1. ssbtech's Avatar
    I got a security alert email from Microsoft and decided to log into my account and take a look.

    There were a couple of successful account access attempts from IP 68.171.232.33, which apparently belongs to BlackBerry. Microsoft shows this to be in Dallas, Texas. (I'm in Canada).

    It looks like the connection is using SSL so I'm not too worried.

    Anyway, I suspect this was due to me setting up the account on the phone, but I'm puzzled. Why is it going through a US IP address belonging to BlackBerry? I thought the "beauty of sync'd email" was that the phone connects directly to the mail server and isn't reliant on something like BlackBerry's servers, BIS, etc...

    Any ideas would be great.

    Thanks.
    04-16-14 01:58 AM
  2. Omnitech's Avatar
    I got a security alert email from Microsoft and decided to log into my account and take a look.

    There were a couple of successful account access attempts from IP 68.171.232.33, which apparently belongs to BlackBerry. Microsoft shows this to be in Dallas, Texas. (I'm in Canada).

    It looks like the connection is using SSL so I'm not too worried.

    Anyway, I suspect this was due to me setting up the account on the phone, but I'm puzzled. Why is it going through a US IP address belonging to BlackBerry? I thought the "beauty of sync'd email" was that the phone connects directly to the mail server and isn't reliant on something like BlackBerry's servers, BIS, etc...

    Any ideas would be great.

    Thanks.

    One of the reasons it takes a while to configure an account on the phone is because it tests the credentials to make sure they are valid before it tells you the account can be setup.

    That might likely result in an access attempt from BlackBerry IP address space. Just like if you were using their email connectivity testing tool.

    Though if the account were already setup on the device I would not expect any more of those probes unless you deleted/recreated or added a new account.

    Another possibility is you have an old BIS account that has been configured to retrieve email from this Outlook account.
    04-16-14 02:30 AM
  3. Omnitech's Avatar
    BTW, the IP resolves to bbcs.blackberry.net - which likely stands for BlackBerry Business Cloud Services.

    BlackBerry Business Cloud Services for Microsoft Office 365 - US
    BlackBerry Features in Office 365 | Office 365 Platform Service Description
    04-16-14 02:32 AM
  4. jpvj's Avatar
    Correct. When you set up an email account on BlackBerry 10 the email and password is transmitted to BlackBerry infrastructure.

    The primary reason is to provide the best and most secure connection setting based on the mail domain (@outlook.com). The credentials are also tested. I assume it is done to check if everything is working after the setup guide is done.

    If you don't want this, just perform an advanced setup. You just need to know all details yourself.

    This caused a huge debate sone time ago after the German "Heisse" magazine revealed "BlackBerry are sending your login to their servers".

    BlackBerry does not save the credentials and the process is also described in the EULA (nobody reads them!).

    Posted via CB10
    kbz1960 and ssbtech like this.
    04-16-14 11:23 AM
  5. ssbtech's Avatar
    Thanks, jpvj.

    Too bad it can't look up the settings based on domain and username alone without having to log into the account from a strange IP.
    04-16-14 11:50 PM
  6. Omnitech's Avatar
    Thanks, jpvj.

    Too bad it can't look up the settings based on domain and username alone without having to log into the account from a strange IP.

    It's not a "strange IP". It unambiguously resolves to Blackberry IP address space and hostname.

    You're welcome.
    PJD642 likes this.
    04-17-14 12:57 AM
  7. sinkingphoenix's Avatar
    It's not a "strange IP". It unambiguously resolves to Blackberry IP address space and hostname.

    You're welcome.
    It is a strange IP for him personally, no matter if it resolves easily. This is exactly the reason why stuff like this should be asked permission for (and not in a legal document somewhere, but as a dialog, asking the user if he wants this password check to happen). One of the reasons why Heise reported it, was that it wasn't stated clearly before.

    Posted via CB10
    04-17-14 01:05 AM
  8. southlander's Avatar
    Thanks, jpvj.

    Too bad it can't look up the settings based on domain and username alone without having to log into the account from a strange IP.
    It could retrieve the settings without doing that. But it can't verify it all works as expected without testing it.

    Z10STL100-4/10.2.1.2141
    04-17-14 01:52 AM
  9. Omnitech's Avatar
    It is a strange IP for him personally, no matter if it resolves easily. This is exactly the reason why stuff like this should be asked permission for (and not in a legal document somewhere, but as a dialog, asking the user if he wants this password check to happen). One of the reasons why Heise reported it, was that it wasn't stated clearly before.
    I don't disagree that like many other things in BlackBerry 10, there is not enough notification, logging, and documentation for various device/OS functions.

    That said, I disagree that it's a "strange IP". He already knew it was Blackberry. Blackberry is not a "strange" organization, and in fact it is the company that built his smartphone and all the email functionality contained within it.

