[Dugganm]

Hold on Maxxxpower, only yesterday I read you saying that BBM messages weren't encrypted.

Therefore, if you are correct, none of this article applies to BBM as it specifically says messaging applications that are encrypted.

[Dunt Dunt Dunt]

Hold on Maxxxpower, only yesterday I read you saying that BBM messages weren't encrypted.

Therefore, if you are correct, none of this article applies to BBM as it specifically says messaging applications that are encrypted.

Not sure what he said.... it is encrypted, it's just uses a global key so it isn't necessarily all that secure. This would apply to BBM, but it's a slippery slop to go down, what about encrypted websites that could be used to provide communications? Too be honest this might stop a few regular bad people, but the smart ones with resources will find their way around it.

[Yatezy]

All of these messaging apps can already be read by the spy agencies, no problem. Most notably the NSA tools: facebook and apple, with whatsapp and imessage.

Even BBM is vulnerable. Probably the only thing that they can't hack yet is BBM Protected.

Posted via CB10

WhatsApp has end to end encryption. WhatsApp is probably the focal point around this as it's the biggest IM service and now has end to end encryption meaning terrorists can have random chats with pedophiles and the government can't spy on us innocent folk who wanna know how many tinned tomatoes we should be picking up at Tesco from our other half.

[BCITMike]

You guys need to vote in a sex philanderer to protect your rights! Between porn blocks and eavesdropping laws, country is going to hell in a hand basket.

Posted via CB10

[thymaster]

Does this guy thinks he's god?

[stevobbm]

He is the un-elected prime minister of the UK government.

Posted via CB10

And how's that?

 Z10

[Tonymcc2]

Yes he does...He belongs to the British version of the American Republican party and they all think they are God and have the right to determine how every one else should/will live their lives...Orwell warned us but we were not listening!!!

[Old_Mil]

The alternative? UKIP.

Posted via CB10

[anon(1852343)]

Maybe bbm should ban cameron, just a thought

Blackberry Passport running 10.3.1.1151

[Chris S Mellor]

You guys are really going too far on David Cameron here... Sure he's gone back on his word and he isn't very popular right now, but he isn't a monster or a guy with a god complex, he's just trying to help the country... in his own weird way.

BBM was never mentioned in the articles, just Whatsapp, iMessage and FaceTime.

But all of those apps are very popular, he wouldn't be able to block them. He would render iPhones useless in the UK, BlackBerrys would take a hit too, and Android with Windows Phone, well actually they'd probably be fine

Q10 SQN100-3 on 10.3.1.1949

[Smitty13]

The system is secure. It is encrypted between the phone and the BIS/BB10 BIS equivalent server, decrypted there, looked at to see where the message is supposed to go, encrypts it and sends to the destination device. This is a typical VPN setup. BES works the same way, except the server is with the company, and the keys, certificates and such are put in buy the company. Any US company is required to abide by CALEA laws and hand over comms with a Warrant. Sarbanes Oxley requires messages be archived. Compliance: This is why it works the way it works. Notice how all the known info being handed over is from BlackBerry to a requester. The Champagne info is from Snowden docs which some have questionable validity.

With iMessage, Apple is issuing the crypto keys, telling the device the Apple Push Notification address to send the message to, so Apple, or some other entity could in fact issue a man in the middle attack and simulate the iMessage information, or change the APN to decrypt at another point and then re-encrypt and send out to the real APN. Peoples device info is stored in Apple's Directory Service which could also be manipulated to add an extra point to fork messages off to. When you have the keys to the kingdom with a centralized solution, it could be done, and quite easily. But to say that they, or someone else can't get the data is completely false. Just reading the iOS Security document from February 2014 explains how it works and this is how I can derive it can be manipulated from that document.

Posted via CB10

Excellently put. I would be careful engaging this member though, I do believe it was the back and forth him and I had that recently had a thread shut down completely. Some nonsense about iMessage being secure despite noted and achieved exploits by researchers....

Whatever the case is on the whole with this situation, it just goes to show a.) the complete arrogance of these people when the honourable Mr. Cameron drops the gem that we should not be allowed to possess means of communication that we (the government) cannot read and b.) how completely out of touch some law makers are from the reality of how technology works.

It frightens me that we have law makers imposing laws upon our digital lives when they themselves do not grasp how the technology works. Do these people not realize that if you 'backdoor' every piece of software that yes, you surely will allow the "good guys" (whoever that is these days) access to the data, but that inevitably creates a much broader avenue for the "bad guys" to also easily tap into that data. The task in of itself would be monumental in comparison to that completely useless pornography filter implemented in the UK. One article summarized it best:

"The next step is to order Chinese-style filtering using deep packet inspection, to try and distinguish traffic and block forbidden programs. This is a formidable technical challenge. Intrinsic to core Internet protocols like IPv4/6, TCP and UDP is the potential to "tunnel" one protocol inside another. This makes the project of figuring out whether a given packet is on the white-list or the black-list transcendentally hard, especially if you want to minimise the number of "good" sessions you accidentally blackhole." (Source: What David Cameron just proposed would endanger every Briton and destroy the IT industry - Boing Boing)

Does Cameron not realize what this will do to the economy of the UK, not just technologically speaking but also for other such things as R&D in various private sector firms? If this abomination of a law is somehow passed, do they honestly believe companies will be wishing to do business in the UK when they essentially cannot keep their trade secrets private without breaking the law?

