[KAM1138]

You are misinterpreting my tone. I'm all sunshine and lollipops.

Great--I appreciate cheer.
What I'm saying is that what I posted was acknowledging that the Mobile Device isn't (That is has not been) the issue (so I read--maybe you were the one who posted it), and saying effectively "Right?"

So, I'm not sure what the "challenge" talk is about.

[conite]

Great--I appreciate cheer.
What I'm saying is that what I posted was acknowledging that the Mobile Device isn't (That is has not been) the issue (so I read--maybe you were the one who posted it), and saying effectively "Right?"

So, I'm not sure what the "challenge" talk is about.

Your assumption was correct.

The "challenge" was just a figure of speech meant to convey that such a breach has never been reported.

[Chuck Finley69]

Around 2012 or 13 a friend of mine worked in securities and had to carry BBOS phone around with him. If he would've told his boss he wanted an iPhone, his boss would've said then quit your job.

I can't understand how there is no market for any devices that are locked down.



Posted via CB10

What you say about the securities industry was true. I carried a BBOS device until 2013 because it's all that was allowed back then unless your company offered a secured Android/IOS corporate device.

The BYOD movement and customer expectations moved the industry to adopt secure MDM and EMM solutions. When people say BlackBerry makes secure devices, I think of the old BBOS using BIS or BES that I used starting around end of 2000 or beginning of 2001 for email that evolved to my first BlackBerry phone around end of 2004 or beginning of 2005.

When I got my first BB10 device, I noticed the email setup and protocol, it seemed more like Android/IOS/Windows devices email setup and protocol.

From that point, I realized that security was not the same between the old BBOS and the new BB10 for email and probably other aspects of the ecosystem.

The industry regulators have required hardened security for the known entry points of the technology solutions used. Android/IOS/Windows solutions became more secure for the securities industry because that's what clients use for retail access. BB10 in the financial sector actually lags Android/IOS/Windows for security outside MDM and EMM solutions. Even BB10 devices used with the MDM or EMM solutions probably lag similar Android/IOS solutions because I'm sure many MDM or EMM solutions don't support BB10.

[Zidentia]

Your assumption was correct.

The "challenge" was just a figure of speech meant to convey that such a breach has never been reported.

The key here is "reported". I worked for a company that was hacked along with a couple of other companies. They stole Amex info from employees off of IPhones who used the phones to buy branded merchandise for events. It went on for several years until they discovered it was a vendor who exploited the weakness in the data file used to store the Amex numbers. They did the same thing to three other companies and eventually blamed a rogue employee. The loss was in the millions but they recovered quite a bit of it.

Posted via CB10

[Elephant_Canyon]

The key here is "reported". I worked for a company that was hacked along with a couple of other companies. They stole Amex info from employees off of IPhones who used the phones to buy branded merchandise for events. It went on for several years until they discovered it was a vendor who exploited the weakness in the data file used to store the Amex numbers. They did the same thing to three other companies and eventually blamed a rogue employee. The loss was in the millions but they recovered quite a bit of it.

Could you please provide a link to this story? Or some kind of documentation or technical description? Or even what "data file" the information was taken from?

[conite]

The key here is "reported". I worked for a company that was hacked along with a couple of other companies. They stole Amex info from employees off of IPhones who used the phones to buy branded merchandise for events. It went on for several years until they discovered it was a vendor who exploited the weakness in the data file used to store the Amex numbers. They did the same thing to three other companies and eventually blamed a rogue employee. The loss was in the millions but they recovered quite a bit of it.

Posted via CB10

That isn't informative enough to forensically ascertain the entry point.

Were they managed devices? Where was the data? How was the phone and/or data accessed? If managed, what were the EMM policies in place? Was corporate data containerized? Etc, etc, etc.

[Chuck Finley69]

The key here is "reported". I worked for a company that was hacked along with a couple of other companies. They stole Amex info from employees off of IPhones who used the phones to buy branded merchandise for events. It went on for several years until they discovered it was a vendor who exploited the weakness in the data file used to store the Amex numbers. They did the same thing to three other companies and eventually blamed a rogue employee. The loss was in the millions but they recovered quite a bit of it.

Posted via CB10

I'm no IT guy but doesn't your scenario really describe a system breach through IOS app construction that has nothing to do with the actual OS itself but more of exploit due to poor app construction?

