[3MIKE]

This is what I found when I made a quick search


Deutsche Bank issued a new rating for BBRY with a target price of 9.0

http://www.google.ca/url?q=https://w...xwr_QRBMCisLkg

I don't know if it's good !!

[BACK-2-BLACK]

OT

From the NSA site referencing CERTICOM:

The Case for Elliptic Curve Cryptography

Background:

Over the past 30 years, public key cryptography has become a mainstay for secure communications over the Internet and throughout many other forms of communications. It provides the foundation for both key management and digital signatures. In key management, public key cryptography is used to distribute the secret keys used in other cryptographic algorithms (e.g. DES). For digital signatures, public key cryptography is used to authenticate the origin of data and protect the integrity of that data. For the past 20 years, Internet communications have been secured by the first generation of public key cryptographic algorithms developed in the mid-1970's. Notably, they form the basis for key management and authentication for IP encryption (IKE/IPSEC), web traffic (SSL/TLS) and secure electronic mail.

In their day these public key techniques revolutionized cryptography. Over the last twenty years however, new techniques have been developed which offer both better performance and higher security than these first generation public key techniques. The best assured group of new public key techniques is built on the arithmetic of elliptic curves. This paper will outline a case for moving to elliptic curves as a foundation for future Internet security. This case will be based on both the relative security offered by elliptic curves and first generation public key systems and the relative performance of these algorithms. While at current security levels elliptic curves do not offer significant benefits over existing public key algorithms, as one scales security upwards over time to meet the evolving threat posed by eavesdroppers and hackers with access to greater computing resources, elliptic curves begin to offer dramatic savings over the old, first generation techniques.

The two noteworthy first generation public key algorithms used to secure the Internet today are known as RSA and Diffie-Hellman (DH). The security of the first is based on the difficulty of factoring the product of two large primes. The second is related to a problem known as the discrete logarithm problem for finite groups. Both are based on the use of elementary number theory. Interestingly, the security of the two schemes, though formulated differently, is closely related.

Both algorithms have been subject to intense scrutiny since their invention around 1975. In the years immediately following their invention, there were a number of attacks based on a variety of degenerate ways to generate the prime numbers and such that define the system. Such parameters were quickly excluded from specifications. In the public domain, more general theoretic attacks on the fundamental problems of factoring and discrete logs made steady progress until the early 1990's. Since that time, no dramatic improvements in these attack algorithms have been published. However, there have been several efforts aimed at designing theoretical special purpose computers that would implement the existing attack algorithms far faster than general computing resources.

Since their use in cryptography was discovered in 1985, elliptic curve cryptography has also been an active area of study in academia. Similar to both RSA and Diffie-Hellman, the first years of analysis yielded some degenerate cases for elliptic curve parameters that one should avoid. However, unlike the RSA and Diffie-Hellman cryptosystems that slowly succumbed to increasingly strong attack algorithms, elliptic curve cryptography has remained at its full strength since it was first presented in 1985.

Elliptic Curve Security and Efficiency:

The majority of public key systems in use today use 1024-bit parameters for RSA and Diffie-Hellman. The US National Institute for Standards and Technology has recommended that these 1024-bit systems are sufficient for use until 2010. After that, NIST recommends that they be upgraded to something providing more security. The question is what should these systems be changed to? One option is to simply increase the public key parameter size to a level appropriate for another decade of use. Another option is to take advantage of the past 30 years of public key research and analysis and move from first generation public key algorithms and on to elliptic curves.

One way judgments are made about the correct key size for a public key system is to look at the strength of the conventional (symmetric) encryption algorithms that the public key algorithm will be used to key or authenticate. Examples of these conventional algorithms are the Data Encryption Standard (DES) created in 1975 and the Advanced Encryption Standard (AES) now a new standard. The length of a key, in bits, for a conventional encryption algorithm is a common measure of security. To attack an algorithm with a k-bit key it will generally require roughly 2k-1 operations. Hence, to secure a public key system one would generally want to use parameters that require at least 2k-1 operations to attack. The following table gives the key sizes recommended by the National Institute of Standards and Technology to protect keys used in conventional encryption algorithms like the (DES) and (AES) together with the key sizes for RSA, Diffie-Hellman and elliptic curves that are needed to provide equivalent security.


