[qbnkelt]

There seems to be some misconception about FIPS certification. It does not make your phone impenetrable.
The Playbook was FIPS certified at launch, yet a vulnerability was found and exploited resulting in Dingleberry.
A Samsung SG2 running Gingerbread is FIPS certified and can be run securely and IS being run securely within certain DOD components.
A Blackberry Torch which was FIPS certified had a vulnerability that was exploited during a pawn2own event.

FIPS does not guarantee an iron clad OS. It meets requirements but it does not ensure the OS is impenetrable.

A BB can be compromised by loading junk apps.

http://forums.crackberry.com/blackbe...-world-727830/

The key are the apps. They are, in the majority of cases, the means by which malware is introduced into devices, except for drive bys.

FIPS does not guarantee the absence of malware nor does it guarantee an impenetrable device; it means it's gone to the nist labs or nist certified labs and has been tested and standards have been met. Had FIPS meant a guarantee of impenetrability, you would have no Dingleberry.

All that said, Android has more opportunity for the introduction of malware due to the huge assortment of apps. Does it keep me from running my SGIII? Not at all. I run mine in a very judicious manner; I have no apps from sources I don't know. Example, I wanted a notification light app like BeBuzz....when I read the permissions, I did not feel comfortable. Consumers need to learn to read. Ultimately, the responsibility is on the user.

****for the record, and before anyone attempts the GOTCHA and claims I'm being hypocritical.....I have no banking apps on any device except my BB.....that means no banking apps on any of my Androids, iPhones, or iPad. Because the Android browser kills the browser on my 9900, I am more concerned about drive bys and clicking on something by accident that can get me into malware territory. THAT is the reason.

By the way, the day the BB browser catches up to Android, as it seems BB10 has, the same possibility for drive bys will occur. That will be a concerning day for me and my banking apps.

Do I wear a tin foil hat???? well.....it's part of my job.

[georg22]

A group of hipster telling the business-dressed man with a BB in his hand something about security...
rediculous ad.

[belfastdispatcher]

There seems to be some misconception about FIPS certification. It does not make your phone impenetrable.
The Playbook was FIPS certified at launch, yet a vulnerability was found and exploited resulting in Dingleberry.
A Samsung SG2 running Gingerbread is FIPS certified and can be run securely and IS being run securely within certain DOD components.
A Blackberry Torch which was FIPS certified had a vulnerability that was exploited during a pawn2own event.

FIPS does not guarantee an iron clad OS. It meets requirements but it does not ensure the OS is impenetrable.

A BB can be compromised by loading junk apps.

http://forums.crackberry.com/blackbe...-world-727830/

The key are the apps. They are, in the majority of cases, the means by which malware is introduced into devices, except for drive bys.

FIPS does not guarantee the absence of malware nor does it guarantee an impenetrable device; it means it's gone to the nist labs or nist certified labs and has been tested and standards have been met. Had FIPS meant a guarantee of impenetrability, you would have no Dingleberry.

All that said, Android has more opportunity for the introduction of malware due to the huge assortment of apps. Does it keep me from running my SGIII? Not at all. I run mine in a very judicious manner; I have no apps from sources I don't know. Example, I wanted a notification light app like BeBuzz....when I read the permissions, I did not feel comfortable. Consumers need to learn to read. Ultimately, the responsibility is on the user.

****for the record, and before anyone attempts the GOTCHA and claims I'm being hypocritical.....I have no banking apps on any device except my BB.....that means no banking apps on any of my Androids, iPhones, or iPad. Because the Android browser kills the browser on my 9900, I am more concerned about drive bys and clicking on something by accident that can get me into malware territory. THAT is the reason.

By the way, the day the BB browser catches up to Android, as it seems BB10 has, the same possibility for drive bys will occur. That will be a concerning day for me and my banking apps.

Do I wear a tin foil hat???? well.....it's part of my job.

You're right, FIPS doesn't but BES does!! I'm sure you know, and we're talking business enviroment here, not consumer.

[Bold_until_Hybrid_Comes]

� ~ { gotcha } ~ �

[neteng1000]

Android is secure as long as you didn't download weird apps that require unexpected permission. Some pirated apps/game are sometimes modified to carry virus or steal your data.

There are some rumors that SMS can carry virus for android phone, but it is impossible and most likely only contain link to the virus webpage

That right here is a security problem is it not?

Sent from my BlackBerry 9800 using Tapatalk

[Branta]

The final line of the advert - the company punchline - claims Note2 is "safe technology". There is no corresponding claim for GS3 and it actually makes no statement about the level of security provided. It is faintly implied and left to the viewer to reach conclusions not supported by the content.

[Branta]

FIPS does not guarantee the absence of malware nor does it guarantee an impenetrable device; it means it's gone to the nist labs or nist certified labs and has been tested and standards have been met. Had FIPS meant a guarantee of impenetrability, you would have no Dingleberry.

Strictly the FIPS 140 certification indicates ONLY that the cryptographic module has been tested and meets the standard. It says nothing about other unrelated components.

