SofaKingCool

Security Communications Release: Security Advisory posted (KB26296: Cross-site scripting (XSS) vulnerability in the BlackBerry Web Desktop Manager component of the BlackBerry Enterprise Server”)

On April 12, 2011, Research In Motion (RIM) released a security advisory, KB26296: Cross-site scripting (XSS) vulnerability in the BlackBerry Web Desktop Manager component of the BlackBerry Enterprise Server. This security advisory provides details of a known cross-site scripting vulnerability in the BlackBerry Web Desktop Manager component of the BlackBerry Enterprise Server and BlackBerry Enterprise Server Express.

RIM has issued interim security software updates that resolve the issue in supported software versions of the affected software. Resolution for the issue is available by downloading and applying the interim security software update for the appropriate affected software version. Links to the updates are listed in the Resolution section of the security advisory. Orange recommends that BlackBerry Enterprise Server or IT administrators should apply the software updates.

The vulnerability could allow an attacker to execute externally supplied scripts using the user privileges of the BlackBerry Web Desktop Manager. This could allow the attacker to perform any BlackBerry Web Desktop Manager task that the legitimate user could perform on a BlackBerry smartphone while the user is logged in to the BlackBerry Web Desktop Manager. Such tasks include remotely wiping and disabling the device, remotely resetting the device password and locking the device, and activating the user’s account on another device over the wireless network.

Successful exploitation of this issue requires an attacker to persuade the legitimate user to click a specially crafted URL in a web browser or an email or instant message.

For further information, please see the posted security advisory above.

Mobile & Cellular 01952602260, 02, 08707777701, bb, BES, blackberry, cento, centoconsultants, cheap, consultants, geko, gekodirect, microsoft, Orange, ripoff, scam, scammers, stoke on trent, uma, voip

Oh how this message has haunted me over the past couple of hours.  The story goes something like this; customer pays for on site support, I advise customer to prepare server and create BES admin user, then I arrive.  Install the BES Express onto the Windows 2003 server, plug it in to exchange & AD, so far everything is looking good, yet the installation skips the MAPI option.    Anyhow, the software finally installs and I connect the device to the server to do a wired activation and set up.  I create a user and try to assign a user to attached device.  Then up pops the dreaded message  The BlackBerry Administration Service was unable to retrieve specific device attributes from the device that is connected to your computer. At first I believe this is down to the device being setup via BIS first, so a hand held wipe and cleanup is completed.  This solved nothing, so I checked the permissions of the admin account that was setup all looked well until I attempted to ensure that the account could log on as a service and realised that the right service manager in my computer differed to what I normally see, there was no local security option.

At this point I had decided that the admin account might have been setup incorrectly so tried in vain to follow the steps laid out in the install guide with no success.  It was then I decided to go guerrilla on the server, I created a user (in AD users and computers), assigned a mailbox (in server manager), allowed the send as, receive as and information store permissions (right clicked AD users and computers) and sent the test mails via outlook web access.  Following that I un-installed the BESE and cleaned out the old databases.  After logging into the BESAdmin account I had just created I started the install, this eventually threw up the MAPI option which was missing from the initial setup.  With the install complete I added the users and connected the device to the server, then clicked the assign device to user button and hid under the desk.  Whilst under there I noticed that the handset was doing stuff so jumped up and saw that it had assigned correctly.

I then went about generating some activation passwords and sending them wirelessly to the devices.  A few minutes pass and we start to see users appear next to devices, Woooooo Hoooooo!

Not satisfied with “just” fixing it I needed to troubleshoot the initial install to find out what went wrong.  After scouring through the old server logs, I couldn’t see any failure points and felt like throwing the server in the bin.  Eventually I noticed something about the admin account that was created for the first install.

The initial account was what the customer used as the main windows account and was a Domain Controller.  This is what stopped the system working, how?  I am still working on that one but if like me you had this fault then check the following:

You log into server using the BESAdmin account, ensure that the BESAdmin account is a Domain User, ensure it is a member of the administrators group, give it send as and receive as permissions and finally check it can access and edit the information store.  On a side note, if you use the windows server 2003 manager and MS SQL then you do not need to check for SQL permissions as it is set to give full access to admins by default.

So if you get stuck and can’t see any possible causes just check the account permissions.  Failing that give me a shout and I will see if I can help!

