BBHub

BlackBerry Connection plays "de-fense" U.S. Dept. of Defense, that is

Russell Shaw — 2007-01-31T14:46:00+00:00

I've just received my monthly copy of BlackBerry Connection.

This issue's lead article is about Smart Card security, as practiced by the U.S. Department of Defense.

Inside, there are pieces about ensuring your BlackBerry changes its time settings to Daylight Savings Time, BlackBerry solutions for various industries, and even how to play Tetris on your BlackBerry.

Read | Permalink | Email this | Comments

Upgraded Antair BlackBerry spam filter available on Handango

Russell Shaw — 2007-01-09T13:10:00+00:00

Filed under: Software, Security

Well, it should come as no surprise that we are starting to see anti-spam filters for BlackBerry.

I mean, only a matter of time before the spam mills discovered mobile devices, right?

Antair Spam Filter 1.3 lets you adjust filters for the strength of anti-spam protection you want on your BlackBerry.

I'd choose Normal. Strong, and you might get some false positives. That's when non-spam gets caught in the filter and when the person you sent you that like totally legit email pings you with "did you get my email," and then you see it is in your junk email.

From developer Antair Corporation, the Blackberry flavor of Antair Spam Filter costs $49.95. Club Handango Members pay $44.95.

Clicking Read below this post will get you to Handago.com's Antair Spam Filter order and download page.

Read | Permalink | Email this | Comments

BBForums Member: Verizon sent me 8703e with previous owner's data still on it!

Russell Shaw — 2006-12-19T12:53:00+00:00

Filed under: Stories, Verizon, Security, 8703

BlackBerry Forums member Andrew Palmer writes this morning that Verizon Wireless sent him a reworked, second-hand 8703e, or "Field Replacement Unit" (FRU) BlackBerry 8703e8703e, to replace his 8703e that melted down after just 60 days use. Yet the Verizon replacement arrived -- "and this I find alarming -- with the previous owner's private data STILL ON IT."

Ooh, that doesn't sound good.

Here's the personal data the replacement unit contained:

Two active -- and quite accessible -- email accounts.
All the emails of those accounts
All her personal contacts
All her calendar events for October and November, 2006
All her logged calls
All other data, unwiped.

Here's what Andrew did when he discovered this mess:

First, I made a full backup of the previous owner's 8703e data.
Wiped clean the phone, reinstalled BB OS so I could get it working and use it. (Still not fully data enabled, even after 2 hours with Tech Support.)
Contacted Verizon Tech. and notified them they irresponsibly sent me the previous owner's private data, told them her name, and told them I intended to contact her and inform her about Verizon's carelessness.
Took the full back up and emailed it to the previous owner (on her yahoo account) and notifed her of how Verizon had compromised her privacy. I included some plain text examples, to authenticate her private information about which I wrote. I also strongly encouraged her to contact Verizon and drop the hammer on them (hell, contact an attorney).

Kudos to you, 'drew. You done the right thing.

Read | Permalink | Email this | Comments

New patent app describes BlackBerry's role in real-time VPN

Russell Shaw — 2006-12-12T09:26:00+00:00

Filed under: Security, Patents

A BlackBerry Patent application filed with the Canadian Intellectual Patent Office points to a new method for a BlackBerry to work within a a Virtual Private Network.

That's not all, but we're talking working within a VPN for secure exchange of real-time data.

You're looking at what I consider the Patent app's key image above.

"But what do all these numbers mean," you ask.

This is one of these cases where the Abstract does a fine job explaining what's goin' on. And what all those numbers and arrows mean.
The Abstract says:

Protection of real-time data such as voice data exchanged as packets between a mobile electronic device (10) end a VPN gateway (122) during a media session over a communications link (130) that includes a wireless network (132). A first VPN connection (136) is established between the mobile electronic device (10) and the VPN gateway (122) through the communications link (130), the first VPN connection (136) using key-based encryption to protect data exchanged therethrough. While the first VPN connection (136) is established, a second VPN connection (138) is established between the mobile electronic device (10) and the VPN gateway (122) through the communications link (130), the second VPN connection (138) using key-based encryption to protect data exchanged therethrough. Real-time data packets are exchanged between the mobile electronic device (10) and the VPN gateway (122) through the second VPN connection (138).