    To me - as someone who has worked in IT security for many years - a "strange" IP is an IP address in a relatively obscure country with very little I.T. infrastructure, which has no forward or reverse name resolution, whose IP address space belongs to some mysterious organization hiding behind anonymized WHOIS or national IP address space registry records, which is engaging in completely unexpected, suspicious behaviour. (ie, probing for Heartbleed vulnerabilities, the currently-trending "suspicious behaviour".)
    04-17-14 02:01 AM
  10. jpvj's Avatar
    From a security point of view I agree.

    I assume it is made this way because it's because BlackBerry kan make modifications (=optimize the process) very easily in their own infrastructure where as it requires some data or opdated account app to be downloaded to the device. Further more the device could be behind a firewall while the account is being configured making the setup fail.

    With the current implementation the process is 100% controlled by BlackBerry.

    Personally I would prefer a "Best effort attempt" from the device (would probably work for 95%+) and it failed a choice between "Let BlackBerry infrastructure try" or "Manual / advanced setup".

    This would leave the control in the handd of the user.

    Posted via CB10
    04-17-14 02:42 AM
  11. Gearheadaddy's Avatar
    From a security point of view I agree.

    I assume it is made this way because it's because BlackBerry kan make modifications (=optimize the process) very easily in their own infrastructure where as it requires some data or opdated account app to be downloaded to the device. Further more the device could be behind a firewall while the account is being configured making the setup fail.

    With the current implementation the process is 100% controlled by BlackBerry.

    Personally I would prefer a "Best effort attempt" from the device (would probably work for 95%+) and it failed a choice between "Let BlackBerry infrastructure try" or "Manual / advanced setup".

    This would leave the control in the handd of the user.

    Posted via CB10
    99.9% of BlackBerry end users would not know what to do if asked to make a choice...

    Trusted Member Genius
    04-17-14 03:31 AM
  12. Omnitech's Avatar
    I assume it is made this way because it's because BlackBerry kan make modifications (=optimize the process) very easily in their own infrastructure where as it requires some data or opdated account app to be downloaded to the device. Further more the device could be behind a firewall while the account is being configured making the setup fail.

    With the current implementation the process is 100% controlled by BlackBerry.

    Personally I would prefer a "Best effort attempt" from the device (would probably work for 95%+) and it failed a choice between "Let BlackBerry infrastructure try" or "Manual / advanced setup".

    This would leave the control in the handd of the user.

    I don't know if you are familiar with this tool:

    https://www.blackberry.com/eavt/web20/

    It's a very handy test utility from Blackberry for people who are having trouble getting email to work right. It verifies that all the settings and credentials are functional for a given account, and obviously does not depend on local internet connectivity other than the ability to reach the page with a web browser. Microsoft has a tool of their own that does that kind of thing, and some other things. Both of them require you to enter your credentials so they can test them. But that's clear right up front, and there is a "Terms and Conditions" link right in your face to make sure you understand what liability (ie none ) they are willing to take for people who use that tool.

    But when it comes to the device itself - BB10 has been handicapped by the usual Blackberry sloppiness and execution issues (see previous comment) as well as an original design philosophy that attempted to ape Apple's "keep it simple" approach - but without (IMHO) in many cases, the deep understanding and engineering necessary to make "simple" actually work most of the time. Making something simple can oftentimes be actually very difficult to pull off, because you have to take into account all sorts of variables that the user would normally be expected to contribute, and the onus is on the designers to do it reliably, fail gracefully, and keep the user happy all throughout.

    In this case - they mostly succeeded with making it simple - except when it doesn't work, and then everything breaks down because users don't get the slightest indication of why things aren't working. No popup help, no useful error messages, etc.

    BlackBerry could have vastly reduced frustration and surprise from the userbase (and thus, articles such as the one from Frank Rieger that heise.de reprinted and got echoed all over the place after that) if they had just bothered to explain what they were doing with the credential-sharing rather than do something slightly questionable and then wait until people discovered it themselves and raised the alarm about it.

    This to me is just another example of how the "new Blackberry" tried to re-invent the wheel on so many things, pushing the legacy OS people who had already done all this stuff into a dark corner somewhere and instead having the QNX crew re-invent the wheel on a bunch of things that they were clearly either too inexperienced or just downright incompetent to do properly, resulting in all sorts of "oops" like this.

    For example on the subject of email particularly - there were fundamental flaws in things like the way early builds of BB10 structured email headers - things that had no excuse for being screwed-up. Unfortunately some of those things are still with us and will haunt us for quite a while. (ie, contacts database architectural stupidities)

    I'm hoping Chen can create a regime to clean a lot of that up - hard to say how much success has been achieved so far. There are both promising signs and disturbing signs.

