08-18-15 10:10 AM
132 12345 ...
tools
  1. BBFunGuy's Avatar
    Yes, if we see something we don't have, we should deffo want it. Stands to reason.
    03-11-15 05:41 PM
  2. anon(6038817)'s Avatar
    I want security for the average user, and apparently Apple is winning that game.
    Sent from my Lumia 822
    techvisor likes this.
    03-11-15 06:58 PM
  3. Richard Buckley's Avatar
    When using BBM Protected without BES, there's no key management by users, too, isn't it?
    Even without key management, end-to-end encryption would be a huge step forwared compared to the scrampling thing BBM provides at the moment.
    BBM on BB10 is encrypted using TLS on the bearer channel between the handheld and the BlackBerry Network Operation Centre.

    Protected is an enterprise product, so it is not available without BES

    http://www.google.ca/url?q=http://ca...TJVWxD8HvtYVmQ

    Edit: and I just have to add that I see a lot of complaints on Crackberry about how reporters, pundits, and sales people don't know about the new BlackBerry. But sometimes we are our own worst enemies. Continuing to talk about the cipher used on BBOS versions of BBM as if that is all there is. BB10 has always used TLS. If people here, who want to discuss how secure or not BlackBerry it today don't know that, then we can't really expect any one else to know BlackBerry makes anything more advanced than a 9900, can we.

    Z10STL100-3/10.3.1.2072
    Last edited by Richard Buckley; 03-11-15 at 09:10 PM.
    03-11-15 07:35 PM
  4. Maxxxpower's Avatar
    BBM on BB10 is encrypted using TLS on the bearer channel between the handheld and the BlackBerry Network Operation Centre.
    So, Blackberry, governments and agencies can access all the data... Therefore it is insecure.

    Protected is an enterprise product, so it is not available without BES
    It doesn't need BES on Android or iOS
    http://m.crackberry.com/blackberrys-...ected-and-more
    CubeDweller likes this.
    03-12-15 03:08 AM
  5. Richard Buckley's Avatar
    So, Blackberry, governments and agencies can access all the data... Therefore it is insecure.


    It doesn't need BES on Android or iOS
    http://m.crackberry.com/blackberrys-...ected-and-more
    As is iMessage because the key management allows it.

    If you aren't going for read the references you use in your own arguments is there any point in continuing to debate you? Take some time, read real cryptographers' and security experts articles on the products you want to discuss so you know what you are talking about, then post something meaningful. If you want to discuss the real security problems BlackBerry has, like FREAK, and what the impact on users may be, and what they can or should do while waiting for the patch then I'm in. That is the purpose of this thread after all.

    BlackBerry's further enhancing their enterprise standing with the release of cross-platform new management and productivity tools for BlackBerry, iPhone, and Android. The Secure Productivity bundle for businesses using BlackBerry Enterprise Service (BES10 or BES12) and offers support for using a device as a two-factor VPN authentication token, BBM Protected for secure and encrypted messaging, BlackBerry Blend, and enhanced customer support.


    Z10STL100-3/10.3.1.2072
    der_mit likes this.
    03-12-15 04:29 AM
  6. Maxxxpower's Avatar
    As is iMessage because the key management allows it.
    You'll never get 100% security or a solution that has no disadvantages or potential holes. Doesn't change the fact that a solution comparable to iMessage would be a huge boost in security compared to the ridiculous scrambling BBM uses. Apple could in theory be forced to change or reveal keys customers are using. Whereas it is a fact that a) Blackberry granted various governments/agencies access to BBM b) at least the Five Eyes can decrypt it. You get the difference between theory and practice?