Read | Permalink | Email this | Comments

Document describes built-in BlackBerry Enterprise Server protections against malware attacks

Russell Shaw — 2006-12-08T13:18:00+00:00

Filed under: Security, BlackBerry Enterprise Server

The BlackBerry Technical Knowledge Center has just posted a valuable document entitled "Protecting the BlackBerry device program against malware."

Among several other points, the document (linked below) notes that when a BlackBerry Enterprise Server admin pushes trusted third-party apps to BlackBerry devices, the device is designed to thwart malware attacks in the following ways:

When trying to download any kind of application, by default the BlackBerry device first downloads a small portion of the application to determine the hash and verify whether the application is permitted on the BlackBerry device.
BlackBerry Enterprise Server administrators can set IT policies and application control policies in the BlackBerry Manager to control the manual or automatic installation of third-party applications on BlackBerry devices and third-party application access to their organization's BlackBerry device resources and applications.
IT or BlackBerry Enterprise Server administrators can also place the BlackBerry Enterprise Solution in multiple network segments by installing each component on a remote computer and then placing each component in its own network segment.

The document then goes on to explain rules-related safeguards available to control third-party apps.

Read | Permalink | Email this | Comments

Symantec's Security Response Team Member Warms BlackBerry Opening

Melissa Oxendale — 2006-11-30T23:31:00+00:00

Filed under: Stories, Security

I just came across this story on my BlackBerry. John O'Connor who is a researcher on Symantec's security response team claims hackers can pay $100 for an API developer key. With this he says a hacker can gain access to information on a BlackBerry.

Apparently the information was posted on a blog and then pulled off, but not before eWEEK Security Watch got a peek. Ultimately it sounds like O'Connor thinks RIM has made it too easy to get a code-signing key without having to reveal who you really are.

He cautions about text messaging weaknesses as well as malicious applications being able to access email and contact information. Then these programs would be able to send out the stolen information via email or data.

What do you think?

Read | Permalink | Email this | Comments

EXCLUSIVE: Rogers Wireless employee details increased BlackBerry email anti-spam measures coming Saturday

Russell Shaw — 2006-11-29T18:23:00+00:00

Filed under: Rogers Communications, Security

A BBHub reader, Rogers Wireless employee and BlackBerry subscriber named "Gexxy" says he (maybe a she but for consistency will refer to Gexxy as "he") tells me he's just received an email from Rogers about new anti-spam measures being undertaken for their BlackBerry Internet Service Accounts.

"In response to the increased amount of SPAM e-mail that has been showing up in the Inbox @rogers.blackberry.net) of BlackBerry Internet Service customers, RIM will be implementing additional improvements to the BIS anti-spam filters to reduce, but not eliminate, the number of unwanted and unsolicited e-mails starting on December 2, 2006," the letter reads. "Also, RIM will be implementing additional enhancements to BIS in upcoming releases to further reduce the amount of SPAM messages."

The letter then goes on to say that this update to the BIS Anti-SPAM solution will be based on a Reputation Scoring System, and will require no end-user interaction, acceptance, or configuration by customers. There will be no charge for the Anti-SPAM solution on BlackBerry Internet Service.

Gexxy has also provided the text an FAQ that was included with the letter.

While we tend to avoid cut-and-paste jobs here like the plague, I think you will agree with me this new anti-spam policy is important enough to justify us replicating Rogers' FAQ about the subject.

S here goes:Q. What is SPAM?
A. SPAM is unsolicited e-mail on the Internet. It is a form of bulk mail that is sent to a large number of users belonging to a distribution list. To the receiver, it is generally unwanted and is considered as junk mail.

