[Dshield] Thoughts on Blackberry Security?
Wayne.Fielder at ky.gov
Thu Oct 7 15:43:08 GMT 2004
Passwords on the blackberry is an option but is not activated by default.
For other forensic kinds of questions on the Blackberry I refer you to an
excellent paper below:
This may be alittle dated but from our experience nothing too dramatic has
From: Michael Bitow [mailto:mbitow at GuardianCapital.com]
Sent: Thursday, October 07, 2004 8:47 AM
To: General DShield Discussion List
Subject: RE: [Dshield] Thoughts on Blackberry Security?
Odd. My Blackerry has a password.
> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org]On Behalf Of Wayne Beckham
> Sent: Wednesday, October 06, 2004 2:12 PM
> To: 'General DShield Discussion List'
> Subject: [Dshield] Thoughts on Blackberry Security?
> It seems the latest trend is for everyone to buy a blackberry
> and use it for
> accessing corporate email. I'm researching the security of
> such devices.
> >From what I read on the net, RIM uses a blackberry enterprise server
> (required) to encrypt corporate email through the firewall, where's it
> decrypted on the local device. So far so good. But is it
> really end-to-end
> Many of my users don't have the BB secure server - they're
> just setting up a
> rule that forwards their email to their blackberry account.
> SOOOOO, their
> email, is being sent clear text. Problem #2 - I read else
> where that a
> blackberry has no passwords, local data encryption, etc., and a stolen
> blackberry is a thief's dream.
> I'm just starting to figure this out and I don't have a blackberry to
> experiment with. I'd appreciate anyone else's insight on
> such practices.
> - Wayne
> DShield and the Internet Storm Center are sponsored by the
> SANS Institute.
> To learn more about current SANS training, see http://www.sans.org .
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
DShield and the Internet Storm Center are sponsored by the SANS Institute.
To learn more about current SANS training, see http://www.sans.org .
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list