News & Rumors

New malware exploits USB, but isn't really that scary

Special Coverage

Hands-on with Secusmart voice encryption

News & Rumors

BlackBerry acquires mobile security company Secusmart

News & Rumors

Blackphone fires back: 'BlackBerry betrayed its customers and jettisoned its credibility'

News & Rumors

BlackBerry discusses Blackphone and why its consumer-grade privacy is inadequate for businesses

News & Rumors

UK government set to rush through emergency surveillance legislation

News & Rumors

UK officials follow US counterparts by banning electronics with no charge from boarding flights

Editorial

Using strong passwords and keeping your online self secure

News & Rumors

First smartphone 'kill switch' bill in the US passed by… Minnesota

News & Rumors

BlackBerry kicks off security-focused Be Mobile Conference

News & Rumors

Bitly alerts users of widespread account compromises, claims no accounts have been accessed

Enterprise

BlackBerry earns two Govie Awards for outstanding security

Enterprise

BlackBerry CEO says Good is not good enough when it comes to security

BlackBerry Apps

BlackBerry tightens up on app security with BlackBerry Guardian and Trend Micro

Enterprise

BlackBerry issues statement on Air Force switch: 'There is nothing more secure than a BlackBerry'

Editorial

Despite growing security concerns, President Barack Obama stills trusts his BlackBerry

BlackBerry Apps

Your WhatsApp conversations may not be as safe as you think

Enterprise

BlackBerry 10 Receives NATO Approval for Restricted Communications

BlackBerry Apps

How to create awesome music on your BlackBerry

BlackBerry Media

How do you listen to music on your BlackBerry?

< >

BlackBerry teams up with Mozilla to further web security through fuzzing

By Adam Zeis on 30 Jul 2013 02:10 pm EDT
9
loading...
24
loading...
47
loading...

With perfect timing for Talk Mobile security week, Mozilla announced today that they have teamed up with BlackBerry to help further web security by collaborating on advanced security testing techniques known as "fuzzing". Fuzzing, also known as fault injection, is a testing technique where specially designed software is created to inject a variety of unexpected or malformed data into a specific application, program or area of code. 

While both companies have worked together in the past, the current project is Peach, an open-source fuzzing framework. The two are working together to further advance the Peach software for testing browsers. 

Adrian Stone, Director of BlackBerry Security Response and Threat Analysis, is very excited about the project:

“Security is an industry-wide challenge that cannot be solved in a vacuum, and that is why BlackBerry and Mozilla security researchers are working together to develop new and innovative tools for detecting browser threats before they can affect both mobile and desktop customers. Through this collaboration, BlackBerry and Mozilla are working together towards the common goal of advancing security protections for customers as well as improving the threat landscape overall.”

BlackBerry has been using fuzzing software for quite some time to identify security issues in products however the new partnership with Mozilla looks to bring great things to web security down the road.

Press Release

Mozilla continues to build the Web as a platform for security which is a crucial part of our mission to move the Web forward as a platform for openness, innovation and opportunity for all. Today this platform for security is being advanced through Mozilla and BlackBerry collaborating on advanced automated security testing techniques known as fuzzing and Mozilla introducing Minion, an open source security testing platform intended to be used by developers and security professionals. These research efforts are some of the many ways Mozilla helps make the Web more secure and protect Firefox users.

Mozilla and BlackBerry Collaborate on Fuzzing

Mozilla and BlackBerry’s work on security research techniques are in the area of fault injection. Fault injection (also known as “fuzzing”) is a method of automated security testing that is used to identify potential security concerns that can be fixed before users are at risk. Fault injection is a testing technique where specially designed software is created to inject a variety of unexpected or malformed data into a specific application, program or area of code. The goal is to uncover areas where the software does not properly handle the malformed data. Through fault injection it is possible to identify potential security weaknesses that can be proactively addressed before there is ever a threat to users.

The specific area of joint research is Peach, an open source fuzzing framework and will also include joint work on other fuzzing software. Mozilla and BlackBerry are working together to advance the Peach fuzzing software for testing Web browsers. We will also collaborate on fuzzing techniques and approaches to jointly raise the security protections provided to our users.

Mozilla has successfully used Peach to perform fuzz testing against HTML5 features such as: image formats, audio/video formats, fonts, multimedia APIs like WebGL and WebAudio and most recently protocols used in WebRTC. Through our testing, we’ve proactively identified issues that can be fixed before there was any risk to our users. This testing has proved to be very effective and is helping secure Firefox and Firefox OS users.