Q. How does the Anti-SPAM feature work on BIS?

A. The Anti-SPAM solution will be based on a Reputation Scoring System, and requires no end-user interaction, acceptance, or configuration by customers. There is no charge for the Anti-SPAM solution on BlackBerry Internet Service. Please NOTE: The Anti-SPAM on BIS only works with customers who have activated the optional @rogers.blackberry.net email account. BIS Anti-SPAM does not filter other email accounts such as POP3/IMAP, Yahoo!, Rogers Yahoo!, MSN, Gmail, etc. Customers will still need to configure their anti-SPAM settings with their 3 rd party ISP and email services to reduce any SPAM messages being delivered to their BlackBerry devices or desktop email client.

Q. Why is this happening only to @rogers.blackberry.net email accounts?

A. BIS Anti-SPAM for the @rogers.blackberry.net email accounts does not provide any end-user SPAM configurable settings. This is to make sure that legitimate email is not automatically blocked and will be delivered to the Inbox. BIS does provide end-users with the ability to setup up email filters so only email from approved senders will only be delivered to a customerâ?Ts Inbox. However, other POP3/IMAP services may provide anti-SPAM filters that allow customers to set their own thresholds. For further details, customers should contact their ISP (Internet Service Provider) or email service provider to find out more about their anti-SPAM settings. If the ISP or email service provider does not filter out SPAM email, these SPAM messages will still be delivered to their BlackBerry.

Q. How much does BIS service cost?

A. BIS is available at no additional charge to customers who activate their BlackBerry with a monthly BlackBerry e-mail plan or BlackBerry Voice & Email Package.

Q. What if a customer incurred an overage charge on their monthly bill as a result of SPAM email?

A. Customers who believe they have incurred an overage charge on their monthly bill as a result of SPAM email may be eligible for a one-time credit equal to a maximum of 1 MB ($5 - $31 depending on the BlackBerry Email or BlackBerry Voice & Email Package the customer has subscribed to). 1 MB of BlackBerry data is equivalent to 500 incoming email messages. Customers may contact Customer Care free of charge by dialing * 611 on their Rogers BlackBerry or by calling toll free at 1-877-764-3772. Please inform the customer they should only contact Customer Care once they have received their current bill. The one time credit adjustment will be processed up to February 28, 2007 .

Q. What does a customer do if they are still continuing to receive SPAM email in their BlackBerry Internet Service inbox?

A. There are two choices for customers. First choice, customers can setup filters on their @rogers.blackberry.net email account. The second choice is to remove the @rogers.blackberry.net email account. The @rogers.blackberry.net email account is a basic email account that is optional for customers. The Anti-SPAM filter on BIS does not provide user configurable settings for SPAM. Customers who no longer require the optional @rogers.blackberry.net email account can remove the account from their BlackBerry by clicking on the â?oEmail Settingsâ? icon or by selecting the Rogers WAP Browser and clicking â?oBlackBerry Internet Serviceâ?. Customers will be prompted for their username and password. Once logged in, click on â?oE-mail Accountsâ?. Next, click on the @rogers.blackberry.net email address. Click on â?oDeleteâ? to remove the account. Customers can also access their BIS account from their personal computer by going to www.rogers.com/bis.

BIS will allow customers to add up 10 POP3/IMAP email accounts. Therefore if customers have another email address that has anti-SPAM, and they are still receiving SPAM email, they should contact their ISP or Email Service Provider to configure the settings that best suits the need of the customer.

Additional information about setting up filters or removing the @rogers.blackberry.net email account is available at http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/270925/Receiving_SPAM_to_Hosted_BlackBerry.net_Address?nodeid=1288260&vernum=0 or customers may contact Rogers Wireless Technical Support at 1-866-931-DATA (3282) for further assistance.

If you have any further questions, please contact your Rogers representative.

Read | Permalink | Email this | Comments

Duh alert: lots of BlackBerrys left behind in taxis

Russell Shaw — 2006-11-29T11:50:00+00:00

Filed under: Stories, Security

Phonemag notes that in a survey of 85 taxicab companies serving the San Francisco-Oakland and the Washington-Baltimore metropolitan areas, 6,102 phones and PDAs were lost in taxis in the Washington-Baltimore area and 2,754 lost in SF region cabs within the last six months.

The good news is that mobile devices, including BlackBerrys, have a tendency to be returned: some 80 percent return rate in DC and 65 percent in SF.

