Exam 312-50v10 topic 1 question 145 discussion

exploiting a blackberry device or BES... to attack your LAN directly. There's several ways of accomplishing it. Email-based exploited PDFs are probably most common, as they can affect the BES server directly or turn the endpoint into a proxy for attacks. What most people don't realize is that a BES server will proxy ALL traffic for any device registered to it. If the BES server is not properly kept in a secure DMZ, you can use the server to attack your network from the inside. If a handset is exploited (using any means), anything your BES server is attached to can be attacked. Any mail or other communications processed by the BES server could also potentially also exploit the BES server and use it as a proxy.

bbcrack uses a new algorithm based on patterns of interest to bruteforce typical malware obfuscation such as XOR, ROL, ADD and various combinations, in order to guess which algorithms/keys have been used.

Answer : BBproxy Explanation BBproxy is a security assessment tool written in Java that runs on Blackberry devices. It allows the Blackberry device to be used as a proxy between the Internet and an internal network, thereby representing a significant security threat to the enterprise.

Paros Overview Paros runs as a GUI JAVA application and supports spidering, HTTP message editing, proxy-chaining, and intelligent scanning for SQL and XSS vulnerabilities. However, it has not been updated since August 14, 2013 and, as a result, may be prone to many false positives or may even miss some vulnerabilities.

What attack is Bloover designed to accomplish? Bluebugging which uses bluetooth to hijack phone access.

Blackberry users warned of hacking tool threat Users have been warned that the security of Blackberry wireless e-mail devices is at risk due to the availability this week of a new hacking tool. Secure Computing Corporation said businesses that have installed Blackberry servers behind their gateway security devices could be vulnerable to a hacking attack from a tool call BBProxy. The software can be sent as an e-mail attachment to a Blackberry device.