Symmetric Key Size................RSA and Diffie-Hellman Key Size...........Elliptic Curve Key Size
(bits)........................................(bit s)................................................ ........(bits)

80.............................................102 4................................................. .......160
112............................................204 8................................................. ......224
128............................................307 2................................................. .......256
192............................................768 0................................................. .......384
256..........................................15360 .................................................. ......521

Table 1: NIST Recommended Key Sizes


To use RSA or Diffie-Hellman to protect 128-bit AES keys one should use 3072-bit parameters: three times the size in use throughout the Internet today. The equivalent key size for elliptic curves is only 256 bits. One can see that as symmetric key sizes increase the required key sizes for RSA and Diffie-Hellman increase at a much faster rate than the required key sizes for elliptic curve cryptosystems. Hence, elliptic curve systems offer more security per bit increase in key size than either RSA or Diffie-Hellman public key systems.

Security is not the only attractive feature of elliptic curve cryptography. Elliptic curve cryptosystems also are more computationally efficient than the first generation public key systems, RSA and Diffie-Hellman. Although elliptic curve arithmetic is slightly more complex per bit than either RSA or DH arithmetic, the added strength per bit more than makes up for any extra compute time. The following table shows the ratio of DH computation versus EC computation for each of the key sizes listed in Table 1.


Security Level..................................Ratio of
(bits) ................................................DH Cost : EC Cost

80................................................ ....3:1
112............................................... ...6:1
128............................................... .10:1
192............................................... .32:1
256............................................... .64:1

Table 2: Relative Computation Costs of Diffie-Hellman and Elliptic Curves1



Closely related to the key size of different public key systems is the channel overhead required to perform key exchanges and digital signatures on a communications link. The key sizes for public key in Table 1 (above) is also roughly the number of bits that need to be transmitted each way over a communications channel for a key exchange2. In channel-constrained environments, elliptic curves offer a much better solution than first generation public key systems like Diffie-Hellman.

In choosing an elliptic curve as the foundation of a public key system there are a variety of different choices. The National Institute of Standards and Technology (NIST) has standardized on a list of 15 elliptic curves of varying sizes. Ten of these curves are for what are known as binary fields and 5 are for prime fields. Those curves listed provide cryptography equivalent to symmetric encryption algorithms (e.g. AES, DES or SKIPJACK) with keys of length 80, 112, 128, 192, and 256 bits and beyond.

For protecting both classified and unclassified National Security information, the National Security Agency has decided to move to elliptic curve based public key cryptography. Where appropriate, NSA plans to use the elliptic curves over finite fields with large prime moduli (256, 384, and 521 bits) published by NIST.

The United States, the UK, Canada and certain other NATO nations have all adopted some form of elliptic curve cryptography for future systems to protect classified information throughout and between their governments. The Cryptographic Modernization Initiative in the US Department of Defense aims at replacing almost 1.3 million existing equipments over the next 10 years. In addition, the Department's Global Information Grid will require a vast expansion of the number of security devices in use throughout the US Military. This will necessitate change and rollover of equipment with all major US allies. Most of these needs will be satisfied with a new generation of cryptographic equipment that uses elliptic curve cryptography for key management and digital signatures.

Elliptic Curve Intellectual Property:

Despite the many advantages of elliptic curves and despite the adoption of elliptic curves by many users, many vendors and academics view the intellectual property environment surrounding elliptic curves as a major roadblock to their implementation and use. Various aspects of elliptic curve cryptography have been patented by a variety of people and companies around the world. Notably the Canadian company, Certicom Inc. holds over 130 patents related to elliptic curves and public key cryptography in general.

As a way of clearing the way for the implementation of elliptic curves to protect US and allied government information, the National Security Agency purchased from Certicom a license that covers all of their intellectual property in a restricted field of use. The license would be limited to implementations that were for national security uses and certified under FIPS 140-2 or were approved by NSA. Further, the license would be limited to only prime field curves where the prime was greater than 2255. On the NIST list of curves 3 out of the 15 fit this field of use: the prime field curves with primes of 256 bits, 384 bits and 521 bits. Certicom identified 26 patents that covered this field of use. NSA's license includes a right to sublicense these 26 patents to vendors building products within the restricted field of use. Certicom also retained a right to license vendors both within the field of use and under other terms that they may negotiate with vendors.

Commercial vendors may receive a license from NSA provided their products fit within the field of use of NSA's license. Alternatively, commercial vendors may contact Certicom for a license for the same 26 patents. Certicom is planning on developing and selling software toolkits that implement elliptic curve cryptography in the field of use. With the toolkit a vendor will also receive a license from Certicom to sell the technology licensed by NSA in the general commercial marketplace. Vendors wishing to implement elliptic curves outside the scope of the NSA license will need to work with Certicom if they wish to be licensed.

