| View previous topic :: View next topic |
| Author |
Message |
aBenG
Warrior
Joined: 06 Apr 2006
Last Visit: 28 Feb 2012
Posts: 297
Location: Darkest UK
|
 Posted: Tue Jul 21, 2009 5:34 am Post subject: Blackberry spyware in UAE |
 |
|
http://news.bbc.co.uk/1/hi/technology/8161190.stm
| Quote: |
RIM told customers that "Etisalat appears to have distributed a telecommunications surveillance application... independent sources have concluded that it is possible that the installed software could then enable unauthorised access to private or confidential information stored on the user's smartphone".
It adds that "independent sources have concluded that the Etisalat update is not designed to improve performance of your BlackBerry Handheld, but rather to send received messages back to a central server". |
_________________
Inperfect. |
|
| Back to top |
|
 |
suzi
Site Admin
Joined: 27 Jul 2003
Last Visit: 18 Jun 2013
Posts: 10277
Location: sunny California
|
|
| Back to top |
|
|
olliver
Expert Developer
Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes
|
| Posted: Wed Jul 22, 2009 11:17 am Post subject: Re: Blackberry spyware in UAE |
|
|
| aBenG wrote: |
http://news.bbc.co.uk/1/hi/technology/8161190.stm
| Quote: |
| RIM told customers that "Etisalat appears to have distributed a telecommunications surveillance application... independent sources have concluded that it is possible that the installed software could then enable unauthorised access to private or confidential information stored on the user's smartphone".. |
|
That's nasty... so they were caught red-handed: But how many other "updates to improve performance" have already been released to unwitting customers in other countries, where total surveillance is currently en vogue and openly endorsed by their administrations? We may look at this article with a false sense of security in mind, that it could not happen to us. But who says it's not already happening?
Just as a thought experiment: Consider the vast amount of Windows users who have, for years been recruited in a zombie army and have never noticed anything unusual on their computers? Consider further how trivial it is to change DNS-records on a hijacked computer, so that it queries servers under the control of those who like to install "updates to improve performance" and directs users to fake Windows update sites also under the control of the hijackers.
The same way, an administration can order that some sites be never resolved by DNS-servers (aka. censorship for dummies), it could also order to resolve some things "differently". If some ip address resolves to "windows.update.microsoft.com", how many people would be aware that PTR records can be trivially falsified (that's resolving an IP-address to a host name). To make matters worse: Who would doubt if someone looked up the IP-address in whois and the data returned claimed the /28 network to be part of Microsoft's Windows update, despite the parent network belonging to some mass hosting company like ThePlanet? [1]
Just some of these questions popping up in my head when I hear of stories like that.
O.
[1] Whois only contains what was submitted to the database. If data is not verified prior to being published, then querying whois may not be as useful for that particular address range.
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe. |
|
| Back to top |
|
|
aBenG
Warrior
Joined: 06 Apr 2006
Last Visit: 28 Feb 2012
Posts: 297
Location: Darkest UK
|
| Posted: Mon Jul 27, 2009 12:09 am Post subject: |
|
|
With regard to security issues Olliver I have long since concluded that paranoia is the only viable survival option. 
Nice to know I'm not the only one!
_________________
Inperfect. |
|
| Back to top |
|
|
|