By the way, the day the BB browser catches up to Android, as it seems BB10 has, the same possibility for drive bys will occur. That will be a concerning day for me and my banking apps.

This is not strictly true. Drive by downloads depend on specific vulnerabilities in the browser and/or OS which are very unlikely to be replicated between Android systems and RIM systems. The problem with the BB OS6 Webkit browser occurred because RIM imported a buggy third party browser core without adequate checking.

[Branta]

You're right, FIPS doesn't but BES does!! I'm sure you know, and we're talking business enviroment here, not consumer.

I think you're talking about secure systems here... the quote is too broad to be certain.

BES doesn' t guarantee security, although it has a higher probability than its competitors. What RIM does offer is a system with a proven track record, combined with prompt resolution and patching when a vulnerability is identified.

[qbnkelt]

Strictly the FIPS 140 certification indicates ONLY that the cryptographic module has been tested and meets the standard. It says nothing about other unrelated components.



This is not strictly true. Drive by downloads depend on specific vulnerabilities in the browser and/or OS which are very unlikely to be replicated between Android systems and RIM systems. The problem with the BB OS6 Webkit browser occurred because RIM imported a buggy third party browser core without adequate checking.

My point.

It is the apps that introduce the vulnerabilities into Android and the browser that resulted in the pan2own
exploit in the webkit browser.

While the same exact vulnerabilities are not necessarily replicated across platforms, the more robust the browser the more possibility for drivebys. Your last sentence phones my point.....no platform is impenetrable.


Sent from my SEXY HOT RED SGIII using Tapatalk 2

[qbnkelt]

[QUOTE=qbnkelt;7892376]

Sent from my SEXY HOT RED SGIII using Tapatalk 2
Double

[qbnkelt]

I think you're talking about secure systems here... the quote is too broad to be certain.

BES doesn' t guarantee security, although it has a higher probability than its competitors. What RIM does offer is a system with a proven track record, combined with prompt resolution and patching when a vulnerability is identified.

EXACTLY.

BES does NOT guarantee an impenetrable platform.

We run BES security patches from RIM as they are released.

People have GOT to stop this myth of an impenetrable BB OS. It simply is NOT.

Sent from my SEXY HOT RED SGIII using Tapatalk 2

[Bold_until_Hybrid_Comes]

I think you're talking about secure systems here... the quote is too broad to be certain.

BES doesn' t guarantee security, although it has a higher probability than its competitors. What RIM does offer is a system with a proven track record, combined with prompt resolution and patching when a vulnerability is identified.

And another way of saying this is that Blackberry has a higher probability of security then android, samsung in this case (they are competitors). Another way of saying higher probability of security is "safer", as something is less likely to happen.

Safer with less vulnerabilities. No system will ever be perfect. Being the safest with least vulnerabilities and patching anything that comes up promptly is the name of the game.

To answer the OP's question. How safe could it be? Not as safe as blackberry

[qbnkelt]

� ~ { gotcha } ~ �

Yah? Exactly how? That BB is impenetrable?

Read Branta's comment.


Read carefully now.......

BB IS NOT impenetrable.

Sent from my SEXY HOT RED SGIII using Tapatalk 2

[qbnkelt]

And another way of saying this is that Blackberry has a higher probability of security then android, samsung in this case (they are competitors). Another way of saying higher probability of security is "safer", as something is less likely to happen.

Safer with less vulnerabilities. No system will ever be perfect. Being the safest with least vulnerabilities and patching anything that comes up promptly is the name of the game.

To answer the OP's question. How safe could it be? Not as safe as blackberry

Probability is not a guarantee. Not even on BES.


There are instances of secure Android use within DOD.

Agreed that laughing up is important.

Are you sure of all the apps in App World are safe? Answer carefully.

Do you realise that not all instances of BES remove the possibility of loading apps?

Put this two together and see how even a.BB with loosely configured BES can be made vulnerable through junk apps.


Sent from my SEXY HOT RED SGIII using Tapatalk 2

[Bold_until_Hybrid_Comes]

Probability is not a guarantee. Not even on BES.


There are instances of secure Android use within DOD.

Agreed that laughing up is important.

Are you sure of all the apps in App World are safe? Answer carefully.

Do you realise that not all instances of BES remove the possibility of loading apps?

Put this two together and see how even a.BB with loosely configured BES can be made vulnerable through junk apps.


Sent from my SEXY HOT RED SGIII using Tapatalk 2

I did not claim probability was a guarantee. I admitted no system is perfect. I am not trying to state BES is impenetrable.

My purposes on this thread are solely to show Blackberry is safer then android. Not prove BES against itself.

[qbnkelt]

The final line of the advert - the company punchline - claims Note2 is "safe technology". There is no corresponding claim for GS3 and it actually makes no statement about the level of security provided. It is faintly implied and left to the viewer to reach conclusions not supported by the content.

EXACTLY.

The advert says NOTHING about FIPS, BES or BIS.

I answered the incorrect statement that SGIII is FIPS certified.

Don't know where BES got drawn into the conversation.

Sent from my SEXY HOT RED SGIII using Tapatalk 2

[qbnkelt]

I did not claim probability was a guarantee. I admitted no system is perfect. I am not trying to state BES is impenetrable.