Conclusion:

Elliptic Curve Cryptography provides greater security and more efficient performance than the first generation public key techniques (RSA and Diffie-Hellman) now in use. As vendors look to upgrade their systems they should seriously consider the elliptic curve alternative for the computational and bandwidth advantages they offer at comparable security.

¹These estimates are based on the theoretic costing of an n-bit multiply modulo a large prime as costing roughly n2 operations. It is also based on an estimate that computing an inverse modulo a large prime is roughly 8 multiplies. Actual implementations could be radically different based on computer architecture.

²In the elliptic curve case, there is actually one additional bit that needs to be transmitted in each direction which allows the recovery of both the x and y coordinates of an elliptic curve point.

[BACK-2-BLACK]

well oooooook... i will add the links

(im lazy that way !!)

[BACK-2-BLACK]

.
OT


Foxconn Looking at Long-Term Investments in India

Thomson Reuters | Last Updated: August 04, 2015 22:52 (IST)

Foxconn Looking at Long-Term Investments in India - NDTVProfit.com

New Delhi/Mumbai: Taiwan-based Foxconn, the trade name for Hon Hai Precision Industry Co Ltd, will invest in India as it builds a supply chain in the country, in a move that may help the country's efforts to build a technology manufacturing base.

Foxconn is the world's largest contract maker of electronic products and counts Apple, Blackberry, Xiaomi and Amazon among clients.

Founder and chairman said Terry Gou said on Tuesday that he was looking at India with a more than ten years timeframe in mind, but had not firmed up investment figures yet.

Mr Gou told Reuters in May he aims to develop 10-12 facilities in India, including factories and data centres, by 2020.

[3MIKE]

well oooooook... i will add the links

(im lazy that way !!)

Which site is the most credible ??

[b121]

So...an existing phone in a new color... This is newsworthy? SP should really jump with this. \sarc. Focus, John.

Posted via CB10

I personally like their devices product strategy.

Having 4 phones on the market with a 2 year refresh cycle seems more than sufficient. I can't think of any reason to upgrade the passport internals, unless to add a fingerprint reader.

A classic, passport, leap and slider seems like a solid line-up. Why not refresh the external design and relaunch? Especially because they appeared to have improved the ergonomics with this version.

I truly want the devices to succeed. If they can grow in the short term to 10MM units annually, then 15MM & 20MM, it would be an incredible success... and the share price should move accordingly.

Posted via CB10

[BACK-2-BLACK]

.

BlackBerry selling better security

By Christina Pellegrini, Financial Post August 4, 2015

BlackBerry selling better security

Graham Murphy is tinkering with an infusion pump as if he's adjusting the settings with his fingers. He isn't. Instead, he's using what he calls basic lines of malicious code to hack into the device, which is used to deliver medicine to patients. First it connects his laptop to the pump directly through a cable. Then he logs in remotely via a Wi-Fi connection, breezing by security both times because, well, there isn't any. No ID to guess (it was available online). No firewall to breach. No system, it seems, to detect his presence.

Once he's virtually inside the pump, which is dispensing a blue liquid into a plastic cup, he can alter the dosage, access private patient data and use it as a bridge to try to gain access into the rest of a hospital's IT network. Less than 10 minutes pass when a word adorns the pump's digital display in blood-red letters. "DEAD," it reads.

"Graham, you killed the patient," a concerned David Kleidermacher, chief security officer at BlackBerry Ltd., says to Murphy, one of the company's U.K.-based security specialists. A crowd, watching them in a hotel conference room in midtown New York City, bursts into laughter. "Sorry, Dave," Murphy jokingly replies.

No one, of course, died on that mid-July morning because no patient was being treated. The performance was, instead, a live hacking demonstration that Black-Berry staged at its annual security summit, where its top brass boast about their security offerings and pedigree in keynote speeches and product trials.

But the message the Waterloo, Ont.-based company sends is clear: A medical infusion pump, or other device, can be easily compromised while it's trying to provide lifesaving care for your patient, your child or your insuree at any hospital or home, and it's time to do something about it - with BlackBerry's help, of course.

BlackBerry is not exactly being altruistic. It has turned to its nascent software business to stabilize a corporate revenue figure that won't stop falling and it has said it plans to secure everything, not just mobile phones or tablets, but connected cars, fridges, infusion pumps and the like.

