispenser.
I need more coffee. - mlw72z, on 10/12/2007, -0/+3There are three ways to install an application on a BlackBerry device: via the application loader when the device is plugged in, OTA (over the air) push from the BlackBerry enterprise server, or via an explicit download URL that requires user input on the device to initiate the installation. Only digitally-signed applications can do anything useful (network communications, persistent storage, PIM functions, etc.) and therefore it's possible to trace any such application to the developer who had to pay a fee to get the application signed in the first place. Once the application is loaded on the device, the first time it attempts to do anything useful (like opening a network connection or accessing your email) the user will be once again prompted to determine if that operation should be allowed.
- RyeBrye, on 10/12/2007, -0/+2I wonder who will sue them first... RIM or NTP? My money is on NTP - There's probably some obvious technology at work in this they have patented...
- jonesy, on 10/12/2007, -1/+3@oGMo
From the article: "The program, called BBProxy, has to be placed on a Blackberry either physically or as a Trojan horse delivered by e-mail."
There's your attack vector. - metfoo, on 10/12/2007, -0/+2i love how wired mentions RIM knows of the exploiits and posted docs on hardening the server, but the fail to link to them. A search for BBProxy also returns nothing...
- inactive, on 10/12/2007, -0/+1It'll be rendered useless until it's physically compromised.
Then again, there's the old axiom of 'if they can touch it, consider it owned'. - aptiva, on 10/12/2007, -2/+3@MasterChi
Knowing sarcasm when you see it feels really nice doesn't it?
..oh wait :) - oGMo, on 10/12/2007, -1/+2Please note what I said: "Details in the article are scant." And that this is entirely theoretical.
Placing this on the BlackBerry "as a Trojan" is about as likely as doing the same thing on a *nix machine. I'm not sure it's even *possible* to install something from an email, but it would require the user manually go through the install process. Which is not a viable vector.
The people who use these things are mostly corporate types who aren't going to just install random apps from emails from people they've never heard of. Any such email would likely get deleted before being read. - freelance24, on 10/12/2007, -0/+1I just want to teather to my iBook anf surf the internet.
- Chainsaw, on 10/12/2007, -1/+2Thats impressive...
- tarjan, on 10/12/2007, -1/+2It is *NOT* possible as an email. Link in an email yes, but not as an email. Considering the importance of BB the writer of the article really should have checked the facts.
BTW: the BES can be configured to not allow the device to run unsigned applications or applications not specifically approved by the administrator. This will render this "hack" completely useless. - evilic0n, on 10/12/2007, -1/+2The blacker the berry, the sweeter the hack.
- xhost, on 10/12/2007, -1/+2If you went to DefCon, you would have seen a demo, and how to get the BBProxy on a blackberry. It is not BS, it is legitimate.
- SMobileMan, on 10/12/2007, -0/+0The issue revolving around the development and release of BBProxy are interesting ones. The Blackberry does however have a few vulnerabilities and it is easier to exploit the device then most would think. For instance if the BBProxy were built into another application like a mobile game or an application that checks the weather or any application that would be transparent the user wouldn’t know they were running the exploit. The solution provided by RIM "Limit what the device can do by locking them down" is not the right one. Who wants a device that is less functional?
- ibanyan, on 10/12/2007, -0/+0Not a big deal at all.
Listen to Jesse talk about it on this special edition of the MCA podcast.
http://mca.libsyn.com/ - swirvi, on 10/12/2007, -0/+0Lighten up jggr you just have a bad sense of humor. Blatant textual sarcasm is easy enough to spot, and i440 was laying it on pretty thick. In case you can't tell I'm not being sarcastic. ( < but that was ironic (< and so was that))
- alteredgenetics, on 10/12/2007, -1/+0i got blackberry, try hacking mine if you gothing to do :)
- jggr, on 10/12/2007, -3/+2@aptiva (And please note, this is not a personal to you, just to the situation):
Sarcasm doesn't really work in text form. For a post to be considered sarcasm, it will have to be labeled as such. So until i440 comes back and says he was attempting to be sarcastic, I'm going to side with MasterChi and say that i440 is making blanket statements without any real knowledge of the subject.
Remember folks, we're not mind readers. It's sometimes hard enough to figure out if someone is genuine when you can hear them talk and see their body language, it's damn near impossible in text. So, unless you're just a troll looking for responses, and fanning the flames, BE CLEAR!..... Or go to fark... Er, check that... Just go to fark if you're a troll.
(Sorry for the thread-jack....This is just a pet peeve, and needed to get it off my chest... Feel free to bury me.)
--------------------------
Be part of the solution, not part of the problem. - MasterChi, on 10/12/2007, -5/+3@I440
Not all hackers are "immoral" and are evil, there are some legit "hackers" that choose to find vulnerabilities in systems, such as the blackberry, for a fix before a truly "immoral hacker" does do something improper.
http://en.wikipedia.org/wiki/White-hat_hacker - i440, on 10/12/2007, -9/+7Remember, hackers ALWAYS compromise systems and always, always do immoral things. I just wanted to make that very clear.
- NtHammer, on 10/12/2007, -3/+1who woulda thought.... ^_^
- mmaf, on 10/12/2007, -3/+0hah yea
- n31m, on 10/12/2007, -6/+0bb sucks anyways.-
Check out the new & improved 
© Digg Inc. 2009
— Content created and posted by Digg users is