But just having your device returned may not be enough for a reassuring feeling.

"It is good news that most of the lost devices were eventually returned to their owners. However, simply recovering the lost equipment may not be enough for all organizations," said Marty Leamy, president of Pointsec Mobile Technologies (which commissioned the study). "Corporations and government agencies need to know what happened to their sensitive data while it was out of their hands.

"Without proper safeguards and data encryption," Larny addedit may be impossible to tell whether the information was improperly accessed before the lost equipment was returned."

Read | Permalink | Email this | Comments

Same-day service will remotely unlock your BlackBerry for around $40

Russell Shaw — 2006-11-29T08:25:00+00:00

Filed under: Tips, Security

From time to time, I notice threads on the BlackBerry forums about remote unlocking for various BlackBerry models. We even receive some questions about these services as well.

After reading Boy Genius' favorable remarks about GSM Phone Source yesterday, I was once again reminded to tell you about this remote unlocking service and how it works.

Let's take the T-Mobile BlackBerry Pearl 8100 for example.

You pay $42.95 for the unlocking service, and when you submit your order you include the IMEI number for the BlackBerry you are unlocking in the notes section when you are making your PayPal payment. On this device you can locate your IMEI number when you enter *#06# from your phones keypad. It is a 15-digit number.

If you place your order by 3 p.m. Pacific Time, you'll typically receive your unlock code the same business day.

Read | Permalink | Email this | Comments

Suddenly Getting Spam To Your BIS Email?

Melissa Oxendale — 2006-11-16T07:59:00+00:00

Filed under: Tips, Security

Anyone else notice spam sent directly to your BlackBerry BIS email account? I just started getting it this past weekend and its still coming.

I find it odd because I don't usually give out the email address as it is too confusing. I send stuff to my yahoo or gmail address that gets sent on to my BlackBerry.

What I also noticed today was the to address isn't even my address, but it is still coming into my BIS email account. I have T-Mobile, but the spam I received today was addressed to a Melissa with Rogers.

I found a thread on Pinstack where other people are complaining about the spam as well and I was curious to see if anyone else was having the same problem.

Read | Permalink | Email this | Comments

Dutch legislators warned about BlackBerry security

Russell Shaw — 2006-11-07T11:55:00+00:00

Filed under: Security

Dutch intelligence service AIVD has told Dutch MPs to stop using the Blackberry to access their email because their messages are prone to interception, The Register newspaper reports today.

In 2003 one hundred Blackberry handhelds were given to leading politicians and campaign workers from the Dutch CDA (Christian Democratic) party. The concept was that they could access their e-mail wherever they were on the campaign trail.

"Being able to react to and agree on things rapidly is essential," Dutch Premier and leader of the CDA Jan Peter Balkenende told Dutch newspaper De Telegraaf when the devices are received.

Now almost every Dutch MP owns a Blackberry. However, last year Dutch intelligence service AIVD had already warned MPs not to discuss anything important through the device because theoretically every message can be intercepted, despite the fact that the Blackberry is capable of using Triple DES encryption for data transmission. Unfortunately, end-to-end encryption (where both parties are secured) cannot always be guaranteed.

The Dutch Department of Defense is sticking with BlackBerrys, saying it is using its own solution for securing data transmission

Read | Permalink | Email this | Comments

Condor File Explorer-another enterprise server file retriever tool

Russell Shaw — 2006-11-03T10:39:00+00:00

Filed under: Software, Security, BlackBerry Enterprise Server

There's more than one solution that lets you use your BlackBerry to retrieve and view documents from your enterprise file server.

Condor File Explorer is a thrid-party solution that uses the MDS featur eon your BlackBerry Enterprise Server to perform these functions.

This is done via a connection to the Active Directory. When the directory structure is published to the BlackBerry handheld, approved file type directories and related file lists are tramsmitted, secured by AES/3DES encryption. Once the BlackBerry device receives these files, they are cached on the handheld and canonly be updated upon user request.

Additionally, the administrator may customize which files will be displayable on users' devices.

