- 01-15-2013, 03:24 AM #26
However, these are specific high value targets.
A Blackberry, while being in fact inherently more secure, is not impenetrable and can be made vulnerable through irresponsible or careless use.Do not meddle in the affairs of dragons, for thou art crunchy, and good with ketchup
- 01-15-2013, 03:32 AM #27
Now....I do not have the same password for all my accounts.
I change my passwords every time I change my passwords at work.
I keep no banking apps on my non BB devices.
All my devices are password locked and the media card is encrypted.
Out of all the devices I have ever owned, I have only lost one, my Skyrocket. There were no banking apps in it and that's the only device that had access to gmail.
Most important of all - I am extremely careful as to how I use my devices. I did have two phishing attacks that were not successful because I recognized them as such.
Did I tell you that I work in IT and manage secure systems behind secure federal firewalls?????? When I said:
"I've got to say....this, alongside clean BB10 phones with no issues like the 99xx bricking incidents, will be great news for RIM *inside the Beltway.* As a consumer, this won't keep me from using my iPhone or my iPad. I do not access any sensitive information on them."
I made a demarcation to what I will believe to be reactions *inside the Beltway* as opposed as my personal, consumer use of my devices. I do not have sensitive, in that context meaning work associated sensitive information, on my personal/consumer devices. Therefore there is no risk of my work device and any sensitive information being compromised. That information is not being vulnerable through my use of Instragram in my personal/consumer devices.....
You'll have to work mighty hard to get at my precious!!!!
Last edited by qbnkelt; 01-15-2013 at 03:45 AM.Do not meddle in the affairs of dragons, for thou art crunchy, and good with ketchup
- 01-15-2013, 03:50 AM #28
You manage your devices and security concerns with a high level of consciousness and professionalism, I never doubted !
But I believe average user won't, that was my sole point , your "I do not access any sensitive information on them" may sound like the (in)famous "I've got nothing to hide" to some, and made me react, not targeting at you . Sorry if it was not clear.
- 01-15-2013, 04:04 AM #29
Re: Red October: Security scare has already begun . . .
I just make a clear demarcation line between work sensitive and personal sensitive. NOTHING work sensitive on my personal non BB devices.....
That was the reason for my dismay at federal agencies using iOS.
And by the way you are absolutely correct....most consumers don't care. Until their banks are cleaned out.
Sent from my SEXY HOT RED SGIII using Tapatalk 2Do not meddle in the affairs of dragons, for thou art crunchy, and good with ketchup
- 01-15-2013, 04:12 AM #30
From qbnkelt's doc :
Examples of "one-time" tasks [restricted to mobile devices by me]
- Wait for an iPhone or a Nokia phone to be connected. Once connected, retrieve information about the phone, its phone book, contact list, call history, calendar, SMS messages, browsing history
- Wait for a Windows Mobile phone to be connected. Once connected, infect the phone with a mobile version of the Rocra main component
Was the malware limited to only workstations or did it have additional capabilities, such as a mobile malware component?
Several mobile modules exist, which are designed to steal data from several types of devices:
- Windows Mobile
These modules are installed in the system and wait for mobile devices to be connected to the victim's machine. When a connection is detected, the modules start collecting data from the mobile phones.
- 01-15-2013, 04:36 AM #32Do not meddle in the affairs of dragons, for thou art crunchy, and good with ketchup
- 01-15-2013, 04:39 AM #33
In general terms though, BB and iPhone can seem to be more secure because they have an entire control over the OS. In general terms once again, BB may be more secure because of a more sophisticated code (that's what I wos told here, I didn't check it yet). In general terms, open source may be more vulnerable (because it's open). In some particularities, BBM is mores secure that any cross-platform (and I bet that it's more secure than text-messaging).
Now, can we say that one particular BB user is really better protected than another particular Android user? I don't think so, I think it depends on whether he is an important person, on his security options, on the use of his phone, etc.