BlackBerry has long relied on large-scale automated testing to identify security issues across its platform. The collaboration with Mozilla plugs directly into BlackBerry’s existing security processes and infrastructure. BlackBerry regularly uses third-party fuzzers, in addition to its own proprietary fuzzing tools, static analysis and vulnerability research, in order to identify and address potential security concerns across its portfolio of products and services.

Adrian Stone, Director of BlackBerry Security Response and Threat Analysis, shared that he is excited about the work Mozilla and BlackBerry researchers are conducting and the potential benefits for customers. He said, “Security is an industry-wide challenge that cannot be solved in a vacuum, and that is why BlackBerry and Mozilla security researchers are working together to develop new and innovative tools for detecting browser threats before they can affect both mobile and desktop customers. Through this collaboration, BlackBerry and Mozilla are working together towards the common goal of advancing security protections for customers as well as improving the threat landscape overall.”

Mozilla and BlackBerry have worked together on fuzzing activities in the past and both recognize the importance of continued automated security testing techniques in order to protect users on the open Web.

Mozilla Introduces Minion

Mozilla also introduced Minion, a security testing platform that is intended to be used by developers and security professionals. Minion is free, open source and available for use. Minion is under active development and many new features are in progress.

The Minion testing platform takes a different approach to automated web security testing by focusing on correct and actionable results that don’t require a security professional to validate. Many security tools generate excessive amounts of data, including incorrectly identified issues that require many hours of specialized research by a security professional. Minion favors accuracy and simplicity and is designed so every developer, regardless of security expertise, can use this platform to increase the security of their applications.

By putting usable security tools into the hands of developers Mozilla continues to push the security of the Web forward.

-Michael Coates, Director of Security Assurance

 

74 comments

delancy leo

Good article, much appreciated.

Dave Bourque

An excellent partnership. BlackBerry needs to continue to do this.

Sent from my BB10 smartphone.

sklotz2000

+1

I couldn't agree more!

Brutal Efficiency

Win

My Tech-Fleet: Q10; Z10; PlayBook; Surface Pro; Xbox 360; HP TouchPad; iPod Touch 5

BBMaverick

Thought there was going to be a BlackBerry Firefox after reading the headline.

BBM: 2AEABBAC | twitter.com/heyart

Jeandry Brito

Wouldn't be a bad name though!

Posted via CB10

the_game969

Keep on the good stuff coming!

bcbbanga4l

How did you get that black background for that option screen?

Posted via CB10

Adam Zeis

Q10 is black by default. 

bcbbanga4l

I have the Q10 mines not black

Posted via CB10

bcbbanga4l

Oh I thought that pic was settings screen I'm sorry

Posted via CB10

breakingpoint0

I believe the Dark theme is the default theme on the Q10

hannes89

The settings menu of the browser is black on the Z10, too.

Posted via CB10

BB-04

I think this Helps support what Bla1ze thinks BBM for the desktop. BB wanting a pc or mac BBM client to be as secure as possible.

Brutal Efficiency

Hmmm yes, makes perfect sense.

Pulling support from Mozilla makes more sense than from the big three (Google, Microsoft, Apple), although, I do like Opera and Maxthon more than Firefox. Don't get me wrong, Firefox is good, I just have loyalties with the other two. Maxthon also scores the highest for Desktop browsers.

My Tech-Fleet: Q10; Z10; PlayBook; Surface Pro; Xbox 360; HP TouchPad; iPod Touch 5

Mikhilesh sekhar

Expecting the newer version to have all the features of blackberry protect. Where you can auto backup your contacts,messages and passwordkeeper too..... please give good option to have cloud backu

Posted via CB10

ankush77

I THINK THIS IS NICE BECAUSE THE WEB SECURITY IN MOBILES HOLDS A LOT OF FUTURE.
ALSO KEEP IN MIND NOW MOBILES ARE HUGE PART OF WEB BROWSING AND DATA TRANSFERS .
SO GREAT JOB.

tjseaman

Thanks for contributing to the topic, but please stop yelling. ;)

Posted via Z10 and CB10 on Rogers

aminrajabi

Hahaha

Posted via CB10

pkcable

Perhaps someday they will collaborate on a firefox version for BB10!

Elite1

Of course was my first thought too!

BBRY and Mozilla starting a relationship for any purpose can't be a bad thing.

This is how you CB10, son!