Read | Permalink | Email this | Comments

Automatic email message erase tool VaporStream preps a BlackBerry edition

Russell Shaw — 2006-11-01T11:56:00+00:00

Filed under: Software, Security

VaporStream is a new type of email service that leaves no traces.

The concept is, you use your own email address send a message through the secure VaporStream server. This ensures there is no relationship between your message header and the body of your message.

Your recipient can only view the message once. Then, it disappears from the server, automaticlaly and without a trace.

Void Communications, which makes the $40 VaporStream utility, says they are developing a BlackBerry edition. It should be out in the next few months.

Read | Permalink | Email this | Comments

Multi-function ArmorPlus set to debut for BlackBerry 72x series

Russell Shaw — 2006-10-27T14:05:00+00:00

Filed under: Software, 7200, 7230, 7280, 7290, 7250, 7270, Security

Solution Technology said it will debut an all-in-one integrated ArmorPlus for BlackBerry 7200 utility.

To be rolled out at the upcoming Emergency Technology Business Showcase in Fort Lauderdale, Fla., a week from today, the application will include functionalities for for Barcode Scanning, GPS, Touch Screens with eSiguature and Secure Data Memory Card capability.

Specific components include:

Class 2 laser barcode scanner from Symbol Technologies;
ArmorPlus for BlackBerry GPS, with off-road and off-net capabilitiesm abd
Touch Screen Window option with signature capture capabilities and a touch-sensitive window;

Read | Permalink | Email this | Comments

Here's how to reset your BlackBerry password

Russell Shaw — 2006-10-27T08:34:00+00:00

Filed under: Support, Tips, Security

Even if just for an excess of caution, some security experts advise BlackBerry users to change their passwords from time to time.

Before some of you utter a collective "why is Russ writing about something so simple," let me tell you why I have chosen to do so.

That's because the BlackBerry Technical Knowledge Center -probably via internal memos from Tech Support- has decided this question is common enough to work up and post a new document describing how you should do this.

Essentially, you have two choices:

Your first alternative is type an incorrect password ten times. The data on the BlackBerry device will be erased and the password will be reset. After your BlackBerry is resent, you'll see a prompt for a new password.

The document notes that During the process of typing an incorrect password ten times, you may be prompted to type blackberry a few times.

But what if you don't want to go through that error-and-trial process to change your BlackBerry password? You have an alternative.

The document advises:

On the Home screen, click Options > Security Options > General Settings. Note: If you are running BlackBerry Device Software 4.0 Service Pack 2 or earlier, click Options > Security.
Display the menu and select Change Password.
Complete the on-screen instructions.

Read | Permalink | Email this | Comments

Miami-Dade County contracts with Onset for BlackBerry emergency communications enhancements

Russell Shaw — 2006-10-24T10:08:00+00:00

Filed under: Security

With its vulnerability to hurricanes, South Florida has an important and vested interest in secure and dependable communications among mobile first responders.

To help address these imperatives, Miami-Dade County is in the middle of a BlackBerry deployment. They've just taken a step forward by purchasing a 600-seat contract with wireless handset applications developer Onset Technology.

The contract will help Miami-Dade County enhance its BlackBerry usage capabilities.

Onset's META Message Emergency Communications will be integrated with BlackBerry usage to provide county-owned BlackBerrys to be able to handle several key functions necessary for smooth and efficient operation of an emergency services network. These include the ability to:

Update accurate PIN addresses automatically;
Blast PIN messages to groups and distribution lists;
Force message alerts to ensure immediate notifications;
Know when messages are received and read; and,
Store vital documents on handhelds for access regardless of coverage

Read | Permalink | Email this | Comments

BlackBerry Smart Card Reader now Bluetooth-to-XP compatible

Russell Shaw — 2006-10-24T07:55:00+00:00

Filed under: RIM, Software, Security

BlackBerry-maker Research In Motion has just announced enhancements to the BlackBerry Smart Card Reader software that will make it possible for the Reader to facilitate controlled access over a Bluetooth connection to a PC running Windows XP Service Pack 2 of higher,

The Reader supports the ISO 7816 specification for smart cards, including support for Department of Defense Common Access Cards (CACs) and the DataKey/Safenet 330 cards.