In the auto industry, for example, the company wants to station security researchers like Murphy, known in the industry as white-hat or ethical hackers, to test for vulnerabilities before a new car model ever hits the street.

Kleidermacher, who joined BlackBerry in February and has rarely spoken publicly, said it's not illegal for device manufacturers to claim their product's security is "the best thing ever" when it isn't.

"Can you imagine if it was legal for them to say that about safety? You can't do that," he said during an interview after the summit. "But in the security world, they could say that and it would be absolutely legal.

That infusion pump manufacturer can make that claim. This is a problem."

It's a problem that should worry patients, doctors and insurers alike, but getting them to care is a hurdle BlackBerry must clear to monetize the products it has spent years building.

If another company whose security platform has holes like Swiss cheese that intruders can exploit can make unsubstantiated claims without penalty, it creates distrust in all offerings since quality cannot be gauged. The lack of standard is among the reasons why most executives - excluding some of those in regulated industries - still perceive IT security as an avoidable expense rather than a prized asset.

"It's almost like the world doesn't believe that we can make things secure," Kleidermacher said in a keynote speech at the summit. "That the only thing we can do is patch, patch, patch. I reject that notion."

Among his tactics for selling BlackBerry's security solutions distribution is persuading countries, starting with the U.S., to make it illegal to produce shoddy IT security systems. "If it's a law that you have to use it, then they'll use it, they'll have to buy it," he said.

But he's not starting with cellphones, as you might expect BlackBerry to do. He's working with doctors to create a security standard for equipment that monitors and manages diabetes: glucose monitors, artificial pancreas technology and insulin pumps, which work and are constructed a lot like infusion pumps.

Kleidermacher imagines the standard - stamp, certificate or however they end up defining it - could be for security what UL is for product safety. UL, formerly known as Underwriters Laboratories, inspects, tests and certifies products in 113 countries and validates them with a specific mark of approval.

BlackBerry recently found out that it wasn't pursuing this endeavour alone. Kleidermacher was introduced a few months ago by a mutual friend to Dr. David Klonoff, an endocrinologist at Mills-Peninsula Health Services in San Mateo, California, which is less than an hour drive from Black-Berry's office in Pleasanton, California.

Klonoff was in the process of assembling a committee that would craft a cybersecurity standard for the machines his diabetes patients use daily. After a handful of meetings in Washington, D.C., and many emails and phone calls, the U.S. Food and Drug Administration pulled up a seat at the table to join what has been described as a "dream team," which includes the U.S. Department of Homeland Security, U.S. air force, Bayer AG, SanofiSA, other academics, engineers and, among others, BlackBerry.

He had also asked Black-Berry's rivals - "several big-name brands that everybody's heard of " - to join the committee, but the unnamed companies opted, for now, to sit on the sidelines. It surprised Klonoff.

"The standards are going to arrive no matter what," he said in a phone interview. "If you're a company, you can have a voice in the process, or you can wait for something to happen and react to it." He didn't know much about BlackBerry before, but now he's impressed by how serious it takes security.

Klonoff is the chair of the Diabetes Technology Society, a non-profit he founded in 2001 to promote and study the use of technology in the fight against diabetes, which 29.1 million Americans and two million Canadians were estimated to have had in 2014. The organization makes money mostly from grants and the fees people pay to attend the annual medical conferences it hosts. It recorded $1.5 million US in revenues in 2013 and spent well beyond that, according to forms filed with the Internal Revenue Service. Klonoff said his patients are afraid that the medical devices they rely on could be hijacked by hackers from anywhere in the world and at any time, stealing their data and tampering with their dosages. Indeed, the software could have already been breached without anyone knowing - not even the device's manufacturer.

The steering committee he formed had its first phone meeting in June and first in-person meeting in July. Klonoff is hopeful - almost certain - that when the standard is created, participating device manufacturers will start abiding by it, and that the FDA will eventually mandate it for all devices because it can be good policy, too.

"If you get the FDA involved, then there's a possibility that they're going to adopt it," he said. "The fact that they're at the table is a good sign." And it's an even better sign that the FDA was attracted to the project "without any lobbyist involvement," he said. He hopes Health Canada will soon pull up a chair as well.

A Health Canada spokeswoman said in an email the department has not been asked to join the U.S.-based diabetes technology project. She added that the Medical Device Regulation requires devices categorized as "higher-risk" such as pacemakers that contain software must "demonstrate their devices meet safety and effectiveness requirements." But cybersecurity is not specifically mentioned.

