http://www.eweek.com/c/a/Security/RIM-Plugs-BlackBerry-Security-Hole-165742/ By Brian Prince eWEEK.com 2009-10-02 Research In Motion fixes a security bug it says left BlackBerry users open to phishing attacks. Research In Motion has plugged a security hole that left BlackBerry users open to phishing attacks. The bug lies in the BlackBerry browser dialog box, which provides information about Website domain names and their associated certificates. While the dialog box informs users when there is a mismatch between site domain names and domain names indicated in associated certificates, it does not properly illustrate that the mismatch is due to the presence of some hidden characters in the site domain name. As a result, users can be fooled more easily into logging on to malicious sites. "A malicious user could create a web site that includes a certificate that is purposely altered using null (hidden) characters in the certificate's Common Name (CN) field or otherwise manipulated to deceive a BlackBerry device user into believing they have connected to a trusted web site," according to the company's advisory. [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.orgReceived on Mon Oct 05 2009 - 01:07:25 PDT
This archive was generated by hypermail 2.2.0 : Mon Oct 05 2009 - 01:39:47 PDT