It's also capable of using the embedded security credentials of a smart card to provide two-factor authenticated access via Bluetooth to BlackBerry handsets and PCs.

Read | Permalink | Email this | Comments

BES for Domino security vulnerability reported-hotfix available

Russell Shaw — 2006-10-20T12:29:00+00:00

Filed under: Software, Tips, Security, BlackBerry Enterprise Server

A vulnerability has been reported in Blackberry Enterprise Server for Domino, which can be exploited by malicious users to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error in the handling of meetings. A malicious attack could result in BlackBerry Enterprise Server to stop responding. This would be accomplished by opening a deleted instance of a recurrent meeting and making a change to the meeting time in an attendee's calendar.

The vulnerability is reported in Blackberry Enterprise Server for Lotus Domino 4.1 SP2. Prior versions may also be affected.

The best solution is to Install 4.1 Service Pack 2 Hotfix 1.

Permalink | Email this | Comments

Patent app would equip networked BlackBerrys for malicious incident detection

Russell Shaw — 2006-10-19T09:02:00+00:00

Filed under: Security, Patents

Technology described in a new BlackBerry Patent application just published today could significantly improve the ability of a BlackBerry wireless network to detect and flag potentially malicious incidents.

This capability is detailed in U.S. Patent Application 20060236390, Method and system for detecting malicious wireless applications

Greatly simplified, this functionality would work by means of pre-set "execution metrics" defined by the BlackBerry administrator. These metrics could include high message traffic above a certain threshold, reoccuring message processing erros (perhaps due to improper use of back-end servers) and repeated instantiation of the same component or object.

Detection of these potential malicious incidents is followed by an "alert handler" on the network that receives this data. Based on rules set by the admin, a course of action may be instituted.

This is complex stuff, one that requires me to show you two screen grabs from the patent app- with plenty of details for each.

Here's what the Patent application literature says:

As shown in FIG. 3a, when an alert message is received (step S1), the alert handler 14 forwards the alert message (along with information identifying at least the involved terminal device 8 and wireless application) to the system administrator 20 (step S2).

This may, for example, be accomplished by way of an alert e-mail message. If desired, the alert handler 14 may also trigger (at S3) one or more methods of the administration services system 16 to implement auto-corrective actions and/or impose temporary restrictions on the involved wireless application, pending investigation by the system administrator 20.

Representative auto-corrective actions may, for example, include forcing execution of a script that addresses a known issue with the application.

Representative temporary restrictions may, for example, include restricting the allocation of bandwidth to the wireless application and/or limiting the flow rate of message traffic associated with the wireless application.

The alert handler can also determine (at S4) whether or not the wireless application should be quarantined pending investigation and resolution by the system administrator 20. This decision may, for example be based on a "severity level" of the alert.

For example, the system administrator 20 may determine that certain metrics are particularly indicative of either the operation of malicious application code, or overall system performance. For these metrics, threshold violations will normally indicate that the overall operation of the application gateway 2 is being adversely affected, and may indicate the presence of a mobile virus.

Accordingly, the system administrator 20 may assign a high severity level to these violations, which is included in the alert message generated by the messaging service 12. With this arrangement, the alert handler 14 can use the severity level to trigger automatic quarantining of any wireless application that violates a critical message flow or processing metric.

As may be seen in FIG. 3a, if the alert handler 14 determines that the wireless application should be quarantined (at S4), the alert handler 14 interacts with the administration services system 16 to trigger quarantining of the application (at S5).

In general, quarantining the application means that the application is prevented from sending or receiving messages, hence stopping it from performing any further malicious operations. Thus, execution of application logic on the AG 2 is frozen, and messaging to/from the terminal device 8 is blocked. In addition, any queued messages are saved, which facilitates investigation of the malicious behaviour by the system administrator 20. The application is kept in a "quarantined" state until the cause of the detected malicious behaviour (i.e. threshold violation) can be determined by the system administrator 20, and appropriate corrective action taken. Representative steps taken by the System administrator 20 and the administration services system 16 are described below with reference to FIG. 3b.

