Seriously scary Blackberry

For years, competitors to Blackberry have been pointing out the inherent security flaws with RIM’s services such as, um, all your corporate data flows through their network (along with all your competitor’s data). Microsoft's play around this is the fact that Exchange Active Sync doesn’t flow over someone else’s network, it simply uses HTTPS over your carrier’s network to sync with your Windows Mobile device. And BES can add significant load to your Exchange Back End because of the way it monitors messages.

What is more disturbing lately is an article presented at Defcon 14 this year about using a RIM device and their proxy to expose a customer’s internal network. The BES services work a lot differently than Exchange Front End Server or a direct connection to the Exchange Back End, so I can’t see how Exchange could be used in the same fashion using Exchange Active Sync. But, I am sure that our security folks have run through this and are double checking it to ensure that we have a “leg up” on RIM.