A helping hand, Geko Direct Limited 01952602260, 08707777701, 2003, bb, BES, BESAdmin, bese, besexpress, besx, BIS, blackberry, BlackBerry Server Express, cheap, enterprise, geko, gekodirect, help, microsoft, no complaints, Orange, orange bis, server 2003, uma

Hey, as some of you may be aware there has been some stories and rumours floating around the interwebs regarding a winding up order that was issued against my employers Geko Direct Limited. Now I do have a working knowledge of these things so followed the online vitriol quite closely.  For those of you who don’t quite know the facts; there was a winding up order against Geko Direct that was dismissed utterly by the courts on Wednesday of this week. The interesting part was that it was the claimant who dismissed the action as it was not considered something they were able to pursue… The matter is now closed off and put to bed once and for all.

I must say when I first learnt that this had happened I took my concerns to my sales Director who shone a bit of light on the matter, advising me that a winding up order can be issued by anyone but it is the courts who decide whether the company gets “wound up“.  I then started trawling through the internet and finding what can only be described as an online public flogging.  I did notice some of the comments made online had rather familiar names and claimed to be Geko Direct customers but most of which turned out to be ex staff members with a grudge to bear.  With the research I have done I figured that a lot of the words online aren’t entirely truthful as genuine complaints don’t end up becoming Chinese whispers, unlike some of the comments on the web.  Once the news of a winding up petition was being proposed against Geko Direct the rumours evolved and has been interpreted as Geko being sued via a class action lawsuit, losing it’s dealer codes and even going into administration. We are a medium sized business and connect large numbers of new business every day, we continue to do this in a very saturated marketplace and even during an economy in decline and public spending at an all time low.  If the rumours were to be believed we would have been out of business a long time ago.

I have said before that there are genuine people out there with genuine complaints but Geko Direct is a company that will not leave you out to dry.  I have seen genuine complaints out there from genuine customers, this information has been passed directly to the managing director of the company to be passed onto the relevant departments. I invited people to post on here if they have a problem and whilst I cannot discuss individual accounts publicly I can certainly pass on your concerns.

I have worked in the support departments within Geko and know how much work goes into resolving issues, as a result we have a massive database of happy customers who keep their business with Geko and wouldn’t consider anyone else.  We have some of the highest retention rates in the industry and pride ourselves on having “fanatical” customer support.  Our head of customer experience Lacey has worked tirelessly to create a streamlined and dedicated department and has employed from within, some of the best minds in the company to ensure that every customer is satisfied.

During the time I have worked at Geko I have seen a huge shift in the way we do business, for those of you who remember this site as a social network you should remember the tag line we used “constantly evolving”.  This is something that Geko Direct is doing. we are more focused on the “customer journey” and the industry is so strictly regulated there is very little we can do to miss-sell a product or service.  Yes I am biased as I love my job, the people I work with and the industry, however the views and opinions expressed on here are my own and are not fed to me.  I truly believe Geko Direct is a fantastic company to work for and be a part of be it as a member of staff or a customer, so much so my brother has his business phones with Geko.  Yes I know we aren’t perfect during the 10 years we have been trading there have been misunderstandings and mistakes but we always work hard to put them right.

2011 is a new year and with cellular technology moving quicker than ever, it is a great time to move away from the networks directly and allow your account to be managed by someone who knows the technology and understands your business.

Again I must stress that the views and opinions expressed in this post are mine, this blog and the content within does not represent Geko Direct nor do I gain from posting.  I do this because I want to.

Geko Direct Limited 01952602260, 02, 08707777701, administration, bb, blackberry, cheap, complaint, geko, geko direct limited, gekodirect, help, microsoft, news, no complaints, Orange, petition, ripoff, scammers, sued, voip, whocallsme, winding up, winding up order, winding up petition

Wow, what a fantastic month it has been for traffic on my little blog.  Whilst checking the in depth stats about who, what and when my site is being hit I discovered quite a few interesting facts.  Firstly there has been a great deal of interest in who I am, more than 30 referrals from various Whois sites all searching for the domain details.  Well let me tell you, I am Robert Adams, I live in Telford and there is a real picture of me in the about me page.  I work for Geko Direct as Head of Technical Support and love my job and employers!  That’s me!

