Internet Explorer and Safari first to fall at Pwn2Own 2011, Chrome and Firefox still standing !

Pwn2Own, the annual three-day browser hackathon, has already claimed its first two victims: IE8 on Windows 7 64-bit, and Safari 5 on Mac OS X. Google Chrome looks set to survive for its third year in a row. Internet Explorer 8 was thoroughly destroyed by independent researcher Stephen Fewer. "He...

Novell ZENworks Handheld Management ZfHIPCND.exe Buffer Overflow (CVE-2010-4299)

Novell ZENworks Handheld Management is part of the Novell ZENworks suite that allows administrators to remotely update, configure, and inventory handheld devices such as Palm, Windows CE, PocketPC, and RIM BlackBerry. A buffer overflow vulnerability has been reported in Novell ZENworks Handheld...

[TEHTRI-Security] CVE-2010-2599: Update your BlackBerry

Gents, BlackHat Washington DC has just finished, and we wanted to let you know that RIM officially released a patch for the vulnerability found by TEHTRI-Security in BlackBerry devices, and covered during our talk: "Inglourious Hackerds: Targeting Web Clients". The 0day created by TEHTRI-Security...

Week in Security: Chinese SCADA Miscommunication and Botnets 2011: The Return

The specter of Stuxnet reared its head again this week, with news of a critical hole in some Chinese SCADA software, while, elsewhere, botnets reloaded following a holiday break, and patches from Microsoft, Google and RIM made headlines. Read on for the full week in review. At the top of the news...

RIM Releases Security Advisory for BlackBerry Enterprise Server

RIM has released a security advisory to address a vulnerability in the PDF distiller of the BlackBerry attachment service for BlackBerry Enterprise Server. This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and...

CVE-2010-2603

The CVE-2010-2603 entry affects BlackBerry Desktop Software (Windows PC 4.7–6.0; Mac 1.0). The vulnerability arises from using a weak password to encrypt the database backup file, enabling local users to brute-force decrypt the backup. OpenVAS/Nessus records corroborate an information-disclosure/...

RIM Releases Security Advisory for BlackBerry Enterprise Server

RIM has released a security advisory to address a vulnerability in the PDF distiller of the BlackBerry attachment service for the BlackBerry Enterprise Server. The vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and...

Design/Logic Flaw

The browser in Research In Motion RIM BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an...

CVE-2010-3934

The CVE-2010-3934 issue affects BlackBerry Device Software running on the BlackBerry 9700: 5.0.0.593 Platform 5.1.0.147. The browser fails to properly restrict cross-domain JavaScript, allowing remote attackers to bypass the Same Origin Policy via window.open and an IFRAME. This indicates exposur...

CVE-2010-3741

The offline backup mechanism in Research In Motion RIM BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack...

Design/Logic Flaw

The offline backup mechanism in Research In Motion RIM BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack...

CVE-2010-3741

CVE-2010-3741 : The offline backup mechanism in BlackBerry Desktop Software uses a single-iteration PBKDF2, enabling local brute-force attacks to decrypt a .ipd file. Affected: BlackBerry Desktop Software (offline backup feature). Root cause: inadequate key-derivation iterations in PBKDF2. Impact...

Security Advisories from TEHTRI-Security at HITB Europe

Gents, TEHTRI-Security was invited to give a talk called "Web In The Middle, Attacking Clients", at the first Hack In The Box Europe, Amsterdam http://conference.hackinthebox.org/hitbsecconf2010ams/ . During our talk, we released multiple advisories and we explained many issues related to some...

RIM BlackBerry Enterprise Server Router Component Denial of Service (CVE-2005-2342)

The Research In Motion RIM BlackBerry Enterprise Server is a component that integrates with an enterprise email server in order to extend its functionality. BlackBerry Enterprise Server integrates with messaging platforms such as the Microsoft Exchange Server and other corporate application serve...

CVE-2009-4778

Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion RIM BlackBerry Enterprise Server BES software 4.1.3 through 4.1.7 and 5.0.0, and BlackBerry Professional Software 4.1.4, allow user-assisted remote attackers to cause a denial of...

CVE-2009-4778

CVE-2009-4778 affects Research In Motion/BlackBerry BES and BlackBerry Professional Software, where the PDF distiller in the Attachment Service is vulnerable to user‑assisted remote exploitation via a crafted PDF file attachment. The issue enables a denial of service (memory corruption) and poten...

RIM Security Warns of Wireless DDoS Attacks

Hackers could one day turn ordinary smart phones into “rogue” devices to attack major wireless networks, Research In Motion’s security chief warned. Scott Totzke, RIM’s vice-president of BlackBerry security, said hackers could use smart phones to target wireless carriers using a technique similar...

CVE-2009-3944

Research In Motion RIM BlackBerry Browser on the BlackBerry 8800 allows remote attackers to cause a denial of service application hang via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property...

Design/Logic Flaw

Research In Motion RIM BlackBerry Browser on the BlackBerry 8800 allows remote attackers to cause a denial of service application hang via a JavaScript loop that configures the home page by using the setHomePage method and a DHTML behavior property...

Critical Flaw in BlackBerry Desktop Manager Software

Research in Motion RIM has shipped a patch to cover a gaping hole in its BlackBerry Desktop Manager software. The vulnerability, which exists in a Lotus Notes Intellisync DLL that the BlackBerry Desktop Manager uses, allows a malicious user to perform an attack that leverages social engineering t...