“Two” many calendars on your BlackBerry?

After a week of having duplicate calendars on my BlackBerry driving me crazy, I did some research to figure out what was going on.  (This is not original information, but is good to have if you find yourself in my situation.)

Background:

In order to update to the most current version of BlackBerry OS on your device, you’re best to install the BlackBerry Desktop Manager.  Having completed this (including the OS update) a second calendar showed up on my device. However there were enough other features to the new OS to keep me occupied so the calendar issue went to the back of my mind for a while.  That was, until I started to get duplicate updates for every event I had.  That got old fast.

After trying the calendar options, finding I could really only change the color for the calendars I had already installed, I found that my answer was not in the device options.

After reading quite a few other web postings on the subject, there were many recommendations about deleting service books for all CICAL entries, etc.  But that too wasn’t the answer.

If you have two calendars, here is the most direct way to consolidate them into a single calendar (assuming that is your goal):

  1. Open the Calendar.
  2. Press the menu key.
  3. Choose Options
  4. Type MOVE on the keypad.
  5. You will be asked to move all appointments in the base system calendar. Choose YES to accept moving all entries in the Device Default calendar to the default active calendar.
  6. Perform a hard reset of the BlackBerry by taking the battery out while the phone is still powered on and placing it back in.

This operation will move all calendar entries existing on the Device Default calendar to the active calendar shown in OptionsAdvanced Options > Default Services.

At this point, I was good.  And in fact this may be all you need to do also.  However if you had this issue because you have two calendars on two separate email addresses, you may need to do the following:

  1. Go to Options > Advanced Options > Default Services.
  2. Verify the correct email address is shown for Calendar [CICAL].
  3. Press the back arrow and save the changes if prompted.
  4. In the Advanced Options menu, choose Service Book.
  5. Highlight the entry for the calendar you do not want. This will appear as email@domain.com [CICAL].
  6. Press the menu key and choose Delete.

When deleting a CICAL, any calendar entries associated with it are moved to a Device Default calendar.

Hopefully this is helpful.

Advertisements

Why you should hack your iPhone

or really why you shouldn’t.https://i2.wp.com/www.160over90.com/blog/wp-content/uploads/2009/06/broken-iphone.jpg

I know quite a few people who have jailbroken their iPhones.  And I will apologize to many of them now, but I can tell you that most all of them should not have done it.

I realize that in their frustration to have the iPhone be all the things that it is capable of being, many users feel the need to bypass the constraints put in place by Apple.  Unfortunately they also bypass a lot of the security functions (roughly 80%) built into it also.  I see the stat that nearly 7% of all iPhones are jailbroken.  Given that 90% of those probably have not done anything to increase that security posture, there are roughly 2.1 million “vulnerable” iPhones in use today (given 34 million in use Q9 2009).

So, for you to have the ability before anyone else to teather, MMS, Google Voice, etc you open yourself up to the following:

  • Default SSH password setting –  since this is often not changed by users who jailbreak their iPhones, this is the easiest port to access the phones OS.
  • Use of iPhone to proxy your connections

Via those vectors “one” can easily connect and:

  • See the iPhone OS file system… hmmm what files can I see and copy over from there?  How about:https://i1.wp.com/modmyi.com/appimages/finder.jpg
  • Email
  • SMS Messages
  • Voicemail in .amr format
  • Addressbook/Contacts
  • Call History
  • Notes
  • Bookmarks
  • History
  • Cookies (could really find some interesting things with persistent cookies here)
  • Even more fun?  What about recAudio?  Remotely, from the command line, enable the audio recording feature of the microphone.  The audio is then stored to a local file (.aiff) that I can now SCP from the iPhone to the machine I’m on.  Bamo… you have your own remote bugging device and no one will think twice about it sitting in a conference room while they are talking about… well anything.
  • Uber stalker?  You can also query the iPhones GPS API to return HI RES latitude/longitude information in XML format.  Put those coordinates into Google maps and you can (with a tremendous amount of accuracy) track the path of an iPhone user.
  • Make phone calls?  What about making the remote phone make calls?  You can make someone prank call without their knowledge.  If you know them, you can make them call you and give them a hard time about calling and not saying anything.  The uses are endless, eh?
  • Remember the use of your phone as a proxy connection?  How many users connect their iPhones to their office or home wireless networks?  Since there are multiple interfaces on the iPhone and you can route between them.  “One” could now use this as a bridge into a private network.  So much for your firewalls and perimeter devices protecting your network.

Sweating yet?