And coming back to huge huge generalizations. The Economist made a nice article this summer (and even put it on the cover) : Who's afraid of Huawei? It's nothing like the doomsday or the comeback of the cold war, the magazine stays very reasonable, but points out a real problem : in a market economy, in the world where markets are open, a liberal country cannot discriminate Huawei for big infrastructure contracts just because it is Chineese. Still there are strong doubts on what Huawei does and how does it do it : in clear, if suspicions that Huawei provides help to the Chineese spies, it can deliver the malware infested products (and it's not only the phones, it can be infrastructure cables) that nobody will ever detect. So far there are no proofs, but can one take this risk? If one doesn't take the risk because of the suspicion, then it's not an open market anymore...
Now, Huawei will be a part of the Tizen team and some say that it's even possible that Samsung equips Galaxy 4 with Tizen (while others say that it will only be marginal). Will I ever buy a phone under Tizen (knowing that Huawei is in?)? Never. But how many people are aware that Samsung's Tizen is linked with Huawei? How many people read the Economist?
Huawei propose the Ansroid phones now? What are the real risks about it for Android users, are these risks simply possible? I don't know, I'd like to know...
- 01-15-2013, 04:39 AM #34
- 01-15-2013, 08:04 AM #36
I didn't say it was impenetrable, I said "more secure". You commented that you've never had a banking app on a non BB. Why is that? Hmmmm..... Probably because it's more secure.
- 01-15-2013, 11:28 AM #37
Can't give any link now and no serious source would state it like this (hence imagine the worldwide panic), so consider it as my personal specualtion
- 01-15-2013, 11:36 AM #38
As far as banking apps on non BB....in four years in this forum, I have always stated and always been very straightforward that my banking apps are on my BB. And I have never made the case that iOS or Android are as secure as my BB. I have specifically stated that my sensitive information is on my BB because I know that it is more secure.
Sorry....no gotcha moment, love.
Do not meddle in the affairs of dragons, for thou art crunchy, and good with ketchup
- 01-15-2013, 01:21 PM #39
"Red October" Diplomatic Cyber Attacks Investigation - Securelist) that the most prevalent group are "diplomatic" which from their distribution suggests probably overseas embassies (etc) representing states on the primary target list - but they would be tagged by IP tracing as the state in which they are located, not the state they represent. Eliminating the embassies from the list the other target types show a remarkably high frequency of "muslim" and "former soviet" places. That might point to a few prime suspects for the origin of this exploit - it's not what you see, but what is missing from the picture that could give the answers.
My point about China and Korea being non-detected countries is that these are generally regarded as high risk for spying, and a potential target (embassy) there probably takes additional precautions both to prevent incoming exploits and to detect outbound exploit traffic. Particularly with China the Great Firewall could also impede egress of traffic to be detected by western observers in the study. However, if the exploit is controlled by China as you think I would expect at least a few diplomatic targets would have surfaced there simply because the activity of foreign embassies is high priority for any home intelligence service. OTOH, if China is running this it is also plausible that there is no reason to route traffic from compromised embassies via servers outside China where it could be detected.<a href="http://www.galatis.de/starboard.php?d=5518"><!-- Something special for the spammers --></a>
CrackBerry... where only Stupid People fight about Smart Phones
- CrackBerry User
01-15-2013, 06:11 PM #40
- 58 Posts
- 01-15-2013, 07:46 PM #42
- 01-15-2013, 11:44 PM #43
If you read your own link you would see in fact it was some banks in in germany/italy/spain with using sms for for security updates, not hard for a criminal to go phishing there. As such those handful of banks there would be held liable for weak security. Interesting to see if they changed their ways after being called out on it.Negative thinking destroys your brain cells and causes global warming.*- Dodinsky (The Scientific Institute of Get Over It!) Action Spots
- 01-16-2013, 01:14 AM #44
- 01-16-2013, 04:15 AM #45
I vaguely remember some discussion as to how iOS encrypts data, and that discussion seemed to say that in fact it does encrypt data better than BB, but that is a vague memory of a discussion here. I'll have to find it, it was a long time ago.
Edit - I believe this is it.
The main thing to remember about the benefit of BES is not what people think of.....most people thinks main attribute is seamless syncing with Outlook. But for secure communities, the main benefit of BES is complete control and shut down of certain aspects of the device and monitoring and retrieval of communication, if needed for e-discovery.