A spokeswoman for the FDA said in an email it was "actively monitoring the issue and working closely with stakeholders to ensure patient safety related to cybersecurity of medical devices." Klonoff can envision that whatever standard is written could eventually apply to other devices in medicine, but it's still early days. Kleidermacher has his sights set beyond the health care vertical.

For BlackBerry, which is in search of new ways to monetize its software, such a certificate could open the door to fresh sources of revenue by servicing the needs of a broader group of customers. And the company has taken a proactive approach to talk about what it can do, as well as help hold the pen that's writing the rules.

"There needs to be a standard by which you can evaluate the security of any device - whether it's a medical device or a car or anything - and really put it through its paces to a point where you can say, 'I believe this can be protected against Graham, who was hacking that pump and knows all the tricks of the trade,'" Kleidermacher said.





A view of the National Cybersecurity and Communications Integration Center in Arlington, Virginia in early 2015. BlackBerry is part of a group that is working to set security standards for medical devices that will help protect them against potential attacks by hackers. This is part of the Waterloo, Ontario, company's strategy to better monetize the software it has developed over the years as a cellphone developer.

[BACK-2-BLACK]

Which site is the most credible ??

dont know mate...the way articles, blogs, etc are pumped out nowadays, who really knows...

Even the so-called "reputable" media sites put out garbage and false info at times



To be taken with a large grain of salt....

[rarsen]

Yes always be careful as there are too frequently questionable self-serving Self-Appointed Experts with large financial or Ego implications promoting several Tools of Mass Distraction (or Destruction), which are contrary to the more noble and productive BB objectives.

[3MIKE]

dont know mate...the way articles, blogs, etc are pumped out nowadays, who really knows...

Even the so-called "reputable" media sites put out garbage and false info at times



To be taken with a large grain of salt....

Yours is closer to 100,00 $, I like it better ! By the way did someone rent the reception hall on the space station ? I did not know it was in the sky !! Lol

[Elite1]

[WARN]QUOTING LARGE ARTICLES
Please wrap [QUOTE] tags around quoted articles...

... Especially long ones![/WARN]

Otherwise we end up with huge redundant posts if someone replies to original post with it quoted.

On full site there's a [QUOTE] tag icon in the post editor box.

From mobile or CB10, just manually type in a [QUOTE] at start of article and a [/QUOTE] at the end. (Note that slash in the second one!)

Thanks!

[CDM76]

So...an existing phone in a new color... This is newsworthy? SP should really jump with this. \sarc. Focus, John.

Posted via CB10

Definitely not worth 4 news articles on Crackberry. Outside the CB community no one cares about a new colour Passport.

Posted via CB10

[bspence87]

Definitely not worth 4 news articles on Crackberry. Outside the CB community no one cares about a new colour Passport.

Posted via CB10

Exclusive rights man!
That's big for CrackBerry and Mobile Nations. Congratulations to them!

[rarsen]

OT from the Related Technologies files, aware that Apple has put a lot of expectations in the China Market. What happens eventually when the Chinese distrust of American suppliers increases ?:

​?Xiaomi, Huawei topple the iPhone in China | ZDNet

"... Xiaomi is once again the biggest seller of smartphones in China, after reclaiming the top spot from Apple.
... figures mean that a third of smartphones sold in China were made by either Xiaomi or Huawei.
Huawei is hot on Xiaomi's heels with a share of 15.7 percent for the quarter, leaving Apple in third spot. Samsung and Vivo were fourth and fifth, respectively.
The China smartphone market continues to mature, remaining stagnant quarter-on-quarter. Competition among major brands has never been so intense,"

[zyben]

Is the Future of BlackBerry in Secure IoT? Notes from BlackBerry Security Summit 2015

"Conclusion

So BlackBerry's acquisition plan appears to have gelled. It now has perhaps the best secure real time OS for smart devices, a hardened device-independent Mobile Device Management backbone, new data-centric privacy and rights management technology, remote certificate management, and multilayered emergency communications services that can be diffused into mission critical rules based M2M messaging. It's a powerful portfolio that makes strong sense in the Internet of Things.