Well believe it or not, there is good news for you jailbreakers out there.  AT&T has begun to filter addresses on their NAT’d wireless network.  But only quite recently.  Prior to this, “one” could pop an AT&T aircard into a laptop, get onto a mobile wireless segment, get “one’s” own IP address and quickly scan that entire segment for users.  A port scan will tell you which of those devices are iPhones.  With this filtering in place (and only in some places) you are limited and not able to (as easily) map the devices around you.  So this is a hurdle, but don’t take too much comfort in it being high enough to keep very crafty people out for long.

So the long a short of it?

Given how much information is contained on your iPhone, I don’t think there’s any application you need so badly that you’d be willing to give up access to all your personal information.  So suck it up and use the apps/functions/features that Apple has available.  When it can be provided securely (and probably profitably for Apple) it will be released.  Until then, go play outside.

Special thanks to Trevor Hawthorn for his research and demonstration of these exploits at Schmoocon 2010.

Just say no! BlackBerry + Facebook = Security FAIL

Point 1:

I’m not the biggest fan of any RIM device, though I do utilize one for my job.

Point 2:

I support the development of applications for mobile devices.  Applications are key to driving the adoption and growth of many of the new “smart” (and I use that term loosely) phones on the market.

Point 3:

Applications, regardless of what platform they are developed for, should all be done securely and efficiently.  And in that order.

What the heck does all this have to do with the BlackBerry and Facebook????

Here: http://www.spylogic.net/2010/02/facebook-spam-on-blackberry-devices/

Thanks to the guys that really spend a lot of time reviewing social media stuff (specially Tom Eston and Kevin Johnson), they have noted that specifically crafted SPAM messages will show up as a Facebook notification in your Facebook for Blackberry application.

What makes this troublesome from an information protection standpoint is that, the Facebook application is actively scanning your email inbox.  In the case of many, many Blackberry users, this is not your personal email, but your corporate email.  Of the 13,934,752 monthly active users (according to facebook.com) I’m sure you all read the EULA when you installed the app right?  That’s another post…

To be fair, this is how the application is presented to the end user: “Facebook for BlackBerry smartphones allows BlackBerry smartphone users to connect their friends’ profile pictures, Facebook names, and company names to existing BlackBerry smartphone contacts in the Contacts application. Facebook for BlackBerry smartphones updates the caller ID pictures of your synchronized friends with their latest profile pictures.”

So in order to do this, you have full access to contact names.  So if you’re on a corporate BES, the information contained therein is your corporate email directory?  Uh, yeah.  So corporate BlackBerry users with the Facebook app are willingly providing a valid contact list for their entire company.  My understanding of SPAM and capitalism is that this is quite valuable information and can be sold to email distribution list providers quite readily.  Can someone please point me to the data management policy that protects this information from disclosure?  I’d be ecstatic if it existed.

To all the BlackBerry users:

Rather than send out 14,000,000 apologizes, I put it out there now.  Sorry.  But if you have this app installed on your BlackBerry.  Uninstall it.  NOW! Do not finish reading this post, uninstall the app and come back to finish the post.

To RIM:

I trust (which is always a bad thing) when you provide a singed application that you have performed a review of how the application performs on your device and that it doesn’t do anything we don’t expect.  Like skim our emails and contact information.  Much like an application requests permission to utilize your GPS coordinates (which is another bad thing) why would you not have the same request when an application wants access to your personal information and email?

Let me check here… Options – Security Options – Application Permissions -….  hmmm I’m sure the app is on here, let me look again…

Options – Security Options – Application Permissions -… nothing.  So, when I install Facebook for BlackBerry devices, it doesn’t ask me for any permissions?  NONE?!?  FAIL!

But wait, during the setup there is an option to “allow” access to your messages, calendar, and contacts.  First, the statement that it will send a copy of your contacts to the FaceBook site should be alarming enough.  But worse yet, it seems that turning all these off during the setup did not affect a SPAM’ers ability to inject a properly crafted email.  I infer from this that it still reads emails from your message list.  So can I expect it will also send contacts even if I ask it not to?

To all BES admins (you know who you are):  (updated May2010)

It appears that RIM may be slightly ad odds with the application developers here.  In the 5.0 release of BES, the settings that allow an end user to do this are set to FASLE by default.  Which is what I would expect those settings to be. It is my hope at this point that you are running BES 5.0.  If so, please make certain the IT policy Disable Organizer Data Access for Social Networking Applications is used.  I also understand that this is backwards compatible to BES 4.x installs, so everyone has the opportunity to enable this policy.