    (Oh, and just to reiterate: I still don't think that BlackBerry host comes from a "strange IP" - but obviously I do think they have their work cutout for them to make a variety of other needed improvements to how they provision the device, including with email accounts.)
    04-17-14 03:39 AM
  13. jpvj's Avatar
    I don't know if you are familiar with this tool:

    https://www.blackberry.com/eavt/web20/
    No. Thx for sharing.

    I agree with you on most of your post. I assume their "sloppiness" was caused by a tremendous pressure to get BlackBerry 10 out of the door.

    From an external point of view BlackBerry is doing much better now than a few years back. BlackBerry 10 is definitely a mature OS but it does contain bugs. The important part for me is how BlackBerry handles the future development as well as being open to input and provide bugfixes. So far their release cycles have been impressive - almost as if they had a lot of catching up to do.





    Posted via CB10
    04-17-14 04:26 AM
  14. jpvj's Avatar
    It could retrieve the settings without doing that. But it can't verify it all works as expected without testing it.

    Z10STL100-4/10.2.1.2141
    But they could run the initial test from the device and only upload credentials after asking the user.



    Posted via CB10
    04-17-14 04:29 AM
  15. sinkingphoenix's Avatar
    I don't disagree that like many other things in BlackBerry 10, there is not enough notification, logging, and documentation for various device/OS functions.

    That said, I disagree that it's a "strange IP". He already knew it was Blackberry. Blackberry is not a "strange" organization, and in fact it is the company that built his smartphone and all the email functionality contained within it.
    Well, if I recall correctly, BlackBerry had it somewhere in their terms of use that they do this, but still: It is a strange IP. I don't want the company that built my smartphone to access my accounts without notifying me explicitly. A BlackBerry IP would still be a strange IP to me, because it is not supposed to access my account. For this, it doesn't matter at all who it is actually.


    Posted via CB10
    04-17-14 02:30 PM
  16. Omnitech's Avatar
    But they could run the initial test from the device and only upload credentials after asking the user.

    I don't want the company that built my smartphone to access my accounts without notifying me explicitly.

    I would be willing to bet that the reason they did it that way is because it removes all the variables of the individual user's potentially messed-up internet link from the picture when setting up an account on the device. Thus making the setup process simpler, quicker and more reliable. So from a technical standpoint, it's a sound and understandable design choice.

    But here's where BlackBerry's corporate bumbling comes in: A) no one probably bothered much to think of the "big picture" implications of this - ie the "Big Brotherish" aspect, and B) this is, as suggested by my earlier posts, one of many examples where poor documentation and corporate communications leads to frustrated or indignant users who are not given any background or help from the vendor about how certain aspects of their device work.

    Even if none of the technical functionality were changed - keeping customers informed helps prevent avoidable surprises and shocks and indignance that often ends-up undermining the company's reputation and credibility.
    jpvj likes this.
    04-17-14 07:19 PM
  17. sinkingphoenix's Avatar
    I would be willing to bet that the reason they did it that way is because it removes all the variables of the individual user's potentially messed-up internet link from the picture when setting up an account on the device. Thus making the setup process simpler, quicker and more reliable. So from a technical standpoint, it's a sound and understandable design choice.

    But here's where BlackBerry's corporate bumbling comes in: A) no one probably bothered much to think of the "big picture" implications of this - ie the "Big Brotherish" aspect, and B) this is, as suggested by my earlier posts, one of many examples where poor documentation and corporate communications leads to frustrated or indignant users who are not given any background or help from the vendor about how certain aspects of their device work.

    Even if none of the technical functionality were changed - keeping customers informed helps prevent avoidable surprises and shocks and indignance that often ends-up undermining the company's reputation and credibility.
    Yep, that is exactly what I think too.

    Posted via CB10
    04-18-14 03:44 AM

Similar Threads

  1. Replies: 25
    Last Post: 04-16-14, 01:30 PM
  2. Bad or Active EDN Ebay phonr
    By Mr4aces in forum BlackBerry Bold Series
    Replies: 6
    Last Post: 04-16-14, 01:49 AM
  3. BBM on iPhone down right now?
    By coolbold in forum General BBM Chat
    Replies: 39
    Last Post: 04-16-14, 01:12 AM
  4. BlackBerry needs to release more high end phones.
    By OneofLittleHarmony in forum General BlackBerry News, Discussion & Rumors
    Replies: 4
    Last Post: 04-15-14, 10:37 PM
  5. Email issue
    By Tracey Wing in forum BlackBerry Q10
    Replies: 1
    Last Post: 04-15-14, 09:37 PM
LINK TO POST COPIED TO CLIPBOARD