    If you aren't going for read the references you use in your own arguments is there any point in continuing to debate you?
    LOL. No need for you to get arrogant as I already revealed that you're spreading false "facts".
    Last edited by Maxxxpower; 03-12-15 at 04:56 AM.
    techvisor likes this.
    03-12-15 04:42 AM
  7. dwisetyoaji's Avatar
    My browser says it's vulnerable.
    Z3STJ100-1/10.3.1.2243
    Posted from CB10 with BlackBerry Z3
    03-12-15 05:02 AM
  8. huungryshark's Avatar
    Mine, too

    10.2.2 with 10.3.0 Browser

    Z10 LE 10.2.2.1609
    03-12-15 07:28 AM
  9. kbz1960's Avatar
    Everyone's will until bb sends a fix.
    techvisor likes this.
    03-12-15 07:38 AM
  10. oystersourced's Avatar
    It was sad to read a news article on the BBC stating the only browser still vulnerable was BlackBerry 10.

    It did provide the caveat for Android users that it could depend on manufacturer releases but the main point was Google, Apple and Microsoft have already released patches for the security issue and BlackBerry hasn't.

    Posted via CB10
    techvisor likes this.
    03-12-15 08:07 AM
  11. anon(6038817)'s Avatar
    It was sad to read a news article on the BBC stating the only browser still vulnerable was BlackBerry 10.

    It did provide the caveat for Android users that it could depend on manufacturer releases but the main point was Google, Apple and Microsoft have already released patches for the security issue and BlackBerry hasn't.

    Posted via CB10

    Windows Phone 8.1 and older are also still vulnerable. Microsoft patched their desktop versions of Windows, but not their mobile.
    03-12-15 08:14 AM
  12. dvarnai's Avatar
    As much as we know it might have been fixed already. It's not like BlackBerry can directly push updates... stop blaming this on BlackBerry. Also, apple can decrypt imessage. Do you think they don't? If you know BlackBerry shared the keys, does that make it any different? Apple has shared it as well for sure, you just haven't heard about it. Enjoy your false sense of security.

    BlackBerry Q10 SQN100-3
    Richard Buckley likes this.
    03-12-15 08:23 AM
  13. dvarnai's Avatar
    Btw freakattack.com says:

    "Additionally, you can see what cipher suites your TLS library offers by loading this page. (If the list includes any EXPORT ciphers, your software is vulnerable.)"

    It doesn't say any. Yet it says I'm vulnerable... wonder why then

    Url for anyone wondering: https://freakattack.com/clienttest.html

    BlackBerry Q10 SQN100-3
    03-12-15 08:27 AM
  14. Deckard79's Avatar
    As much as we know it might have been fixed already. It's not like BlackBerry can directly push updates... stop blaming this on BlackBerry. Also, apple can decrypt imessage. Do you think they don't? If you know BlackBerry shared the keys, does that make it any different? Apple has shared it as well for sure, you just haven't heard about it. Enjoy your false sense of security.

    BlackBerry Q10 SQN100-3
    Hold on... the FIRST thing BlackBerry plug publicly and boast about over competitors is security. If they can't push a critical security fix within the timescale of their competitors due to software and/or procedural issues, that doesn't stack up with their own marketing and they are to blame. Who else would be?

    Posted via CB10
    techvisor likes this.
    03-12-15 08:28 AM
  15. kbz1960's Avatar
    As much as we know it might have been fixed already. It's not like BlackBerry can directly push updates... stop blaming this on BlackBerry. Also, apple can decrypt imessage. Do you think they don't? If you know BlackBerry shared the keys, does that make it any different? Apple has shared it as well for sure, you just haven't heard about it. Enjoy your false sense of security.

    BlackBerry Q10 SQN100-3
    No blackberry has not. Some say it's fixed in some test OS they have but no one has that OS yet unless you work for them.
    03-12-15 08:29 AM
  16. dvarnai's Avatar
    No blackberry has not. Some say it's fixed in some test OS they have but no one has that OS yet unless you work for them.
    there's a guy on the forums who has it already, the guy who always gets it a few days before updates, he said it was fixed in his 25xx release. Also, they can't push updates, that's carrier's fault... Also how about the freak site saying it's vulnerable yet blackberry browser doesn't report the cipher that's supposed to be vulnerable...