[KAM1138]

I'm no IT guy but doesn't your scenario really describe a system breach through IOS app construction that has nothing to do with the actual OS itself but more of exploit due to poor app construction?

Looking for a Data Breach: "There's an App for that!"

[kvndoom]

A CEO setting a target without making any attempt to reach it or knowing it's impossible is deceptive. An average shareholder like myself would believe no one would do this unless he were unethical.

Posted via CB10

Why haven't you filed your lawsuit yet? According to you, he's committed so many SEC violations that Blackberry is the next Enron. There's got to be millions (LOL) of angry shareholders out there waiting to get their pound of flesh from a surefire can't-lose class action suit.

Of course I already know the answer... it's always easier to complain on the internet. EVERYBODY is right on the internet.

[Zidentia]

That isn't informative enough to forensically ascertain the entry point.

Were they managed devices? Where was the data? How was the phone and/or data accessed? If managed, what were the EMM policies in place? Was corporate data containerized? Etc, etc, etc.

If I knew there would be a witch hunt I would have kept quiet. Of course if was a policy enabled managed environment. This was a fortune 50 company. It is one of the biggest manufacturers in the world. The IPhones stored the payment data in containerized section to use for quick reorder because we were not using open accounts any longer. It was encrypted but when the order gets parsed the phone would pass parity data that was allowed them to open the file. That is all I can say.

Posted via CB10

[Zidentia]

I'm no IT guy but doesn't your scenario really describe a system breach through IOS app construction that has nothing to do with the actual OS itself but more of exploit due to poor app construction?

Well I am in IT now and the OS was the issue. Apple admitted there was a problem and updated the OS to reflect it.


Posted via CB10

[conite]

If I knew there would be a witch hunt I would have kept quiet. Of course if was a policy enabled managed environment. This was a fortune 50 company. It is one of the biggest manufacturers in the world. The IPhones stored the payment data in containerized section to use for quick reorder because we were not using open accounts any longer. It was encrypted but when the order gets parsed the phone would pass parity data that was allowed them to open the file. That is all I can say.

Posted via CB10

It wasn't a witch hunt by any means. I was simply saying that the information you provided was insufficient to draw the conclusion that the iPhone and/or the EMM solution by themselves were responsible for the breach. And, in all due respect, it still isn't.

[conite]

Well I am in IT now and the OS was the issue. Apple admitted there was a problem and updated the OS to reflect it.


Posted via CB10

If true, and it was patched - then great. Problem solved.

Does this speak to whether a managed iPhone is more or less secure than a managed hardened Android or BB10 device? I would say, no. Anecdotal evidence is a tricky thing. There are still way too many unknowns to even begin to assess it.

[Dunt Dunt Dunt]

Well I am in IT now and the OS was the issue. Apple admitted there was a problem and updated the OS to reflect it.


Posted via CB10

Even BlackBerry has patched some vulnerabilities.... the key is to have an OS that is widely used and being tested and patched.

[Zidentia]

It wasn't a witch hunt by any means. I was simply saying that the information you provided was insufficient to draw the conclusion that the iPhone and/or the EMM solution by themselves were responsible for the breach. And, in all due respect, it still isn't.

I have to admit I do see where you tend to draw out the conversation just to be argumentative. It is subtle but if is there. I provided the evidence that I could. I also mentioned that I said all that could say. I still do contract work for this company so I am legally prohibited from saying more.

As far as "Anecdotal" I was there, I witnessed it, it also happened to my phone. I worked on the solution as well as others and our team presented it to Apple. See, that is the thing, a crime needs witnesses, verifiable chain of events and incontrovertible evidence of an issue. To go on is to beat this to death.

This is the reason I left crackerry for a number of years. And the reason I am leaving again. I have coding to do.

Posted via CB10

[conite]

As far as "Anecdotal" I was there, I witnessed it, it also happened to my phone. I worked on the solution as well as others and our team presented it to Apple

That's the definition of anecdotal.

"not necessarily true or reliable, because the information is based on personal accounts rather than facts or research"

That said, I have no reason not to believe you. That's not what I'm saying at all.

I would simply need more information and statistics to make an overall security assessment on the comparative vulnerability posture of one OS to another.

Your point is well taken that no system is 100% secure - particularly when involving customized solutions like yours was.

[john_v]

Let it go. For the love of all things sane, knock of the bickering. It's possible to disagree with someone without name calling.

Personal Attacks or Insults to Members
Constructive discussions, debates, and free speech are encouraged in the forums. However, it is not constructive to criticize or insult another member because their opinion differs from yours. Discuss the post, not the poster, and consider the tone of your posts before pressing the submit button. If you are irritated by a post, thread, question, or topic, you are in no way obligated to respond and are encouraged to move along to another thread.

[markmall]

The turnaround artist has overhauled a once hardware company into a software and services company, something that many people thought impossible. Rob Enderle, president at Enderle Group said Chen did, in fact, do the impossible, and is certainly deserving of his contract renewal."

I didn't know Rob Enderle thinks Chen did the impossible! We fought in the war together. If Rob Enderle says it's true, that's good enough for me. If Rob said Android was better than BB10 for emailing, I would change my mind.

Posted via CB10

[conite]

I didn't know Rob Enderle thinks Chen did the impossible! We fought in the war together. If Rob Enderle says it's true, that's good enough for me. If Rob said Android was better than BB10 for emailing, I would change my mind.

Posted via CB10

"Rob Enderle (born July 27, 1954 in Corona, California) is an American technology analyst.[1]

Enderle has worked at several technology companies, including EMS Development Company, ROLM Systems and IBM, before becoming a technology analyst. He began his analyst career at Dataquest, before helping to launch GiGa Information Group. After GiGa was acquired by Forrester Research, he worked at Forrester [2] until leaving to found his own firm, the Enderle Group.

Enderle writes a number of columns for technological publications and regularly appears on radio and television.[3] He sits on several advisory councils, including those for Lenovo, AMD and HP. He shares a technology blog at Technology Pundits. He has worked as an advisor for Microsoft,[4] Dell, IBM, Siemens, and Intel, among other companies.[5]"

[markmall]

The key here is "reported". I worked for a company that was hacked along with a couple of other companies. They stole Amex info from employees off of IPhones who used the phones to buy branded merchandise for events. It went on for several years until they discovered it was a vendor who exploited the weakness in the data file used to store the Amex numbers. They did the same thing to three other companies and eventually blamed a rogue employee. The loss was in the millions but they recovered quite a bit of it.

Posted via CB10

I wonder if a closed loop like with BBOS could give highly sensitive industries and government agencies something that Android can't.

Posted via CB10

[markmall]

I'm no IT guy but doesn't your scenario really describe a system breach through IOS app construction that has nothing to do with the actual OS itself but more of exploit due to poor app construction?

This is part of the issue though. If I'm running the Department of Defense and an under secretary wants to download an app to buy purses, I would be inclined to say "no, and if you ask twice you're fired."

These industries should be using dedicated phones where the app gap doesn't matter so much.

Posted via CB10

[markmall]

Why haven't you filed your lawsuit yet? According to you, he's committed so many SEC violations that Blackberry is the next Enron. There's got to be millions (LOL) of angry shareholders out there waiting to get their pound of flesh from a surefire can't-lose class action suit.

Of course I already know the answer... it's always easier to complain on the internet. EVERYBODY is right on the internet.

First, I don't believe that the board of directors gave Chen an order to get out of hardware when he started. Remember?

Second, because it would be too hard to prove that BlackBerry would have had a better outcome if it paid more attention to its marketing.

Posted via CB10

[markmall]

Why haven't you filed your lawsuit yet? According to you, he's committed so many SEC violations that Blackberry is the next Enron. There's got to be millions (LOL) of angry shareholders out there waiting to get their pound of flesh from a surefire can't-lose class action suit.

Of course I already know the answer... it's always easier to complain on the internet. EVERYBODY is right on the internet.

I can tell you're not emotionally invested in this CEO by your photo. You are Chen's brother.

Posted via CB10

[conite]

This is part of the issue though. If I'm running the Department of Defense and an under secretary wants to download an app to buy purses, I would be inclined to say "no, and if you ask twice you're fired."

These industries should be using dedicated phones where the app gap doesn't matter so much.

Posted via CB10

The EMM can be set to only allow the download of select, whitelisted apps.

[markmall]

The EMM can be set to only allow the download of select, whitelisted apps.

Perhaps but that was not my point.

Posted via CB10