BlackBerry says IoT is 'much more than device-to-device'. It's more important to be able to manage secure data being ejected from ubiquitous devices in enormous volumes, and to service those things - and their users - seamlessly. For BlackBerry, the Internet of Things is really all about the service."

https://www.constellationr.com/conte...ty-summit-2015

[BACK-2-BLACK]

.
OT


MobileIron Publishes New Research on Smartwatch Security

MobileIron Security Experts Presenting at BlackHat and DEF CON

MobileIron Publishes New Research on Smartwatch Security -- LAS VEGAS and MOUNTAIN VIEW, Calif., Aug. 4, 2015 /PRNewswire/ --

[zyben]

Citing safety and privacy concerns, Toyota refuses to offer CarPlay and Android Auto

Toyota Telenav GPS Scout Link | News, Features | Digital Trends

I don't know whether or not QNX will be involved, but I found this press release from a few years back:

TeleNav and QNX Team to Demonstrate Navigation and Search

[BACK-2-BLACK]

.
more on the UConnect hack...

NHTSA investigating Harman Kardon for software vulnerabilities

Chris Bruce

The National Highway Traffic Safety Administration is investigating infotainment units from Harman Kardon, which produces FCA's Uconnect, to determine if Harman Kardon systems used by other companies are also vulnerable to hackings. Researchers discovered a hole in the cellular connection to the Uconnect infotainment in a Jeep Cherokee. They were able to exploit it to gain access to the vehicle's brakes, radio, and other systems. In the wake of the hack, FCA pledged to send out 1.4 million USB drives to update the software. Politicians also attacked the automaker for not reporting the problem sooner, and NHTSA opened an investigation to find whether the fix worked.
INVESTIGATION Subject : Software security vulnerability

Date Investigation Opened: JUL 29, 2015
Date Investigation Closed: Open
NHTSA Action Number: EQ15005
Component(s): EQUIPMENT

All Products Associated with this Investigation
Equipment Brand Name Part No. or Model No.Production Dates
HARMAN KARDON R3R4 -

Details

Manufacturer: HARMAN INTERNATIONAL

SUMMARY:
On July 23, 2015, Fiat Chrysler Automobiles (FCA) submitted a safety recall report to NHTSA concerning a software security defect condition in approximately 1.4 million model year (MY) 2013 through 2015 vehicles equipped with Uconnect 8.4A (RA3) and 8.4AN (RA4) radios manufactured by Harman Kardon (Recall 15V-461). According to FCA, software security vulnerabilities in the recalled vehicles could allow unauthorized third-party access to, and manipulation of, networked vehicle control systems.

Unauthorized access or manipulation of the vehicle control systems could reduce the driver?s control of the vehicle increasing the risk of a crash with an attendant increased risk of injury to the driver, other vehicle occupants, and other vehicles and their occupants within proximity to the affected vehicle.

This EQ is being opened to obtain information from the supplier of Chrysler Uconnect units to determine the nature and extent of similarities in other infotainment products provided to other vehicle manufacturers. If sufficient similarities exist, the investigation will examine if there is cause for concern that security issues exist in other Harman Kardon products.

[BACK-2-BLACK]

State-Sponsored Hackers Targeting Mobile Devices, Former FBI Data Intercept Chief Says - The CIO Report - WSJ

State-Sponsored Hackers Targeting Mobile Devices, Former FBI Data Intercept Chief Says
Aug 4, 2015, 7:20 pm ET
By Steven Norton


State-sponsored hackers increasingly are launching attacks against mobile applications and operating systems as they look for new ways to infiltrate corporate networks and extract sensitive data, said Greg Kesner, the former head of the Federal Bureau of Investigation�s data intercept program.

�The mobile phone industry is certainly being attacked more heavily now in the U.S. environment,� said Mr. Kesner, who now works at security consultancy Larson Security LLC. New mobile operating systems from Apple Inc. and Google Inc.�s Android unit are prompting state-sponsored actors to take apart those new systems and write new code to infiltrate it.

�It�s probably now more useful to get onto somebody�s mobile phone than their laptop,� he said. It gives hackers not only access to corporate networks and applications, but also personal contact lists, text messages. As more financial transactions happen on phones, that information may be more vulnerable as well.

Managing mobile security has become more complicated for CIOs and security chiefs as threats rise, paired with the fact that users can pick up malware in coffee shops and other places with unsecure wireless networks, CIO Journal has reported. And mobile software is particularly prone to zero-day attacks, or exploits for which patches haven�t yet been created.

Anxiety over high-profile cyberattacks has prompted some companies to push mobile security tools for businesses. Communications firm Silent Circle said it would update its high-security Blackphone as it targets corporate customers. It uses high-level encryption and its own virtual network to keep messages and calls secure, the Journal reported. Other vendors, such as Lookout Inc., sell cloud software that uses machine learning and contextual analytics to protect mobile devices from malicious applications. BlackBerry Ltd., too, has reiterated its focus on corporate mobile security.