    BlackBerry Q10 SQN100-3
    03-12-15 08:36 AM
  17. Deckard79's Avatar
    Also, they can't push updates, that's carrier's fault...
    Why is that the carrier's fault?

    Posted via CB10
    03-12-15 08:39 AM
  18. dvarnai's Avatar
    Why is that the carrier's fault?


    Posted via CB10
    I kinda doubt blackberry begs to them not to let them push updates...?

    BlackBerry Q10 SQN100-3
    03-12-15 08:40 AM
  19. Deckard79's Avatar
    I kinda doubt blackberry begs to them not to let them push updates...?

    BlackBerry Q10 SQN100-3
    BlackBerry could implement their own OTA updates without a reliance upon carriers (like other manufacturers and platforms), no?

    They haven't, though. Which is a mistake for a company focusing on security as its prime concern.

    Posted via CB10
    03-12-15 08:42 AM
  20. dvarnai's Avatar
    BlackBerry could implement their own OTA updates without a reliance upon carriers (like other manufacturers and platforms), no?

    They haven't, though. Which is a mistake for a company focusing on security as its prime concern.

    Posted via CB10
    What... none of the manufacturers can push updates except apple... even BlackBerry pushes updates to non carrier devices

    BlackBerry Q10 SQN100-3
    03-12-15 08:43 AM
  21. kbz1960's Avatar
    there's a guy on the forums who has it already, the guy who always gets it a few days before updates, he said it was fixed in his 25xx release. Also, they can't push updates, that's carrier's fault... Also how about the freak site saying it's vulnerable yet blackberry browser doesn't report the cipher that's supposed to be vulnerable...

    BlackBerry Q10 SQN100-3
    It doesn't matter. Other platforms have got fixes to users. Why is blackberry so slow in doing so? I know, because everyone hates them and holds them back, not.
    techvisor likes this.
    03-12-15 08:44 AM
  22. dvarnai's Avatar
    It doesn't matter. Other platforms have got fixes to users. Why is blackberry so slow in doing so? I know, because everyone hates them and holds them back, not.
    Can you please show me the vulnerable cipher? The freak attack site does not show any export ciphers.

    Or you'll blindly trust a website saying your browser is vulnerable yet if you read their manual way of checking whether you are vulnerable will tell you you are not, as the cipher that's vulnerable is not even on the list of the ones on your blackberry

    BlackBerry Q10 SQN100-3
    03-12-15 08:47 AM
  23. Deckard79's Avatar
    What... none of the manufacturers can push updates except apple... even BlackBerry pushes updates to non carrier devices

    BlackBerry Q10 SQN100-3
    Untrue - other manufacturers release updates handled by their own servers OTA. Nexus Devices. And Apple do it as you mentioned.

    Additionally, updates could be available for download from the BlackBerry site (but aren't) or over BBW for Browser security issues (but aren't).

    So, why? And whose fault is it?

    Posted via CB10
    03-12-15 08:48 AM
  24. Maxxxpower's Avatar
    So, why? And whose fault is it?
    I guess this is a rhetorical question
    Deckard79 likes this.
    03-12-15 08:51 AM
  25. Deckard79's Avatar
    I guess this is a rhetorical question


    Posted via CB10
    03-12-15 08:52 AM
132 12345 ...

Similar Threads

  1. Replies: 2
    Last Post: 04-03-15, 11:01 PM
  2. Replies: 14
    Last Post: 03-04-15, 12:10 PM
  3. Replies: 1
    Last Post: 03-04-15, 05:27 AM
  4. Passport to Knowledge
    By paxtonbt in forum BlackBerry Passport
    Replies: 0
    Last Post: 03-04-15, 03:09 AM
  5. How to do group texting for Blackberry 9900?
    By CrackBerry Question in forum Ask a Question
    Replies: 0
    Last Post: 03-04-15, 02:44 AM
LINK TO POST COPIED TO CLIPBOARD