Now I will show you FIG. 3b. This illustration, and the accmpanying description, will tie this all together.

As shown in FIG. 3b, upon receipt (at S6) of the alert message from the alert handler 14, the system administrator may conduct an investigation (at S7) into the nature and cause of the malicious operation. For example, the system administrator 20 may determine whether or not the threshold violation actually represents improper or malicious operation of the wireless application (at step S8).

If the wireless application is operating properly, then the alert message can be disregarded. If the application was quarantined at steps S4 and S5 above, then the application can also be "un-quarantined" (at Step S9). Un-quarantining the application re-enables the application to send and receive messages.

Thus, execution of application logic on the AG 2 is allowed to resume, as is messaging to/from the terminal device 8. In addition, any queued messages can be released, so that the application can resume operation from the state it was in when it was quarantined. I

n addition, the system administrator 20 may also adjust (at step S10) the threshold value(s) used by the messaging service 12, and/or the severity level of the threshold violations, that gave rise to the original alert being sent to the alert handler 14.

By adjusting threshold values, the system administrator 20 can prevent the messaging service 12 from generating spurious alerts. Adjusting the severity level allows the alert handler 14 to processes an alert generated by the messaging service 12, but without unnecessarily quarantining the application.

If an improper or malicious operation is found to have occurred (at step S8), then the system administrator 20 may determine (at Step S11), whether or not the wireless application has already been quarantined (i.e. by the alert handler 14). If not, then the system administrator 20 can force the application into quarantine (at S12). In either case, the system administrator 20 may determine (at Step S13), whether or not the wireless application can be repaired. If so, then the system administrator 20 can take appropriate repair steps (at Step S14) before un-quarantining the (repaired) application (at step S15).

Representative repair may, for example, include forcing the download and execution of scripts to the involved terminal device that address known issues with the application, and/or update the execution state of the application so as to return the application to a healthy execution state.

These operations, and the scripts that perform them, may, for example, be provided by the application developer based on known data components and application logic, and their intended execution states.

If the wireless application cannot be repaired, then the system administrator 20 can determine whether or not there is an upgrade available for the wireless application (at step S16).

If an update is available, the system administrator 20 may force installation of the upgrade (at step S17) before un-quarantining the (upgraded) application (at S15). On the other hand, if no upgrades are available, then the system administrator 20 can force deletion of the wireless application (step S18).

Read | Permalink | Email this | Comments

Here's a primer on BlackBerry Enterprise Activation

Russell Shaw — 2006-10-18T07:46:00+00:00

Filed under: Tips, Security

It's Wednesday, and you need to activate your BlackBerry device for enterprise use.

You might find it helpful to check out the BlackBerry Technical Knowledge Center's newly posted document, Stages of Enterprise Activation.

The doc walks you through the four phases of this process, including:

Activation;
Encryption Verification;
Receiving Services, and
Slow Synchronization.

This resource is too lengthy to cite extensively here, but let us take a look at the second stage, Encryption Verification. That's what happens when the BlackBerry device creates an encrypted activation message containing an ETP.DAT file and sends it wirelessly to the BlackBerry device user's network. Upon receiving the message, the BlackBerry device displays a status of Activating?

Now let us learn about Encryption Verification;

In Encryption Validation:

The activation message (containing the ETP.DAT file) is routed through the BlackBerry Infrastructure to the BlackBerry device user's mailbox as a standard message with an attachment. Upon arrival in the Inbox, the BlackBerry Messaging Agent checks the message contents. Once the BlackBerry Enterprise Server receives the message, the activation process starts.

The BlackBerry Enterprise Server processes the data attached to the message, first verifying that the encrypted password matches the one set for the user. If it matches, the BlackBerry Messaging Agent generates a new permanent encryption key using either Triple Data Encryption Standard (Triple DES) or Advanced Encryption Standard (AES) and sends it to the BlackBerry device. The BlackBerry device then displays a status of Verifying Encryption.

Read | Permalink | Email this | Comments