Nov 13. 2013
Nov 13. 2013
News – BlackBerry has made a big mistake with his BB10 OS. Connecting to a PC or Mac computer that is vulnerable, discovered the infamous hole hunter Tavis Ormandy.
Connecting a BlackBerry smartphone on a Windows PC or Mac ensures that the computer is open to attackers put automatically. Through an autorun setting to install the BlackBerry Link management is also installed nginx webserver. That open source software is then set to serve as the WebDAV server which shares the Appdata folder, for reading and writing.
serviceWithout access control or authentication
This happens “without access control or authentication” security researcher Tavis Ormandy discovered. “This looks out error for several reasons,” he. Blogs BlackBerry violates this not only the security model of Windows NT (which still serves in modern Windows versions). The address used by the WebDAV server is also published on multicast DNS. “So everyone on the network can see it.” This makes computers so vulnerable to remote code execution (RCE, remote code execution).
Ormandy is famous for its various finds of great basic holes in different software like Windows, Linux and Sophos Antivirus. The hole hunter who is employed by Google, is also controversial because of his belief that disclosure of vulnerabilities is more important than waiting until a supplier comes with a patch.
Patchen but
The practice of full disclosure at this time does not seem to be the order. Ormandy states in his blog post about his discovery that RIM (BlackBerry what is now called) the gap is closing today. Referred to by him CVE number of this vulnerability has therefore “reserved” status.
Featured white papers
Internet Security Threat Report 2013
Download
analyzes, forecasts and trends around Internet security.
Telco transforms to cloud provider
Download
This technical case study brings the transformation of telecom supplier to cloud map.
No comments:
Post a Comment