[Mobilepartners] SyncJe for BlackBerry: Security Warning
Andrew Yu
andrewyu at MIT.EDU
Thu Sep 20 18:00:44 EDT 2007
This message is for those using SyncJe for BlackBerry to synchronize
TechTime calendar data.
There is a security concern with a feature of the software that allows the
user to send diagnostics information to the Nexthaus support in case of
reporting problems. While this feature was designed to facilitate
troubleshooting of issues, it will send the MIT user name and password
(encrypted) to Synthesis.
Description of the Problem:
>From SyncJe software, the user can press Menu > Send Diagnostics. A log will
be generated and the BlackBerry device will send the following text via
email to Nexthaus support email address:
[Begin Log File]
... ommitted ...
/hosts/Nexthaus/syncMLPassword=XXXAXXXXXXXXXXXXXXXXXXXX
/hosts/Nexthaus/syncMLUser=mitusername
... ommitted ...
[End Log File]
MIT users should refrain from using this feature until further notice.
I filed a report to Nexthaus regarding this matter and will advise when
there is an update.
Andrew
_______________________________
Andrew Yu
Mobile Devices Platform Coordinator
Information Services & Technology
Massachusetts Institute of Technology
Phone: 617-324-8985
Email: andrewyu at mit.edu
Sent from Outlook Express (Windows XP)
More information about the Mobilepartners
mailing list