Qaxl

That would be sweet!

koolrosh

Yes! Blackberry and Firefox should team up! They are both underdogs in their respective industries and they are basically competing against the same companies. Firefox competes with Google (Chrome) and Microsoft (IE) and even Apple (Safari).

Last year, I heard Thorsten say that Blackberry would be partnering with other companies, because it was too small to compete with Apple and Google on its own, but I have yet to see any meaningful partnerships. And I am not talking about this kind of partnership as this is only them working on an opensource framework for security, I mean a partnership where BB Browser would fully sync with Firefox or being able to stream from Firefox to your phone. A full on Alliance.

Tecstar

This partnership helps BlackBerry in terms of credibility and security related business. They must stay the number one phone company in that area to ensure long term success.

Posted via CB10

gyubok

This is a great news!

jordan_d

I wonder if this will bring Firefox browser to bb10.. That would be pretty interesting. It's always nice to have some choice:)

Posted via CB10

Elite1

Or some native plug-ins, device integration, etc.

Open in → Firefox

I'd love to see such an option baked into the Browser and the OS overall foe opening pages/links on your desktop.

This is how you CB10, son!

JDM08

That would be awesome and very usful!

ErinnM

Amazing stuff.

Posted via Crackberry Z10

keypad

Excellent collaboration.

Gotta lot of respect for Mozilla, and this project benefits many entities.

Firefox browser on BlackBerry would be very welcome, as would the ability to dual boot Firefox OS alongside BB10 on my future Q10.

Great announcement.

FlashFlare11

Awesome partnership! BlackBerry's continued pursuit of better mobile security is why they're a market leader in that metric. A partnership with Mozilla would definitely be a fruitful one!

tmanCanada

Bring us Firefox on BB10!!!

iankmaina

I would like to see a mozilla browser for BlackBerry OS 10

Aybesea

+1
yea it could be called BlackFox for BB

TioPepe78

BlackZilla would be better!

aminrajabi

That would be badass. Seriously.

Posted via CB10

Brutal Efficiency

Dude that is so boss!!

My Tech-Fleet: Q10; Z10; PlayBook; Surface Pro; Xbox 360; HP TouchPad; iPod Touch 5

axeman1000

But wait blackberry is going under, it is only time according to the armchair ceo's, why would any company want to partner with them???? Oh yeah.......... ;)

Posted via CB10

Q10Nutter

Great news. Keep moving blackberry. Now we need a partner for great camera tech. Blackberry is after all about communication. And a picture is worth a thousand words. A sensor from aptina would be sweet.

Posted via CB10

jafrul

MINION?

Banana......

abdul

This is good for BlackBerry , its a good opportunity for them to do more in the internet and corporate security.

jgrobertson

Did I see somewhere that Google was working with Mozilla? Funding them perhaps.

Posted via CB10

Killjoyhere

My two favourite companies

Posted via CB10

Solar 77

So they have associated themselves with a Web browser.

Microsoft has Internet Explorer, Apple has Safari while Google has Chrome.. Though I don't know what I'm leading to, guess I'm switching to Firefox in the near future haha.

Posted via CB10

fearmantis

What a partnership! Go blackberry go.

BB Z10 rocks.

awindsr

Keep on moving

Posted via CB10

BBORAPPL

BlackBerry 10 should come to desktop and it might will I guess.

seageath

Minion? Seriously? :)

Schmurf

And THAT's why I use BlackBerry and Firefox - DATA SECURITY
#NoSieves

Posted via CB10

bizdudePB

What else can be done to show that security is best with BlackBerry ?

Are there people who have hacked Android Knox or iPhone ?

Maybe if their security vulnerabilities are shown, would government and others return to BlackBerry ?

Posted via CB10

benny4u_06

That's good news. How about Mozilla Firefox browser for BB10. It would be awesome.

Posted via CB10

axe50

Great partnership. Had a chuckle though with the subtle despicable me reference - all this talk of peach fuzz and minions. If only the security heads were Kevin and Dave!!

Posted via CB10

Winston Loh

another step forward...keep moving...

naudurivsm

I thought we are going to see a BlackBerry browser called. " Fox by BlackBerry ".
Cheers.. :-))
Good article anyways.

Posted via CB10

BruvvaPete

Firefox used to be great. Now it's so slow and bloated I stopped using it.

Arterus

Pretty cool, glad to see BlackBerry is still trying to make improvements.

Posted via Z10 AT&T

emanuscript

They should just go ahead and let loyola head up their browser design and research. They'd kill

Posted via CB10

emanuscript

Mozilla* lol

Posted via CB10