1. Playbook007's Avatar
    Do you really think this is to BlackBerry's advantage? How many people do you think are running to Blackberry because of this.

    The answer is easy: 0.0 (Reference:
    )

    It's hard to just change to your phone vendor in the middle of your contract, and absorb the penalties. Average consumers don't care about this (or security) and business typically have policies that disable cloud service on mobile devices. Really there is nothing new here.

    Apple will fix this, just like every other vendor, and hopefully beef it up, with two factor authentication, or something similar.

    Do you really think any cloud offering from any vendor is 100% safe? It isn't. Trying googling (or DuckDuckGo if that's your thing) about cloud breaches. It's more amazing that Microsoft is getting zero press on this, since iCloud runs on Microsoft Azure.

    I love that BlackBerry is touting how secure they are when they don't even have a consumer cloud offering... Security by obscurity is not security at all.

    Apple will announce their new wares on Sept 9th, and they will sell 10's of million devices. BlackBerry will also announce their new wares this month, and won't sell 10's of millions of devices. The public will speak with their money, and they don't really care about security or at least to the levels that BlackBerry fanboys think you need to feel safe...
    True.....the BlackBerry consumer wants to see this help BlackBerry phone sales. It won't. The Apple consumer will stay put. However, this will hurt Apple in the enterprise arena. This is a basic breach at best. "Brute Force Attacks" are not sophisticated. If Apple could not see this coming, well I doubt any enterprise requiring serious security will choose them now, or at least in the near future.

    Posted via CB10
    Dave Bourque likes this.
    09-05-14 11:25 AM
  2. Dave Bourque's Avatar
    True.....the BlackBerry consumer wants to see this help BlackBerry phone sales. It won't. The Apple consumer will stay put. However, this will hurt Apple in the enterprise arena. This is a basic breach at best. "Brute Force Attacks" are not sophisticated. If Apple could not see this coming, well I doubt any enterprise requiring serious security will choose them now, or at least in the near future.

    Posted via CB10
    Brute force is simple and they didn't bother implementing the proper security measures.

    Z10STL100-3/10.2.1.3247
    09-05-14 02:58 PM
  3. redlightblinking's Avatar
    Do you really think this is to BlackBerry's advantage? How many people do you think are running to Blackberry because of this.

    It's hard to just change to your phone vendor in the middle of your contract, and absorb the penalties. Average consumers don't care about this (or security) and business typically have policies that disable cloud service on mobile devices. Really there is nothing new here.

    Apple will fix this, just like every other vendor, and hopefully beef it up, with two factor authentication, or something similar.
    It's more about the slow bleed. People don't run out and break their contracts and get a new phone just because they realized that Apple isn't as smart as they say they are. But, it's just one more thing some people might consider. The fact that Apple had to fix it means they didn't have it right to begin with.

    I love that BlackBerry is touting how secure they are when they don't even have a consumer cloud offering... Security by obscurity is not security at all..

    BlackBerry isn't touting how secure they are in the cloud space. You're making up things that aren't happening.

    Apple will announce their new wares on Sept 9th, and they will sell 10's of million devices. BlackBerry will also announce their new wares this month, and won't sell 10's of millions of devices. .
    Which has nothing to do with the possible slow bleed effect that this might have in the future for Apple vs. BlackBerry. No one is suggesting that Apple won't sell lots of phones to it's sheeple this time around or that BB won't sell far fewer. Completely pointless to even bring it up.

    The public will speak with their money, and they don't really care about security or at least to the levels that BlackBerry fanboys think you need to feel safe...
    You're right. People don't really care about their security until they don't have it. Just ask Jennifer Lawrence who owns an Iphone. BlackBerry fanboys "level of security" is such that people don't see you naked. Is that an extreme request?
    09-05-14 03:51 PM
  4. mnc76's Avatar
    True.....the BlackBerry consumer wants to see this help BlackBerry phone sales. It won't. The Apple consumer will stay put. However, this will hurt Apple in the enterprise arena. This is a basic breach at best. "Brute Force Attacks" are not sophisticated. If Apple could not see this coming, well I doubt any enterprise requiring serious security will choose them now, or at least in the near future.

    Posted via CB10
    This is where the whole "end to end" security thing comes in.

    Apple has so many different ways of gaining access to your data (in the name of ease of use and convenience) that they really need to look at their whole "connected system" of Macs, iPads, iPhones, web interfaces, device locator services, apps, etc... to ensure that all the many doors and windows into the system are locked.

    As someone said, it's no use triple bolting the door if the windows are left open.

    Posted via CB10
    lift likes this.
    09-05-14 03:54 PM
  5. mnc76's Avatar
    Speaking of "entry points" into a system.

    BlackBerry better be sure as hell to bolt down BlackBerry Blend!!

    That could be a major potential attack vector!

    Posted via CB10
    09-05-14 03:58 PM
  6. Mr.Willie's Avatar
    So.........what was the "weak password" that Jennifer Lawrence was using? You're assuming that there was a weak password involved here. And, brute force doesn't think like a human (and guess dogs names) it just tries every possible combination of letters and numbers until one works.

    So....how can it be the users fault if Apple allows ANY password to be eventually figured out by a computer? Yes, Apple fixed their end AFTER the problem happened. Tell that to Jennifer Lawrence who....for all we know....was using a password like "SFGD33cded4dfmd0sDDS" A computer can eventually figure that out if given unlimited opportunities.
    Yes, it does allow it to 'eventually' figure it out. But you make it sound like it takes hours and minutes, when in reality it takes thousands of years. Do I really care if someone starts a brut force attack on one of my accounts, and 5,000 years from now one of their descendants gains access ? The accounts weren't quite 'brut forced' hacked like you think. But yes, a limited number of attempts may have stopped it.