Still, there haven�t yet been enough resources directed toward protecting mobile devices, Mr. Kesner said. One potential reason could be that many major hacks haven�t been directly associated with mobile devices. �Until that happens � how we�re protecting mobile devices is not on the radar screen.�

Companies may put endpoint protection on mobile devices to protect corporate networks, but there are few if any tools that can provide robust intrusion detection, such as alerting a user if their phone�s microphone is turned on without their permission, Mr. Kesner said.

Write to [email protected]

[CDM76]

Exclusive rights man!
That's big for CrackBerry and Mobile Nations. Congratulations to them!

Exclusive rights ?!?!?!?

Posted via CB10

[3MIKE]

Since we're in the hacking subject, what do you guys make of this :


EXCLUSIVE: Edward Snowden Explains Why Apple Should Continue To Fight the Government on Encryption



https://firstlook.org/theintercept/2...nt-make-sense/

As the Obama administration*campaign*to stop the commercialization of strong encryption*heats up, National Security Agency whistleblower Edward Snowden is firing back on behalf of the companies like Apple and Google that are finding themselves under attack.

“Technologists and companies working to protect ordinary citizens should be applauded, not sued or prosecuted,” Snowden wrote in an email through his lawyer.

Snowden was asked by*The Intercept*to respond to the*contentious suggestion*—*made Thursday on a*blogthat frequently promotes the interests of the national security establishment — that companies like Apple and Google might in certain cases be found*legally*liable for providing material aid to a terrorist organization because they provide encryption services to their users.

In his email, Snowden explained how law enforcement*officials who are demanding that U.S. companies build some sort of window into unbreakable end-to-end encryption — he calls that an “insecurity mandate” — haven’t thought things through.

“The central problem with insecurity mandates has never been addressed by its proponents: if one government can demand access to private communications, all governments can,” Snowden wrote.

“No matter how good the reason, if the U.S. sets the precedent that Apple has to compromise the security of a customer in response to a piece of government paper, what can they do when the government is China and the customer is the Dalai Lama?”

Weakened encryption would only drive people away from the American technology industry, Snowden wrote. “Putting the most important driver of our economy in a position where they have to deal with the devil or lose access to international markets is public policy that makes us less competitive and less safe.”

Snowden*entrusted*his archive of secret documents revealing the NSA’s massive warrantless spying programs all over the world to journalists in 2013. Two of those journalists — Glenn Greenwald and Laura Poitras — are founding editors of*TheIntercept.

Among Snowden’s many revelations are the CIA’s*years-long*efforts to break Apple’s security systems, and American and British spy agencies’*theft*of a vast trove of private encryption keys. Snowden himself*taught*Greenwald the importance of using strong encryption to protect the materials.

FBI Director James Comey and others have repeatedly stated*that law enforcement is “going dark” when it comes to the ability to track bad actors’ communications because of end-to-end encrypted messages, which can only be deciphered by the sender and the receiver. They have never provided evidence for that, however, and have put forth*no technologically realistic alternative.

Meanwhile, Apple and Google are currently rolling out user-friendly end-to-end encryption for their customers, many of whom have demanded greater privacy protections — especially following Snowden’s disclosures.

Photo of Edward Snowden streaming through a remote-controlled robot at a 2014 TED conference in Vancouver.

--
Isn't that why BlackBerry is encountering resistance, but at the same time, it is used by top government officials for its security. Encryption seems like a double edge sword !

Don't get me wrong, I'm all for security and encryption.

[bspence87]

Exclusive rights ?!?!?!?

Posted via CB10

Yup, only available on ShopBB and CrackBerry.com. Not even Amazon.

[bspence87]

OT:

Take a look at this thread. I don't know how it happened, but hey! I like it!

http://forums.crackberry.com/showthread.php?t=1032243

[zyben]

BlackBerry unveils a quirky new smartphone

"Makers of this business-phone have made smart changes. With every enhancement, BlackBerry hit two birds with one stone: aesthetics and functionality."

BlackBerry unveils a quirky new smartphone - Aug. 4, 2015

[BanffMoose]

.
more on the UConnect hack...