For a Prime Minister who says he is all about a healthy economy, he sure is pulling one bone headed move.

[twiggyrj]

The alternative? UKIP.

Posted via CB10

Oh god, that would make things a whole lot worse. UKIP is full of clowns, it will be a sad day if they ever become a major party that effects policy.

[belfastdispatcher]

They're just trying to look like they are doing something but in reality .....

Take the Paris terrorists, open hate Facebook pages, known to police, trained in Yemen, one lived with the underwear bomber while there.

And they wanna ban instant messengers.......ok

And by the way, the Paris Police Cief shot himself in the head before writing the report about the whole incident.

Can you say dodgy?

[stevobbm]

Theresa May has just reiterated the need for new legislation to counter terrorism.
She's talking about the so called snoopers bill.

 Z10

[Dunt Dunt Dunt]

You guys need to vote in a sex philanderer to protect your rights! Between porn blocks and eavesdropping laws, country is going to hell in a hand basket.

Posted via CB10

As I said earlier... It's kinda funny that George Orwell's 1984 took place in a future version of Britton where the Thought Police made sure everyone stayed in line.

Sadly, there is a need to protect the public and that often is at the expense of the individual. And once you have the tools to protect people from Terrorist.. Why not protect them from other Criminals, like you next door neighbor that is growing pot in her basement. Your parents that cheat on their taxes by not reporting that $5000 in groceries your gave them. And as there are plenty of Studies that show the dangers of Porn and infidelity to society.... why not go after these too. People have to be controlled... for the good of everyone.

[Maxxxpower]

The system is secure.

Excellently put. I would be careful engaging this member though, I do believe it was the back and forth him and I had that recently had a thread shut down completely. Some nonsense about iMessage being secure despite noted and achieved exploits by researchers...

This is so painfully wrong and I already proved this in the other thread. You don't even know the difference between a proof-of-concept and an actual security flaw that is proven to be actively exploited. @Smitty: Even other members found out that you have at best partial knowledge of BBMs security...
http://forums.crackberry.com/blackbe...ndroid-990060/
Whats's the benefit of promoting an IM as secure that is definetely compromised by several governments/agencies/third parties?

Therefore, if you are correct, none of this article applies to BBM as it specifically says messaging applications that are encrypted.

Correct. It only applies to other, secure methods of communication. There is no occasion to ban an IM they can already ready word by word.

[Smitty13]

This is so painfully wrong and I already proved this in the other thread. You don't even know the difference between a proof-of-concept and an actual security flaw that is proven to be actively exploited. @Smitty: Even other members found out that you have at best partial knowledge of BBMs security...
http://forums.crackberry.com/blackbe...ndroid-990060/
Whats's the benefit of promoting an IM as secure that is definetely compromised by several governments/agencies/third parties?

And yet, the very same knowledge I did have (albeit not quite complete) you refuted in the earlier closed thread. You have claimed a) BBM is not encrypted (wrong; unfortunately that post has since been deleted from the other thread) and b) iMessage is secure (wrong; despite noted and executed exploits you still refuse to accept reality).

You once again have clearly not read the linked article I had shown you as that was not a proof-of-concept but an exploit that had been executed by said researcher. Heck, they even included the coding they used to execute it! What more could you possibly want to show this is not a "theory" as you like to put it, but something that has been factually shown to work? Someone to come to your residence to sit down and show you?!

Additionally, you have not addressed anything Lnichols has brought to your attention. Oh wait, is that all theoretical too which means iMessage is clearly secure and uncompromised?

I will clearly accept the win in this debate as you have shown time and time again you have no interest in addressing the very clear and concise criticisms of your views on iMessages. Unless of course you are willing to stop ignoring these points and actually address them? I would be more than willing to continue in a civil manner if that is the case.

Finally, you continuously discount BBM as insecure but fail to address the fact that with the addition of BBM Protected you have entered an entirely new realm of security.

Correct. It only applies to other, secure methods of communication. There is no occasion to ban an IM they can already ready word by word.