So after a bit more administration and digging, I found around 5-10 referrals from domain tool websites all relating to the keywords and ad campaigns this site runs!  It seems to me that someone wants to learn how a small time blog can get great results for certain keywords without paying a penny.  Well if you want to know what I do it is pretty simple.  I write relevant posts and enter relevant keywords with a bit of back linking, all basic stuff but put together with some clinical methods.

There was one more thing that made me smile, I seem to have had a large amount of referrals from a particular porn site which kind of tells me whoever was researching me got bored and decided to entertain themselves elsewhere.

Once again and as usual, Geko Direct do NOT pay me to keep this blog updated, they do not have any input nor do they instruct me to post.  The views and opinions expressed here are my own and nothing to do with my employers Geko Direct, nor do they represent the views and opinions of the Orange Network or its partners.

Whatever happened to the pictures on every post?

Shouts:

Geko Direct: www.gekodirect.co.uk

SemRush: www.semrush.com/uk/info/sofakingcool.org

WhoRush: www.whorush.com/

Orange: www.orange.co.uk

Geko Direct Limited 01952602260, 02, 08707777701, bb, blackberry, cheap, geko, gekodirect, help, microsft, microsoft, news, Orange, scam, scammers, uma, voip

If you are reading this then you have probably “googled” something like “cheap xbox live subscriptions”.  Well that is what I did and I came across a UK based site called live-codes.com.  At first I was a little dubious as I am with all things that appear to good to be true so I asked around and found no negative comments anywhere (there is a good reason for that).

Let me tell you what I know about the site.  They are a UK based Limited company with a genuine registered office (not just a mailbox).  They use Google checkout so you can rest assured that they are not going to run off with your money and their support staff were available to answer my email within minutes at 10.30pm.

I had done my digging and researched the company before purchasing and decided to take the plunge and purchased a 12 month X-Box live subscription card for the fantastic price of £28.99.  Google Checkout was an absolute pleasure to use as I already have a gmail account and felt the transaction went smoother than most other online payment gateways from the largest corporations.

So at 10:22 I completed the transaction and in the time it took to open a new tab and press home the code was sat in my inbox.  It wasnt just an email with the numbers typed in it was an actual scan of the subscription card, I’m guessing they do this to reduce the possibility of problems should anything go wrong.  So as you can imagine I am over the moon at the speed my card was delivered I then entered the code into my X-Box and within seconds my Live account was refreshed for another 12 months.  I was so happy with the transaction I thought it would be nice to email them via their contact us form and tell them how impressed I was.  Within 5 minutes a very helpful person from live-codes.com had responded.  It wasn’t an automated response but a real human who replied to my every single compliment, this is something that will keep me going back time and time again.

It is very rare for an online retailer to have such an affect on me, I am still gobsmacked at the speed and reliablity of the service I recieved!

Now I know what you are all thinking, £28.99 is not as cheap as some of the Power Sellers on the evil Ebay.  This can be true however I have been burnt in the past ordering from a very trusted UK power seller who had 100% feedback.  It is also worth remembering that Ebay have changed their protection policy, so no longer are digitaly delivered items such as subscription codes covered by their buyer protection scheme.  So if you get sold a code that doesnt work then you have no protection whatsoever and will end up having to pay double to get your fix of online gaming.  Im not saying that every seller on Ebay is going to rip you off but in the current economic climate can you afford to take that risk?

I will be using live-codes.com again and will be more than happy to recommend them to friends and family, I suggest you do the same.

This is a snippet of the email that I recieved from them tonight:

We like to operate where; if you are pleased with our service you spread the word to friends and where you found our site (i.e forum etc). The site is fully automated so as soon as the payment is clear codes are emailed out immediately 24/7. We only ever deal in scanned cards, this avoids any typing mistakes and we feel scanned images gives confidence to the customer.

I think I should also add that it is not only X-Box live subscriptions that they sell, they also have Microsoft Points, Nintendo Points & World of Warcraft subscriptions and add-ons.

Go and check them out I guarantee you will not be disappointed!

Just look at the times of these emails!

Link Dump
Links to various sites mentioned in this blog.

Live-Codes.com: http://www.live-codes.com/
Google Checkout: http://www.google.com/
Ebay: http://www.ebay.co.uk/

Copyright information:

A helping hand, Gaming stuff, Online shopping cheap, cheap subscriptions, codes, ebay, Gaming stuff, help, live, live-codes, microsft, microsoft, microsoft points, ms points, trustworthy, www.live-codes.com, xbox, xbox live