Hmm, this made me want to check up on Harman International's continued use of QNX as their fundamental operating system. I found this article (emphasis mine). Looks like Harman is going to offer auto makers their own means of OTA updates soon. This may be a big problem for BlackBerry's Project Ion since Harman has been a major automotive OEM for a LONG TIME. I didn't check to see if Harman introduced QNX to the automakers first or QNX did it on their own.


QNX Ex-Owner Harman International Acquires Red Bend Software - On Target: Embedded Systems

01/22/2015
QNX Ex-Owner Harman International Acquires Red Bend Software

Harman International is best known as an audio electronics maker, owning numerous brand names targeting consumers and professionals, including AKG, Crown, dbx, Harman Kardon, Infinity, JBL, Lexicon, Mark Levinson, and Revel. As old-school �car stereos� have evolved in recent years into multifunction �infotainment systems,� Harman has also become a major player in automotive electronics.

On January 22, Harman announced its acquisition for $170 million of Red Bend Software, which is the leading provider of software and services for Firmware Over The Air (FOTA) updating for mobile devices and automobiles. (See press release here.) Harman simultaneously announced its acquisition of software services firm Symphony Teleca, although Red Bend has more interesting implications for IoT.

QNX
Back in 2004, Harman had acquired for $138 million QNX Software Systems, developer of the real-time operating system QNX Neutrino, as well as a number of other embedded software solutions which have since become especially popular in the automotive market. Fast forward to 2010 when Harman sold off QNX for $200 million to Research In Motion (RIM, since re-named Blackberry Limited for its line of mobile phones). At the time, Harman said about its sale of QNX, �This move allows Harman to continue its relationship with QNX and the advanced software solutions it provides to Harman and our customers. At the same time, this deal achieves value for all stakeholders and is an important step in a new strengthened relationship with RIM.�

Perhaps Harman�s sale of QNX was influenced by economic conditions during the Great Recession, but it leads us back to Harman�s acquisition of Red Bend, and it raises a few questions:

Would Harman have been able to leverage synergy between Red Bend and QNX in the automotive market if it had retained ownership of both? If not, why not? If so, might the value of such synergy have outweighed the gains realized by selling QNX?

What value does Harman now see in Red Bend that it no longer saw in QNX?

Considering that much of Red Bend�s current business is in the mobile phone industry, does Harman view Red Bend as a stepping stone into that market?

What would it take for Harman to believe that a potential future sale of Red Bend might �achieve value� for stakeholders and produce �a new strengthened relationship�?

We�ll leave these questions for readers to ponder for themselves

It could be that Harman's acquisition of Red Bend is for non-QNX firmware, given Harman's CEO's intent to go OS agnostic back in 2012. I don't know how many of you guys remembered this:


Excerpts of the Harman International Industries Inc HAR Q4 2012 Earnings Call Transcript

No Transcript Data

Dinesh C. Paliwal - Chairman, President and CEO: Not so much patents but it has to do with open source solutions. [B]We got out of QNX operating system, Ravi, a couple of years now. We want to be operating system agnostic, so we continue to use QNX as our fundamental operating system which we still believe, most robust from safety point of view, but we are now developing android-based infotainment, Linux, android, Microsoft, everything. So, we will have � and systems will not be unique to one operating system, the kernel could be one thing and apps could be written in something else. It's going to be a hybrid system which is what actually; (indiscernible) in Europe is sort of calling for and talking to more BMW and Audis who lead the space with us. They seem to be very comfortable with the strategy we have. So this little company we acquired, this will give us additional horsepower to expedite our engineering development work. In addition, we're also adding some 100 software engineering resources in Google, Android based competence right here in Midwest, in Ann Arbor, in Chicago area and lots of people from Google actually have left to join Harman.

Ravi Shanker - Morgan Stanley: Then just speaking of QNX, RIM is obviously having a few difficulties right now. Can you remind us again, how things stand between you and your ability to use QNX especially if RIM kind of licenses someone else or partners with someone else?

Dinesh C. Paliwal - Chairman, President and CEO: That's a great question for all other listeners. When we sold QNX to RIM, we took care of our shareholders interest, for next 20 years. We have access to the source code of QNX, no matter what change of hands happen, even if Company goes so south that no one can see, still we'll have access to it and frankly speaking, we have as much competence in QNX as RIM today, and we have excellent relationship. So, there's no issue of access to source and access to development for next 18, 20 years.

Ravi Shanker - Morgan Stanley: If things get really bad there, would you consider bringing it back in-house?

Dinesh C. Paliwal - Chairman, President and CEO: I don't know about that. We'll see. We'll see who goes after them first, we will see.