[Dshield] Thoughts on Blackberry Security?

Wayne.Fielder@ky.gov Wayne.Fielder at ky.gov
Thu Oct 7 15:43:08 GMT 2004


Passwords on the blackberry is an option but is not activated by default.

For other forensic kinds of questions on the Blackberry I refer you to an
excellent paper below:

http://www.rh-law.com/ediscovery/Blackberry.pdf

This may be alittle dated but from our experience nothing too dramatic has
changed.

-----Original Message-----
From: Michael Bitow [mailto:mbitow at GuardianCapital.com]
Sent: Thursday, October 07, 2004 8:47 AM
To: General DShield Discussion List
Subject: RE: [Dshield] Thoughts on Blackberry Security?


Odd.  My Blackerry has a password.

> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org]On Behalf Of Wayne Beckham
> Sent: Wednesday, October 06, 2004 2:12 PM
> To: 'General DShield Discussion List'
> Subject: [Dshield] Thoughts on Blackberry Security?
> 
> 
> It seems the latest trend is for everyone to buy a blackberry 
> and use it for
> accessing corporate email.  I'm researching the security of 
> such devices.
> >From what I read on the net, RIM uses a blackberry enterprise server
> (required) to encrypt corporate email through the firewall, where's it
> decrypted on the local device.  So far so good.  But is it 
> really end-to-end
> encrypted?  
> 
> Many of my users don't have the BB secure server - they're 
> just setting up a
> rule that forwards their email to their blackberry account.  
> SOOOOO, their
> email, is being sent clear text.  Problem #2 - I read else 
> where that a
> blackberry has no passwords, local data encryption, etc., and a stolen
> blackberry is a thief's dream.  
> 
> I'm just starting to figure this out and I don't have a blackberry to
> experiment with.  I'd appreciate anyone else's insight on 
> such practices.  
> 
> - Wayne
> 
> 
> _______________________________________________
> DShield and the Internet Storm Center are sponsored by the 
> SANS Institute.
> To learn more about current SANS training, see http://www.sans.org .
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: 
http://www.dshield.org/mailman/listinfo/list

_______________________________________________
DShield and the Internet Storm Center are sponsored by the SANS Institute.
To learn more about current SANS training, see http://www.sans.org .

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list