My purposes on this thread are solely to show Blackberry is safer then android. Not prove BES against itself.

Then I don't know what your gotcha was about.

� ~ { gotcha } ~ �

http://btsc.webapps.blackberry.com/b...ListHelperImpl



Sent from my SEXY HOT RED SGIII using Tapatalk 2

[belfastdispatcher]

Is a BlackBerry safer then a Samsung phone? Yes, end of story. We're not looking at circumstances to make it less safe. Which can be the most secure and there's only one answer to that: BlackBerry!

[belfastdispatcher]

It's like arguing a Ferrari can be driven at 10mph too instead of arguing about its full potential.

[Branta]

My sis in law got a weird facebook email on her droid. Didn't think anything of it and when she woke up her phone was wiped.

When I tried reloading her gmail contacts to the phone it seemed to work in the process but when you went to her contacts they weren't there. If I tried to put them in manually they weren't showing up.

That was my deciding factor in security loopholes with android. She had to go out and get a new phone.

Was just an unnecessary thing to have to go through because of something that everyone uses like facebook.

Sent from my game boy color

This is a known and documented attack. First google hits listed on search terms SMS+vulerability+samsung looks like a rational explanation:

Multiple Samsung handsets vulnerable to remote wipe hack | Dialed In - CNET Blogs
Samsung Galaxy S III remote data-wipe hack reportedly discovered [Updated] - SlashGear
It's Not Just Samsung Phones: How to Check If Your Android Device Is Vulnerable to The Remote Wipe Hack

Note that it is possible to permanently disable a vulnerable Samsung device, and although I used SMS in my search terms the vulnerability seems to be deliverable by several routes.

Update: A simple technical explanation of the attack can be found here

[Branta]

One inappropriate comment (and a reply quoting it) has been removed, and the relevant warning sent to the offender.

[warn] Keep the discussion civil and on topic please. The topic is a smartphone, not your life partner or your religion - so it does not justify getting into a fight and it certainly doesn't justify getting banned over it.[/warn]

[BitPusher2600]

Hey, Android like any OS is practically unbreakable as long as you don't put it online. Permissions and apps are what make this crap dangerous. Further, as extreme as Google's data collecting practices are, I always did wonder just how much of what Google records on each Android installation.

Branta, almost sorry I missed whatever post you deleted but I must disagree with one thing you said; each 'Berry i've owned has been 'my' life partner

If it doesn't say BINFORD, someone else probably makes it.

[Geeoff]

I'm been thinking about something regarding these new Samsung ads.

In the previous Samsung ad they took a couple pokes at Blackberry. Nothing too heavy, but Samsung was just trying to build up their own business credentials.

Now, in this ad here, they again refer to Blackberry (the black guy), but note that they do not slam him (or his phone) at all. If anything they imply that his phone is more secure than a Samsung.

Why would Samsung go soft on Blackberry???!!! I see two options:

1. Samsung is considering licensing BB10 so they don't want to slam it too hard. We already know that Lenovo had at least had preliminary discussions with RIM, so it is quite possible that Samsung at least considered this possibility too. As a matter of fact, I can almost garuntee that Samsung has considered licensing BB10. But of course, we don't know if they will actually do this.

2. The second possibility is that they are concerned about BB10 so they want to start demonstrating their superiority to it. However, since Blackberry is viewed poorly in the States, they don't want to be seen as trying to bully the little guy. That would only create sympathy for the underdog. Initially this seems more likely, but it doesn't fit with acknowledging that Blackberry is a more secure platform that Samsung.

The key point for me is that Samsung is treating Blackberry a little bit differently, and I don't know what to make of it.

[hornlovah]

No encryption scheme is impenetrable if an attacker can gain access the the encryption keys. Speaking strictly in terms of data at rest (device encryption), attackers want to obtain a physical dump of the device, and attack the password based key that secures the encryption keys. Unless there is an encryption implementation error or you have malware on your device, the security of your encrypted data is dependent on the strength of your password.

Most people don't use a strong enough mobile password to resist a competent attack though. Tamper-proof hardware and an unbreakable bootloader make a device resistant to memory dumping. RIM does make it very difficult to obtain and interpret physical dumps at this time however. The latest iPhones have a unique hardware-based encryption key so offline password attacks are not possible. Password recovery attacks on these phones are limited to roughly 6 guesses a second, no matter how much computing strength an attacker has. Off-the-shelf consumer Android devices do not enjoy these protections.

[brmiller1976]

Sorry, guys, but Android malware is a serious problem:

Malware may have infected thousands of Android devices - Times Of India

Android Malware could hit the 1 million mark in 2013 - xinmsn tech & gadgets

The Next Generation Of Android Malware | Fast Company

Massive Android malware op may have infected 5 million users - Computerworld

The Mother Of All Android Malware Has Arrived: Stolen Apps Released To The Market That Root Your Phone, Steal Your Data, And Open Backdoor

You don't see these stories about other smartphone OSes, because Google's design decisions have led to a uniquely vulnerable OS that has already infected tens of millions of users.