    Of course if she used the password you suggested and/or deleted old backups, we wouldn't be having this conversation.
    It wouldn't have mattered how strong their passwords were. The "find my phone" feature had -- until Sunday -- no protection against brute force attacks. This allowed hackers to try an UNLIMITED number of passwords without Apple ever locking the account or notifying the user.

    The flaw in "find my phone" has been fixed now. But it was only fixed on Sunday, just AFTER the pictures were found. It was, in fact, FIXED DURING THE VERY SAME TIME Apple states they did their 40 hour investigation which -- according to them -- found no problem with "find my phone".

    Their vaguely worded statement only says they were not "breached", which is technically true. Since after using the "find my phone" brute force attack, the hackers were able to login with the *correct* password. Technically, if you login with the correct password then its not a breach since iCloud is just doing what it is supposed to do when given a correct password.

    The only "targeting and social engineering" was in finding these womens' AppleIDs.

    Don't let Apple trick you into blaming the victims. Apple has behaved in a disgusting manner regarding this situation.

    Attachment 295791

    Attachment 295792

    Posted via CB10
    Don't let the media trick you. A strong password takes thousands of years to crack. Even with a limit to the number of unsuccessful tries, a weak one will still be cracked. Instead of minutes, it might take a few days to a week.

    I can't prevent someone's servers from being hacked, but I can prevent my account from being hacked. Anyone can, if they so choose.
    09-05-14 11:38 PM
  7. LibertarianFreethinker's Avatar
    One positive thing from this debacle is that people ARE talking about mobile security, password security, cloud security, etc. BlackBerry hasn't directly commented on Apple's situation, but I'm sure they're taking notes on this problem for future products and services.

    As a z10 user, I actually wish that Apple, Android, and Windows Mobile had the same dedication to robust security that BlackBerry has continually implemented. At the end of the day, it's not the corporation that emotionally suffers from this breach of privacy and trust, but people like you and me.

    Posted via CB10
    09-06-14 12:01 AM
  8. TgeekB's Avatar
    One positive thing from this debacle is that people ARE talking about mobile security, password security, cloud security, etc. BlackBerry hasn't directly commented on Apple's situation, but I'm sure they're taking notes on this problem for future products and services.

    As a z10 user, I actually wish that Apple, Android, and Windows Mobile had the same dedication to robust security that BlackBerry has continually implemented. At the end of the day, it's not the corporation that emotionally suffers from this breach of privacy and trust, but people like you and me.

    Posted via CB10
    Very well said. What I'm interested in seeing is what Apple does in the future to make their platform more secure. The negative impact on them from this event will be negligible at best. Chen knows that. BlackBerry has enough problems to worry about.

    Q10, N5, N10.
    09-06-14 07:09 AM
  9. mnc76's Avatar
    Yes, it does allow it to 'eventually' figure it out. But you make it sound like it takes hours and minutes, when in reality it takes thousands of years. Do I really care if someone starts a brut force attack on one of my accounts, and 5,000 years from now one of their descendants gains access ? The accounts weren't quite 'brut forced' hacked like you think. But yes, a limited number of attempts may have stopped it.

    Of course if she used the password you suggested and/or deleted old backups, we wouldn't be having this conversation.


    Don't let the media trick you. A strong password takes thousands of years to crack. Even with a limit to the number of unsuccessful tries, a weak one will still be cracked. Instead of minutes, it might take a few days to a week.

    I can't prevent someone's servers from being hacked, but I can prevent my account from being hacked. Anyone can, if they so choose.
    Take a look at what Apple (and most sites) define as a strong password and you'll see that a dictionary attack with substitutions can find even an "Apple strong" password in far far less than 1000 years.

    For a password to be deemed "strong", it doesn't necessarily mean it looks like a totally random string of characters.

    Even so, such "non-random, strong" passwords are still highly effective *as long as you don't give would-be hackers an unlimited number of guesses!*

    It's not like these hackers needed to do a lexicographic bruteforce search for the passwords either (which COULD take 1000s of years). In fact, even the proof of concept ibrute code started with a list of 500 predetermined passwords.

    They could have also parallelized the attack and employed multiple connections on multiple machines to attack each account since Apple had no rate limiting and no notifications regardless of what IP the attacker connected from.

    Posted via CB10
    Last edited by mnc76; 09-06-14 at 09:45 PM.
    09-06-14 09:14 PM
  10. mnc76's Avatar
    09-07-14 01:13 PM
  11. Z10NIZED's Avatar
    Image saved

    Posted via CB10
    09-07-14 11:59 PM
  12. lift's Avatar
    Image saved
    Me too. That was priceless!
    09-08-14 10:35 AM
237 ... 8910

Similar Threads

  1. BB Travel app since 10.2 / 10.3 beta issues
    By meagnostic in forum BlackBerry 10 OS
    Replies: 11
    Last Post: 09-03-14, 01:40 PM
  2. Replies: 19
    Last Post: 09-02-14, 05:57 PM
  3. Will Blackberry realease the Official OS 10.3 on the 24th?
    By Kemir in forum Rehab & Off-Topic Lounge
    Replies: 4
    Last Post: 09-02-14, 03:42 PM
  4. Last chance to save 20% on accessories at ShopCrackBerry!
    By CrackBerry News in forum CrackBerry.com News Discussion & Contests
    Replies: 0
    Last Post: 09-02-14, 01:40 PM
  5. What happened to the music section in BB World????
    By DonnyVantage in forum BlackBerry 10 Apps
    Replies: 2
    Last Post: 09-02-14, 12:59 PM
LINK TO POST COPIED TO CLIPBOARD