Incorrect. What Cameron is proposing is the systematic banning of all encrypted communication platforms that seemingly would not adhere to a policy which would allow for easy government snooping. No matter how weak a program's encryption is, if it did not allow for an "easy means for governments to read it" (A.K.A. a 'backdoor' as it is commonly known). Despite BBMs relatively weak encryption scheme versus other popular apps, I am quite sure they would come under pressure to allow for government snooping into BBM conversations (akin to the requests the Indian government made). Do you really believe Cameron would give any software vendor a free pass if he implements this law as described?

(Source video/article: WhatsApp and iMessage could be banned under new surveillance plans - News - Gadgets and Tech - The Independent / David Cameron pledges new 'snoopers' charter' if he wins general election - UK Politics - UK - The Independent)

It has been tabled by Cameron before to 'ban' BBM from the UK, so what makes you think he wouldn't include it again in this next iteration of this law? (Source: Cameron considers blocking Twitter, Facebook, BBM after riots - CNET) That is an honest question I would love for you to answer.

[stevobbm]

He would never get the cross party support

 Z10

[Maxxxpower]

And yet, the very same knowledge I did have (albeit not quite complete) you refuted in the earlier closed thread. You have claimed a) BBM is not encrypted (wrong; unfortunately that post has since been deleted from the other thread)

It has not been deleted and I state again that it is just scrambled (as it uses a global key). Therefore can be read be various "third parties". And therefore is not secure

and b) iMessage is secure (wrong; despite noted and executed exploits you still refuse to accept reality).

I never stated it was secure
I stated It is
a) more secure as BBM as there are no cases known it has been hacked under normal conditions or Apple would have been forced to perform a man-in-the-middle-attack. Like any other closed source manufacturer could be forced to/could be infiltrated by NSA etc. Even Blackberry! In contrast to Blackberry there are no cases known of Apple gaining access to iMessages or even be hacked by agencies. If that is not "more secure" you must ahve a very strange definition of what "secure" means.
b) widely regarded to be very secure https://www.eff.org/de/secure-messaging-scorecard

You once again have clearly not read the linked article I had shown you as that was not a proof-of-concept but an exploit that had been executed by said researcher. Heck, they even included the coding they used to execute it! What more could you possibly want to show this is not a "theory" as you like to put it, but something that has been factually shown to work? Someone to come to your residence to sit down and show you?!

Its a theoretical exploit showed "in a lab". For a usage "in the wild" it would need Apple to actively perform a man-in-the-middle attack through faked certificates to bypass the end-to end-encryption (remember BBM doesn't even have end-to-end encryption!)

Finally, you continuously discount BBM as insecure but fail to address the fact that with the addition of BBM Protected you have entered an entirely new realm of security.

I never stated anything concerning the security of BBM protected as it was not of any concern in the other thread which covered the security of using BB10 for regular customers which use regular BBM. Have you ever cared how hard it is to buy BBM protected? Why the hell is it so hard to buy and so easy to buy stickers?

Incorrect.

Nope.

[Smitty13]

It has not been deleted and I state again that it is just scrambled (as it uses a global key). Therefore can be read be various "third parties". And therefore is not secure


I never stated it was secure
I stated It is
a) more secure as BBM as there are no cases known it has been hacked under normal conditions or Apple would have been forced to perform a man-in-the-middle-attack. Like any other closed source manufacturer could be forced to/could be infiltrated by NSA etc. Even Blackberry! In contrast to Blackberry there are no cases known of Apple gaining access to iMessages or even be hacked by agencies. If that is not "more secure" you must ahve a very strange definition of what "secure" means.
b) widely regarded to be very secure https://www.eff.org/de/secure-messaging-scorecard


Its a theoretical exploit showed "in a lab". For a usage "in the wild" it would need Apple to actively perform a man-in-the-middle attack through faked certificates to bypass the end-to end-encryption (remember BBM doesn't even have end-to-end encryption!)


I never stated anything concerning the security of BBM protected as it was not of any concern in the other thread which covered the security of using BB10 for regular customers which use regular BBM. Have you ever cared how hard it is to buy BBM protected? Why the hell is it so hard to buy and so easy to buy stickers?


Nope.

Ah, old habits again eh? That is to say, still not answering relevant questions, so I will even bold it for you this time and wait to address your other inaccuracies:

It has been tabled by Cameron before to 'ban' BBM from the UK, so what makes you think he wouldn't include it again in this next iteration of this law? (Source: Cameron considers blocking Twitter, Facebook, BBM after riots - CNET) That is an honest question I would love for you to answer.

[Maxxxpower]

Next time you write anything please consider this fact:

BBMs can be read by various agencies/governments.

There is no reason to call such a product "secure"

I don't need to answer every post you're writing to beat around this bush.

[howarmat]

i am going to ban both of you if you dont stop arguing in every thread. Only warning.

[Smitty13]

i am going to ban both of you if you dont stop arguing in every thread. Only warning.

Duly noted. It will not happen again from my end.

EDIT: I have additionally added the aforementioned user to my ignore list.