Friday, October 23, 2009

Upgrading From An Old BlackBerry?


If you have a blackberry and you have your personal e-mail forwarded to it (not your corporate mail) when you upgrade it, send it in for replacement, or even just toss it away, you MUST remember to log in to the BIS server at bell.blackberry.net or telus.blackberry.net or rogers.blackberry.net ...  depending on who your phone company is, or just through the mail setup icon on the blackberry device, and disable the forwarding. This does not happen automatically when you cancel your phone plan or move it to a new phone.

The corporate mail is different, it comes through a corporate BES server hosted at your company, and they can easily shut off the forwarding of any info to the blackberry device, but BIS used for personal e-mail is managed via the blackberry.net servers and linked to an account that only you know the password to. It collects the mail and forwards it to the device you specified by PIN #, which is attached to the device, NOT your account!

If that device is reused by another user with another phone #, the BIS server will still send your mail to the device until you log in and tell it not to.

That is just one more reason I dislike the BIS setup rather than letting the blackberry connect directly to the POP/IMAP server for personal e-mails. #1 I don't like that I have to trust RIM and their partners with my personal account passwords, and #2 wiping the blackberry and cancelling the phone plan isn't enough to ensure that the next guy doesn't get free access to my mail. I also have to either log in to the BIS and cancel forwarding, or change my e-mail password.

This is also why I discourage the use of PIN messaging except as an alternate, emergency communication channel if normal e-mail is down.

People still think of PIN as being more private than e-mail, but it is not. It can be, and often is, logged at one or both end's corporate servers, but if your contacts have an old PIN# in their address books and they try to PIN you a message, but somone else owns that Blackberry device now, guess who gets the message!



Wednesday, October 21, 2009

Tips Of The Day

If you have a Google Reader account or use an RSS reader here is a link you ought to be following:
http://feeds2.feedburner.com/security-awareness-tip-of-the-day

Wednesday, October 14, 2009

Adobe Virus Update

Users can undo the change, as it is in the Current User part of the registry, but here are the lines to add to the login script.
reg add "HKCU\Software\Adobe\Adobe Acrobat\9.0\JSPrefs" /v bEnableJS /t REG_DWORD /d 0 /f
reg add "HKCU\Software\Adobe\Acrobat Reader\9.0\JSPrefs" /v bEnableJS /t REG_DWORD /d 0 /f

You need both lines to get Adobe Reader and full Acrobat Reader/Writer.
The new Reader 9.2 gives the users a better warning saying that it can be potentially hazardous to turn it on and allows them to choose to turn it on "for this document" or permanently. (until they log in again and the script shuts it off again.)


Friday, October 09, 2009

More Adobe PDF Viruses On The Loose Patch On The Way

"You can get viruses from a PDF?" you say??
YES you CAN!!! and Seth Hardy of Symantec's MessageLabs just did a talk the other day at SecTor 2009 about how he's been able to (in a test lab) create a virus, embed it in a PDF and get past every known antivirus. This is scary stuff folks, and there is one little thing you can do to stop most of it.

HelpNet Security says that a new round of these viruses is out in the wild and Acrobat 9.1.3 is vulnerable, but a patch is coming on Oct. 13th. In the meantime they recommend turning off Javascript.

Open up Adobe Reader/Acrobat and turn off JavaScript! Yes, PDFs can have Javascript, though you've probably never even seen a PDF file that legitimately uses Javascript.

Here is how you do it in Reader 9.1.x :
Click on the Edit menu, click Preferences.

Select Javascript from the Categories menu.
Click the checkbox OFF next to Enable Acrobat JavaScript

Saturday, October 03, 2009

Loading CD-ROMs On A Netbook

OK, everyone knows that the biggest fall back of a netbook is it's lack of CD-ROM/DVD-ROM drive.
Most people know you can get a USB CD-ROM drive and fix that.
A few know about CD-ROM emulators like the one included with Alcohol 120%... but that has an extra cost.

After a little browsing around the net I found a FREE CD-ROM emulator from Microsoft!

Download the Microsoft Virtual CD-ROM Control Panel package now.

Thursday, October 01, 2009

OWASP top 10

This is a little higher level then what I normally post here, but this is info that every IT guy ought to know about so I feel I should pass this stuff on. October, being Cyber Security Awareness Month, will probably see more than the usual rate of security related posts here, and some may be aimed at IT people, others will be aimed at home users and small business owners.

OWASP Top 10 Security Vulnerabilities Part 1 (Barry Dorrans) from Edge UG on Vimeo.



OWASP Top 10 Security Vulnerabilities Part 2 (Barry Dorrans) from Edge UG on Vimeo.