[BBFunGuy]

Yes, if we see something we don't have, we should deffo want it. Stands to reason.

[anon(6038817)]

I want security for the average user, and apparently Apple is winning that game.
Sent from my Lumia 822

[Richard Buckley]

When using BBM Protected without BES, there's no key management by users, too, isn't it?
Even without key management, end-to-end encryption would be a huge step forwared compared to the scrampling thing BBM provides at the moment.

BBM on BB10 is encrypted using TLS on the bearer channel between the handheld and the BlackBerry Network Operation Centre.

Protected is an enterprise product, so it is not available without BES

http://www.google.ca/url?q=http://ca...TJVWxD8HvtYVmQ

Edit: and I just have to add that I see a lot of complaints on Crackberry about how reporters, pundits, and sales people don't know about the new BlackBerry. But sometimes we are our own worst enemies. Continuing to talk about the cipher used on BBOS versions of BBM as if that is all there is. BB10 has always used TLS. If people here, who want to discuss how secure or not BlackBerry it today don't know that, then we can't really expect any one else to know BlackBerry makes anything more advanced than a 9900, can we.

Z10STL100-3/10.3.1.2072

[Maxxxpower]

BBM on BB10 is encrypted using TLS on the bearer channel between the handheld and the BlackBerry Network Operation Centre.

So, Blackberry, governments and agencies can access all the data... Therefore it is insecure.

Protected is an enterprise product, so it is not available without BES

It doesn't need BES on Android or iOS
http://m.crackberry.com/blackberrys-...ected-and-more

[Richard Buckley]

So, Blackberry, governments and agencies can access all the data... Therefore it is insecure.


It doesn't need BES on Android or iOS
http://m.crackberry.com/blackberrys-...ected-and-more

As is iMessage because the key management allows it.

If you aren't going for read the references you use in your own arguments is there any point in continuing to debate you? Take some time, read real cryptographers' and security experts articles on the products you want to discuss so you know what you are talking about, then post something meaningful. If you want to discuss the real security problems BlackBerry has, like FREAK, and what the impact on users may be, and what they can or should do while waiting for the patch then I'm in. That is the purpose of this thread after all.

BlackBerry's further enhancing their enterprise standing with the release of cross-platform new management and productivity tools for BlackBerry, iPhone, and Android. The Secure Productivity bundle for businesses using BlackBerry Enterprise Service (BES10 or BES12) and offers support for using a device as a two-factor VPN authentication token, BBM Protected for secure and encrypted messaging, BlackBerry Blend, and enhanced customer support.

Z10STL100-3/10.3.1.2072

[Maxxxpower]

As is iMessage because the key management allows it.

You'll never get 100% security or a solution that has no disadvantages or potential holes. Doesn't change the fact that a solution comparable to iMessage would be a huge boost in security compared to the ridiculous scrambling BBM uses. Apple could in theory be forced to change or reveal keys customers are using. Whereas it is a fact that a) Blackberry granted various governments/agencies access to BBM b) at least the Five Eyes can decrypt it. You get the difference between theory and practice?

If you aren't going for read the references you use in your own arguments is there any point in continuing to debate you?

LOL. No need for you to get arrogant as I already revealed that you're spreading false "facts".

[dwisetyoaji]

My browser says it's vulnerable.
Z3STJ100-1/10.3.1.2243
Posted from CB10 with BlackBerry Z3

[huungryshark]

Mine, too

10.2.2 with 10.3.0 Browser

Z10 LE 10.2.2.1609

[kbz1960]

Everyone's will until bb sends a fix.

[oystersourced]

It was sad to read a news article on the BBC stating the only browser still vulnerable was BlackBerry 10.

It did provide the caveat for Android users that it could depend on manufacturer releases but the main point was Google, Apple and Microsoft have already released patches for the security issue and BlackBerry hasn't.

Posted via CB10

[anon(6038817)]

It was sad to read a news article on the BBC stating the only browser still vulnerable was BlackBerry 10.

It did provide the caveat for Android users that it could depend on manufacturer releases but the main point was Google, Apple and Microsoft have already released patches for the security issue and BlackBerry hasn't.

Posted via CB10

Windows Phone 8.1 and older are also still vulnerable. Microsoft patched their desktop versions of Windows, but not their mobile.

[dvarnai]

As much as we know it might have been fixed already. It's not like BlackBerry can directly push updates... stop blaming this on BlackBerry. Also, apple can decrypt imessage. Do you think they don't? If you know BlackBerry shared the keys, does that make it any different? Apple has shared it as well for sure, you just haven't heard about it. Enjoy your false sense of security.

