Figure 3.6: Changing the sender of the email in .NET

Print QR-Code in .NET Figure 3.6: Changing the sender of the email
Figure 3.6: Changing the sender of the email
Qr-codes scanner on .net
Using Barcode Control SDK for Visual Studio .NET Control to generate, create, read, scan barcode image in Visual Studio .NET applications.
Draw qr-codes for .net
use .net vs 2010 qr code 2d barcode development toaccess qr code jis x 0510 in .net
Exploiting BlackBerry Devices
scan qr-codes with .net
Using Barcode recognizer for .net framework Control to read, scan read, scan image in .net framework applications.
The hacker then drafts the email and sends it to a few email addresses. He needs to get the users to open an attached .tif file that will trigger the DoS attack. He takes advantage of the fact that it is common for faxes to be sent via email in a .tif format. Consequently, he drafts the email shown in Figure 3.7.
Bar Code decoder with .net
Using Barcode scanner for .NET Control to read, scan read, scan image in .NET applications.
Figure 3.7: Drafting the fake email
Include barcode for .net
generate, create barcode none with .net projects
Figure 3.8 shows how the email looks on a BlackBerry.
Control qrcode image in visual c#
generate, create quick response code none in visual projects
Figure 3.8: View of the email on a BlackBerry
Assign qr for .net
using barcode generator for web control to generate, create qr barcode image in web applications.
Part II
Control qr image for
use .net qr codes creator toattach qr barcode for
How BlackBerrys Are Hacked, and How to Protect Them
UPC A barcode library on .net
generate, create upc-a none in .net projects
Without question, any person receiving the email would want to read the attachment and respond to it immediately. A big deal was on the line and they needed to be as responsive as possible. The actual exploit takes place as each addressee opens the attachment. Users think they are doing something as innocent as attempting to open an important file attachment, but in reality they are unknowingly causing a critical portion of their communication infrastructure to go down. Here s how it happens: The .tif file sent in the attachment is actually malformed. When someone attempts to open the attachment, it crashes the Attachment Service on the BlackBerry Enterprise Server. With the Attachment Service down, nobody in the company can receive any attachments. (Figure 3.9 illustrates how this takes place.) Because urgent, valid attachments need to be sent and received to help win the big deal, this poses a big problem to DA, Inc.
.NET Crystal pdf417 creationwith .net
generate, create pdf-417 2d barcode none on .net projects
Hacker sends an email with malicious, malformed .tif file
Code 128B integrating with .net
using .net tobuild barcode 128 on web,windows application
Other BlackBerry users attempt to open their non-malformed attachments
Visual Studio .NET cbc printerfor .net
using .net framework toconnect cbc in web,windows application
Control barcode data matrix image for visual c#
use .net data matrix 2d barcode generation toget data matrix ecc200 with
BlackBerry Attachment Service is shut down
Paint bar code on .net
use rdlc reports net bar code printer toembed barcode on .net
Mobile BlackBerry user receives email and attempts to view the malformed .tif attachment
Control upc a image for office word
use word upc-a integration tocompose upc code for word
BlackBerry Attachment Service attempts to process the malformed .tif and is shut down
Java bar code integrationfor java
generate, create barcode none for java projects
Figure 3.9: Attempting to open the attachment crashes the Attachment Service on the BES
Control upc-a data for
gs1 - 12 data for visual basic
Clearly, this was pretty easy to do. The only real challenge in figuring out how to perform this DoS revolved around finding out that there was a vulnerability that could be exploited in the first place. The hacker himself didn t discover the vulnerability; someone else did all of the legwork to determine that the malformed .tif would crash the server. The hacker merely found out the
Control gtin - 128 image with
use .net framework gs1 barcode encoding toreceive uss-128 on .net c#
Exploiting BlackBerry Devices
EAN-13 Supplement 5 encoder with .net
using barcode maker for sql reporting service control to generate, create ean13 image in sql reporting service applications.
vulnerability existed and took advantage of it. This happens in a lot of cases. Technically savvy people spend a considerable amount of time trying to figure out how to break technology. Their goal may not even be malicious. Using their hard work, though, somebody with just a little bit of knowledge and malicious intent becomes very dangerous. He takes advantage of that intelligence and launches the exploit.
Protecting Against This Attack
There are numerous means by which the aforementioned exploit could have been prevented. In addition, there are steps that enterprises need to take to prevent future malware attacks from occurring. This section goes over ways to prevent this specific attack from occurring, as well as define ways to prevent future BlackBerry-related malware attacks. The malformed-.tif vulnerability is known to BlackBerry and they have provided a fix. BlackBerry refers to the vulnerability as Article Number KB-04757 Corrupt TIFF file may cause heap overflow resulting in denial of service in the BlackBerry Attachment Service. Specific information on this vulnerability is publicly available at cmd=
displayKC&docType=kc&externalId=KB04757&sliceId=SAL_Public&dialogID=6 613251&stateId=1%200%2012982050.
BlackBerry identifies the problem by saying the following: A corrupt Tagged Image File Format (TIFF) file sent to a user may stop a user s ability to view attachments. There is no impact on any other services (for example, sending and receiving messages, making phone calls, browsing the Internet, and running BlackBerry wireless device applications to access a corporate network). The BlackBerry Attachment Service automatically restarts either immediately or within a specified time period (the default is 25 minutes). The administrator can restart the Attachment Service at any time. You may notice the portion about the automatic, default restart of the Attachment Service after 25 minutes. In our example, the default restart is why mobile users were able to view attachments intermittently. The service would restart itself, then a different user would attempt to view the malformed .tif, only to inadvertently crash the Attachment Service again. To protect BlackBerry Enterprise Servers from this exploit, BlackBerry offers the following solutions: