1. 1magine's Avatar
    They have a serious lack of respect for developers... this is probably their biggest problem these days...

    Posted via CB10
    They have always shown a serious lack of respect for developers. Sorry, but giving away Z10s to develop on does not make up for more than a decade and counting of throwing up roadblocks to serious developers. Furthermore, this shows some bit of dis-respect for it's dwindling ranks of end users. xsacha has a great deal more patience for this type of BS than do I. I would have retaliated on Christmas day with making all the exploits public to the full tech (blogging) world and let the story be told from the Financial Times to CNET.
    flyingsolid and MBrettH like this.
    12-22-14 09:38 AM
  2. 1magine's Avatar
    The only lack of respect for developers came from the guy who was handing out free codes for their paid apps without permission. And yes that's the OP. Sorry to break up everyone's praise fest but your poster child is far from innocent in this whole thing.

    Posted via CB10

    Well maybe we were all ill informed. Please point out when and where this was done. My brief research showed only free apps could be obtained not paid. Are you saying that the OP either opened the software up to obtain paid apps, or otherwise used the exploit to help people steal apps? Please be very clear with regard to your accusation, as xsacha is a real person who I would happily bring in to my firm to be advised with regard to locating an on-line user who has defamed him, or in the alternative happily withdraw my support for someone you claim is a common thief.
    zephyr613 and moody like this.
    12-22-14 09:52 AM
  3. Easypants's Avatar
    I don't know anything about developing, security, Sarah, or how BlackBerry security folks work. I also have no reason to doubt the veracity of anything Sacha says.

    ...That said....

    I'm sure BlackBerry has another take on this story. Probably best not to join the chorus here and just wait to see what happens in time.

    Posted via CB10
    12-22-14 09:54 AM
  4. blackmoe's Avatar
    Well maybe we were all ill informed. Please point out when and where this was done. My brief research showed only free apps could be obtained not paid. Are you saying that the OP either opened the software up to obtain paid apps, or otherwise used the exploit to help people steal apps?
    Read the entire thread. One dev posted here that his paid app was exploited this way although he did say he didn't personally care.
    ray689 likes this.
    12-22-14 10:03 AM
  5. 1magine's Avatar
    Read the entire thread. One dev posted here that his paid app was exploited this way although he did say he didn't personally care.

    NO - you need to read more carefully. The individual I quoted said Sacha was responsible for stealing paid apps by giving codes away. Sacha, to the best of my knowledge never gave fake codes away or told anyone to use fake codes. I'm sorry but if I went up to a bank guard and say hey that armored car is open and unguarded and he walks away saying don't worry about it, and I turn to you and say, "can you believe it they left that car unguarded and open and when I told the bank they just walked away?" and you run over and grab money and run - you are a thief. I've done nothing wrong. For anyone especially the bank or the owner of the money who trusted the bank to call me a thief is dishonest and shameful.
    12-22-14 10:09 AM
  6. lawguyman's Avatar
    This thread is about fixing exploits. Let's not shoot the messenger. How does one test to see whether there is an exploit other than by exploiting it?

    You can be sure that people whose motives are not as pure as Sacha's are are using these exploits for their own benefit.




    Posted via CB10
    Uzi, kbz1960, zephyr613 and 7 others like this.
    12-22-14 10:17 AM
  7. mainely_linux's Avatar
    You can be sure that people whose motives are not as pure as Sacha's are are using these exploits for their own benefit.
    All the while not saying a word to anyone. Sacha has been trying to get BB to address some of these exploits since 2010 at a Blackberry Jam.
    kbz1960, Soul_Est, moody and 1 others like this.
    12-22-14 10:30 AM
  8. baarn's Avatar
    Depends on the terms of the NDA.
    ...
    As you say, a lawyer would be able to give a better picture.
    Exactly. Signing such an agreement without understanding all its implications would just be making a rod for his own back.
    They would have additional legal leverage against him. Everything he would disclose after it could be later claimed as an infraction depending on wording.
    They could use it as a litigation tool. Even if he is clean he will have to have the resources to defend.
    12-22-14 11:03 AM
  9. baarn's Avatar
    I've had to sign NDA for everything from Retail to restaurants and hotels.
    My understanding is that xsacha doesn't work for BlackBerry. So why would he want to sign one just to volunteer his help?

    It's an attempt at a gagging order, pure and simple.
    12-22-14 11:05 AM
  10. kfh227's Avatar
    It seems that the company that specializes in security is not taking security as seriously as it should.

    Posted via CB10
    It is within reason to restrict information regarding patches being made while the fixes are in development. That's what he NDA is about.

    BBRY doesn't have a bug reporting bounty available?
    12-22-14 11:14 AM
  11. rocker_man1's Avatar
    I hope the app shows up somewhere soon i had just become aware of it. Hope this all gets worked out soon.

    Posted via CB10
    12-22-14 11:26 AM
  12. Dunt Dunt Dunt's Avatar
    I don't know anything about developing, security, Sarah, or how BlackBerry security folks work. I also have no reason to doubt the veracity of anything Sacha says.

    ...That said....

    I'm sure BlackBerry has another take on this story. Probably best not to join the chorus here and just wait to see what happens in time.

    Posted via CB10
    Yes there are always two sides to a story....

    But if you have a security hole in your software, you don't take this long to fix it. And you don't treat a Developer that is trying to work with you like this.... it's not like they have thousands of them out there to deal with. Of the problem is... who do they have to deal with developers?
    Soul_Est likes this.
    12-22-14 11:38 AM
  13. bhrgvr's Avatar
    This is really a shame that BlackBerry will want t hide facts...
    12-22-14 11:58 AM
  14. MrGlenn's Avatar
    These two look like they were fixed today. I haven't had any contact though.
    Let's just hope it wasn't like that, and they just happened to finish these fixes today by coincidence.
    I hope they have, or will, change some of their methods for handling these issues, maybe these fixes are a first sign of something improving..?

    BlackBerry Passport signed @ C0007CC89
    12-22-14 12:25 PM
  15. BBZ10wannabe's Avatar
    You do some great work and I'm sure BlackBerry would love to continue to rely on your expertise. You shouldn't be afraid of an NDA before at least reading it.

    NDA's can take many forms. In the tech world they often say things like You cannot share information that we share with you, and we will not tell others outside BlackBerry what you share with us. This does not usually prevent you from disclosing matters that are already or become in the public domain. Theirs might be more limiting. You must read the fine print. If they've closed a hole they may want you to try and breach it again but they don't want you telling everybody about it. From a business perspective, it makes sense. They've removed your app. Right now, you are a helpful pain in the ****. Hopefully you can come to terms satisfactory to both sides. Sometimes you can make counter proposals regarding the terms of the NDA. eg. It might say you can't disclose for 3 years from when BlackBerry disclosed it to you. You can tweak it to say "unless it falls into the public domain" but you have to ask yourself which is more helpful. Whom are you trying to serve? Perhaps if they don't close a hole within a specified period of time you can then disclose it to protect users but first they need a chance to close it. If they simply muzzle you, you are not forcing the company to be better. Someone higher up at BB should understand that.

    I hope you find a compromise that works for both you and BlackBerry. First I suggest you read the NDA.
    thedose, MiSsY_ and PatrickMJS like this.
    12-22-14 12:39 PM
  16. thedose's Avatar
    Agreed!

    Xsacha, you should read the NDA and begin negotiations with Blackberry, see exactly what they are offering and why they put your funds on hold.

    If their reasons and motives are ridiculous, then you could look at potentially going public with the media or whatever other sources, but I honestly think you should find out what they want before taking any drastic measures.

    Best of luck, and thanks again for your many contributions!

    Posted via CB10
    BBZ10wannabe likes this.
    12-22-14 12:48 PM
  17. Deckard79's Avatar
    Wow.

    Just wow.

    This needs to 'go public' and needs to be written about on the big sites.

    I'm a BlackBerry supporter but quite frankly this stinks, and I'll not buy another BlackBerry product until we have strong assurances from independent sources advising that these security holes are properly plugged.

    Xsacha - I've always admired the work you have done and your professional approach. I hope there's some way you can help to make them see the error in their ways and change their approach hereon.

    Posted via CB10
    Ealaionta, Soul_Est and Gerii like this.
    12-22-14 12:56 PM
  18. Deckard79's Avatar
    Incidentally, I've read from ethical hackers who have said the exact same thing about BlackBerry - they've tried to report their findings through the correct procedures only to be hit with legal paperwork and threats.

    Having never previously witnessed this first hand, I was on the fence as to whether that was true... well, this experience does sound similar.

    Posted via CB10
    Soul_Est and MBrettH like this.
    12-22-14 01:22 PM
  19. rajeevluv's Avatar
    All goods are bit by either vague system or individuals or forms approached ...

    I am opined to be optimitic... Xsacha shall win over all odds...

    Sent from my Q10 using Tapatalk
    12-22-14 01:25 PM
  20. gvs1341's Avatar
    Sacha has been trying to get BB to address some of these exploits since 2010 at a Blackberry Jam.
    That's really some news. Are the ^^^ vulnerabilities still unfixed?

    @ xsacha:
    Firstly a big Thanks for all your work.

    Does the list of ten severe ones still has any/ some of the exploits which are referred to in the above post?

    CB10 @ Q5
    12-22-14 01:28 PM
  21. castano22's Avatar
    And yet BlackBerry is trying to get developers to developers for them. This is why I loved the Android dev community. If something was up Google would usually be upfront about it and fix it with the help of the dev community. That's why Android is so big, developers made it possible.

    Really hope BlackBerry is taking these security exploits seriously and be fixed on the 10.3.1 release for all devices. If not and news site get a hold of something like this they will have a field day with BlackBerry for months.

    Posted via CB10
    Deckard79 and app_Developer like this.
    12-22-14 01:39 PM
  22. Deckard79's Avatar
    And yet BlackBerry is trying to get developers to developers for them. This is why I loved the Android dev community. If something was up Google would usually be upfront about it and fix it with the help of the dev community. That's why Android is so big, developers made it possible.

    Really hope BlackBerry is taking these security exploits seriously and be fixed on the 10.3.1 release for all devices. If not and news site get a hold of something like this they will have a field day with BlackBerry for months.

    Posted via CB10
    If it takes media having a field day with this for BlackBerry to deal with it correctly, then I'm for that.

    Posted via CB10
    12-22-14 01:43 PM
  23. D3C0D3R's Avatar
    And yet BlackBerry is trying to get developers to developers for them. This is why I loved the Android dev community. If something was up Google would usually be upfront about it and fix it with the help of the dev community. That's why Android is so big, developers made it possible.

    Really hope BlackBerry is taking these security exploits seriously and be fixed on the 10.3.1 release for all devices. If not and news site get a hold of something like this they will have a field day with BlackBerry for months.

    Posted via CB10
    Exactly! Like if it were features or lack-there-of, i can sort of understand why it'd take them this long, though it'd seriously peeve me off more than the peevish crew understands, but security holes?!

    Those are something that BlackBerry should be taking way more seriously if they want to continue to pride themselves on their 'security'.

    Praise be unto our Lord Squircle | Passport SQW100-1/10.3.0.1418
    12-22-14 01:46 PM
  24. zephyr613's Avatar
    And just to add insult to injury and yet another scenario where users are no longer being listened to...

    http://forums.crackberry.com/general...morrow-985134/
    (For some reason the above thread was closed and pointed to the next thread below)

    http://forums.crackberry.com/general...g-down-985133/

    I received an email about "icanmakeitbetter" shutting down effective tomorrow (12/23) but the posting above says it all.

    Didn't want to derail the thread with this but did want to let us know here on CB that yet another door directly to BlackBerry will be shuttered.

    EDIT: The site is already down, so much for the 12/23 date:

    https://blackberry.icanmakeitbetter.com/
    Soul_Est and flyingsolid like this.
    12-22-14 01:49 PM
  25. Deckard79's Avatar
    And just to add insult to injury and yet another scenario where users are no longer being listened to...

    http://forums.crackberry.com/general...morrow-985134/
    (For some reason the above thread was closed and pointed to the next thread below)

    http://forums.crackberry.com/general...g-down-985133/

    I received an email about "icanmakeitbetter" shutting down effective tomorrow (12/23) but the posting above says it all.

    Didn't want to derail the thread with this but did want to let us know here on CB that yet another door directly to BlackBerry will be shuttered.
    I like how the other recommended channels largely constitute brick walls.

    Posted via CB10
    zephyr613 likes this.
    12-22-14 01:52 PM
227 ... 23456 ...

Similar Threads

  1. Replies: 28
    Last Post: 03-08-15, 12:28 PM
  2. Replies: 5
    Last Post: 01-03-15, 03:54 PM
  3. Is there a BlackBerry 9981 hybrid?
    By CrackBerry Question in forum Ask a Question
    Replies: 1
    Last Post: 12-24-14, 09:38 PM
  4. Why is a suitable charge for my BlackBerry Z10?
    By simplykartik07 in forum Ask a Question
    Replies: 6
    Last Post: 12-22-14, 10:14 PM
  5. Gta 3 or vice city for blackberry Q10?
    By Gabriel Bohorquez in forum BlackBerry 10 Games
    Replies: 1
    Last Post: 12-22-14, 10:55 AM
LINK TO POST COPIED TO CLIPBOARD