BlackBerry Q10 SQN100-3

[dvarnai]

Btw freakattack.com says:

"Additionally, you can see what cipher suites your TLS library offers by loading this page. (If the list includes any EXPORT ciphers, your software is vulnerable.)"

It doesn't say any. Yet it says I'm vulnerable... wonder why then

Url for anyone wondering: https://freakattack.com/clienttest.html

BlackBerry Q10 SQN100-3

[Deckard79]

As much as we know it might have been fixed already. It's not like BlackBerry can directly push updates... stop blaming this on BlackBerry. Also, apple can decrypt imessage. Do you think they don't? If you know BlackBerry shared the keys, does that make it any different? Apple has shared it as well for sure, you just haven't heard about it. Enjoy your false sense of security.

BlackBerry Q10 SQN100-3

Hold on... the FIRST thing BlackBerry plug publicly and boast about over competitors is security. If they can't push a critical security fix within the timescale of their competitors due to software and/or procedural issues, that doesn't stack up with their own marketing and they are to blame. Who else would be?

Posted via CB10

[kbz1960]

As much as we know it might have been fixed already. It's not like BlackBerry can directly push updates... stop blaming this on BlackBerry. Also, apple can decrypt imessage. Do you think they don't? If you know BlackBerry shared the keys, does that make it any different? Apple has shared it as well for sure, you just haven't heard about it. Enjoy your false sense of security.

BlackBerry Q10 SQN100-3

No blackberry has not. Some say it's fixed in some test OS they have but no one has that OS yet unless you work for them.

[dvarnai]

No blackberry has not. Some say it's fixed in some test OS they have but no one has that OS yet unless you work for them.

there's a guy on the forums who has it already, the guy who always gets it a few days before updates, he said it was fixed in his 25xx release. Also, they can't push updates, that's carrier's fault... Also how about the freak site saying it's vulnerable yet blackberry browser doesn't report the cipher that's supposed to be vulnerable...

BlackBerry Q10 SQN100-3

[Deckard79]

Also, they can't push updates, that's carrier's fault...

Why is that the carrier's fault?

Posted via CB10

[dvarnai]

Why is that the carrier's fault?


Posted via CB10

I kinda doubt blackberry begs to them not to let them push updates...?

BlackBerry Q10 SQN100-3

[Deckard79]

I kinda doubt blackberry begs to them not to let them push updates...?

BlackBerry Q10 SQN100-3

BlackBerry could implement their own OTA updates without a reliance upon carriers (like other manufacturers and platforms), no?

They haven't, though. Which is a mistake for a company focusing on security as its prime concern.

Posted via CB10

[dvarnai]

BlackBerry could implement their own OTA updates without a reliance upon carriers (like other manufacturers and platforms), no?

They haven't, though. Which is a mistake for a company focusing on security as its prime concern.

Posted via CB10

What... none of the manufacturers can push updates except apple... even BlackBerry pushes updates to non carrier devices

BlackBerry Q10 SQN100-3

[kbz1960]

there's a guy on the forums who has it already, the guy who always gets it a few days before updates, he said it was fixed in his 25xx release. Also, they can't push updates, that's carrier's fault... Also how about the freak site saying it's vulnerable yet blackberry browser doesn't report the cipher that's supposed to be vulnerable...

BlackBerry Q10 SQN100-3

It doesn't matter. Other platforms have got fixes to users. Why is blackberry so slow in doing so? I know, because everyone hates them and holds them back, not.

[dvarnai]

It doesn't matter. Other platforms have got fixes to users. Why is blackberry so slow in doing so? I know, because everyone hates them and holds them back, not.

Can you please show me the vulnerable cipher? The freak attack site does not show any export ciphers.

Or you'll blindly trust a website saying your browser is vulnerable yet if you read their manual way of checking whether you are vulnerable will tell you you are not, as the cipher that's vulnerable is not even on the list of the ones on your blackberry

BlackBerry Q10 SQN100-3

[Deckard79]

What... none of the manufacturers can push updates except apple... even BlackBerry pushes updates to non carrier devices

BlackBerry Q10 SQN100-3

Untrue - other manufacturers release updates handled by their own servers OTA. Nexus Devices. And Apple do it as you mentioned.

Additionally, updates could be available for download from the BlackBerry site (but aren't) or over BBW for Browser security issues (but aren't).

So, why? And whose fault is it?

Posted via CB10

[Maxxxpower]

So, why? And whose fault is it?

I guess this is a rhetorical question

[Deckard79]

I guess this is a rhetorical question

Posted via CB10