I have knowledge of a case where there was a person involved in illegal activity. The e-discovery effort retrieved all required evidence to land that person in prison for fifteen years. BES was instrumental.
The other prized feature of BES is control as to what a person loads into the device. I cannot even load The Weather Channel on my device. I can't back up my device to my personal computer. I can't even attempt to back up my device to my work computer even if I tried. Nothing.
It's not so much that iOS and Android are insecure, it's that the very thing that makes iOS and Android appealing to consumers, the availability of apps, is what introduces the possibility of malware, Trojans, worms, and remote control of these devices. I have nothing on my iPhone and my Android from questionable sources now; I compromised my Atrix through the use of live wallpapers which I LOVED. I was new and excited and loaded a wallpaper that resulted in mass emailings and which I believe resulted in two spear phishing incidents. Since then, I have not downloaded any live wallpapers or apps from sources that I don't know or from unofficial sources. Because it is so easy to download apps from questionable sources on Android (and to a lesser extent iOS) there is greater possibility of vulnerabilities to be exploited.
The majority of exploits require action from the user. Downloading an app, clicking on a site. So, because of that, companies that value security and secure agencies go to BES and lock it down to where any such action is impossible. Now, it is possible to go for the most critical target in a secure environment, and that would the BES admin himself. At that point, you're in.
And there are also now drive by, browser based exploits which are particularly problematic with the *currently* more advanced browsers in Android devices.
***must add.....there have been vulnerabilities found in the Blackberry app store....BB is not immune to disreputable vendors....****
Last edited by qbnkelt; 01-16-2013 at 04:29 AM.Do not meddle in the affairs of dragons, for thou art crunchy, and good with ketchup
- 01-16-2013, 04:37 AM #46Owner of T-Mobile Bold 9780 and a 16GB Playbook
- 01-16-2013, 04:57 AM #47Owner of T-Mobile Bold 9780 and a 16GB Playbook
- 01-16-2013, 06:34 AM #48
"The Rocra malware modules have been created by Russian-speaking operatives."
and right below:
"Currently, there is no evidence linking this with a nation-state sponsored attack."
As you know there is such a thing as corporate espionage and this looks to be an example of it. I would think there is a lot of money to be made from the type of information gathered here be it of geopolitical or corporate nature.
- CrackBerry Master
01-16-2013, 11:01 AM #49
- 1,003 Posts
BlackBerry has historically been the leader in mobile / corporate security. BlackBerry 10 will be no different, as they wish to remain the global leader in mobile computing security. A lot of agencies and institutions count on BlackBerry security to do their business. Something the "BYOD" firms clearly did not consider when allowing employees to use their 'fun phones' for business. Enter, "BlackBerry Balance" and "BlackBerry Fusion". Anyways, BlackBerry owners don't have to worry now or going forward to "the 10", lol.-------------------------------------
why did my signature disappear?
- CrackBerry Master
01-16-2013, 11:06 AM #50
- 1,003 Posts
same cycle as always, the most popular and vulnerable platforms become targeted by 'hackers' - bound to happen. i remember when people would say things like, "i use a mac, i get no virus / malware" - now, they (mac users) have similar security concerns as windows users have always had when it (windows) was the predominent consumer platform, therefore was under attack the most, now it's more equal.
same thing with mobile computing - get more devices in consumers hands, hackers will want to harm as many of the most popular devices as possible, that's the game. sad really, tech should just be for the betterment of mankind-------------------------------------
why did my signature disappear?
- By xkRoWx in forum BlackBerry 8800, 8820Replies: 2Last Post: 07-07-2009, 10:09 AM
- By demonbluedays in forum BlackBerry Curve 8900Replies: 10Last Post: 04-16-2009, 05:05 PM
- By MattyVigilante in forum BlackBerry Bold 9000Replies: 8Last Post: 02-22-2009, 10:16 AM
- By warrior062 in forum BlackBerry StormReplies: 7Last Post: 11-20-2008, 09:17 PM
- By Mattsworld in forum BlackBerry StormReplies: 68Last Post: 11-03-2008, 05:47 PM