RIM has posted a security advisory (KB19701) that all BlackBerry Desktop Manager versions earlier than version 5.0 contain a vulnerability that would allow a malicious user to remotely execute code on your computer:

This advisory relates to a vulnerability in a Lotus Notes Intellisync DLL that the BlackBerry Desktop Manager may use. This vulnerability may allow a malicious user to perform an attack that leverages social engineering to achieve remote code execution on the computer running the BlackBerry Desktop Manager. If the legitimate (logged in) user clicks a link to a malicious web site (for example, in an email message, in a browser, or an instant message) on the computer that is running the BlackBerry Desktop Manager, a vulnerability in an Intellisync component could allow the malicious user who sent the link or created the malicious web site to execute code on the computer using the privileges of the legitimate user.

Note: The affected Lotus Notes Intellisync DLL is included by default in all BlackBerry Desktop Manager installations. This vulnerability exists whether or not the DLL is used after installation.

Issue Severity: This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.3.

Issue Status: Vulnerability confirmed. For more information, see the Resolution section.

To avoid becoming a victim of a malicious user RIM is recommending everyone update their BlackBerry Desktop Manager immediately to at least version 5.0.1.  To download this update visit the BlackBerry Software Downloads page and select appropriate version in the drop-down menu. RIM has also issued the following workaround:

You can disable the Lotus Notes Intellisync functionality by unregistering the Intellisync component DLL, lnresobject.dll. Disabling the functionality prevents a malicious user from exploiting the vulnerability.

To unregister the DLL on the computer running the BlackBerry Desktop Manager, at a command line enter the command: regsvr32 /u “C:\Program Files\Research In Motion\BlackBerry\IS71 Connectors\Lotus Notes5.0\lnresobject.dll”

via KB19701

Security is very important to businesses, which is why many trust the security that BlackBerry offers. Last week I posted about BlackBerry’s 26 advatanges over the iPhone, one of my favorites being:

Blackberry is an encrypted military-grade security platform, with 100% market share at FBI, CIA, White House, Congress, Department of Defense, major consultancies and major investment banks. In contrast, iPhone has security vulnerabilities.

RIM announced today a new model for their BlackBerry Smart Card Reader that is a lightweight, wearable, ISO 7816 compliant card reader that enables proximity controlled access to a users BlackBerry and computer.

Features:

• Enhanced Design – a sleeker design measuring only 3.98” x 2.4” x 0.57” and weighing only 2.26 oz. makes the peripheral more comfortable to wear. It also features a larger display and backlighting for easier viewing, as well as power management features that can extend battery life between charges (900mAh integrated lithium ion battery).
• Increased Security – when used with the BlackBerry® Enterprise Solution, the new BlackBerry Smart Card Reader offers additional security options that can be set by the IT administrator.
  • Additional Content Protection – IT administrators can configure settings to allow handset passwords to work only if the BlackBerry Smart Card Reader is within range. These settings add another layer of protection on top of the handset password and will also be enforcable for a secondary password* required to unlock encrypted data on the handset.
  • More Complex Bluetooth Passwords – the previous BlackBerry Smart Card Reader model supported a randomly generated 8-digit numeric Bluetooth pairing PIN and this new model can now support more complex Bluetooth pairing PINs with both characters (symbols, letters, capital letters) and numbers.
• Support for a Wide Range of Smart Cards – the BlackBerry Smart Card Reader supports all ISO 7816 compliant smart cards and provides out of the box support for Personal Identity Verification (PIV) cards, Common Access Cards (CAC) and Safenet 330 cards.

The new BlackBerry Smart Card Reader is expected to be available in September and is being previewed this week at the LandWarNet 2009 Conference in Ft. Lauderdale, FL.

For more info visit blackberry.com/go/smartcardreader or check out the full press release after the jump.

CONTINUE READING »

Kevin was able to get his hands on what looks like a draft PowerPoint of OS 5.0’s features and update details!

Here are some highlights:

• Mail Folder Management
• Forwarding Calendar Appointments
• Viewing Calendar Attachments
• Remote File Access to Windows Shares
• Wireless Contact Syncronization
• Microsoft PowerPoint viewing improvements
• Sticky Dates in Message List
• Conference Call Integration in Appointment Details
• Better Applications Memory Management
• Photo Resizing when sending Via Email
• Device Boot Screen
• Event Sounds
• Simplified Configuration Options
• Rename, Edit, Delete Profiles
• BlackBerry Maps, Browser, Multimedia, Security and OTASL Enhancements

So far it looks like this update will be made available for the following BlackBerry models:

• Bold 9000
• Pearl Flip 8220
• Curve 8900
• Storm 9500/9530

Older device support for OS 5.0 is unconfirmed right now.

Get full details and screenshots over at CrackBerry.

KeyToss let me know about a new mobile hotel booking website they just launched. With the new site you don’t need to stay planted at your PC stressing about vacation plans…now you can do that on the go!

Features include:

• Global location search
• Geolocation
• Flexibile date input
• Secure online wallet
• Security
• Maps
• Image galleries
• Multiple search profiles
• Flexible output
• Hotels.com best rate guarantee
• Currency calculator
• Flight status by route

Check it out at h.keytoss.com and let me know what you think!

More details and the full press release after the jump.

CONTINUE READING »

It seems we can’t go a day lately without a new story about some security screw-up involving a lost or misplaced Blackberry. This week, officials with John McCain’s campaign mistakenly sold a Blackberry to a Fox television reporter for $20 in a fire sale. The device contained confidential campaign information. And many Hollywood gossip publications were abuzz earlier this month with news that Tom Cruise had lost his Blackberry while promoting a movie in Toronto. (Mixed reports now peg the device as either “found,” or “never lost in the first place.”)

With all of these slip-ups, it’s no wonder White House officials want President-Elect Barack Obama to relinquish his Blackberry before taking office. With this in mind, CSO asked Dan Hoffman, author, mobile security expert and CTO of SMobile Systems, for his advice on ways to keep your Blackberry safe.

Read: 5 Ways to Secure Your Blackberry