With KRACK We'll Find Ou if BB10 is OFFICIALLY End-of-life
- Actually you don't know that -- QNX is not Linux or FreeBSD, and might not have the common path that allows it to work on those devices...
While it's not exactly likely BlackBerry found and silently fixed this on QNX it's also not impossible.
You must therefore assume its vulnerable until told otherwise, but assuming and knowing are two different things.
Further, if they did discover this previously and fixed it, that would be completely asinine. The right thing would have been to fix it, and then announce the flaw to get the marketing and PR value (and literally save the planet from a serious flaw that could have been, or could still be, devastating)
At the very least, if they did fix it years ago, and now everyone knows about the flaw, then they should have said that today. Very loudly. The fact that they haven’t means that either (a) they are criminally stupid or (b) they actually implemented the standard correctly and have an issue they now need to fix.10-17-17 07:35 PMLike 0 -
Yes, I understand the spec "says" do "X". If a spec says "jump off a building", do you?
The probability is that it's vulnerable. However, that's not certain. In fact there are some clients (e.g. certain Android versions) that are more vulnerable due to specifics of their implementation.
"Gee, that's dumb, I'm not going to do that" doesn't create an obligation on a party to report it. I've run into that a few times in my professional career, and I've never run the flag up the pole; I like the advantage it confers to be "better" than the other guys.10-17-17 07:48 PMLike 0 -
- So if BB10 is immune to this issue, why have they not announced that this week? This would be such a huge, obvious win.10-17-17 08:04 PMLike 0
-
Posted via CB10anon(2313227) likes this.10-17-17 08:09 PMLike 1 -
Of course this is all utter fantasy, because we all know BB10 is vulnerable to KRACK and they will fix it soon just like everyone else is.Wmsi likes this.10-17-17 08:17 PMLike 1 - Not a win for BB10, a win for BlackBerry. They want to be known as the security experts. Imagine a press release that said “we carefully implement every protocol using our own code and our own careful analysis. In implementing WPA in QNX, we chose to implement only those parts of the key exchange protocol that we felt were safe. As a result, our QNX OS is the only operating system we know of that is totally immune to KRACK, which demonstrates our unwavering commitment and attention to detail in building the most secure experiences for our customers and partners.”
Of course this is all utter fantasy, because we all know BB10 is vulnerable to KRACK and they will fix it soon just like everyone else is.
Posted via CB10moonflyer likes this.10-17-17 08:19 PMLike 1 -
Passport SE -Working wiDe in 2017+...10-17-17 09:26 PMLike 0 -
-
http://crackberry.com/crackberry-pol...-are-you-using
Hopefully it's not too late to participate.
Posted via CB1010-17-17 10:42 PMLike 0 - Both BlackBerry and QNX are unknown
https://www.kb.cert.org/vuls/byvendo...&SearchOrder=4
QNX has had over a month at it.
It is entirely possible BlackBerry/QNX's implementation is not vulnerable, but I'd be surprised. As I understand it (and that's not much) it comes down to how one interprets the wording in the WPA2 spec and most interpretations leave it vulnerable. Given that nearly everyone else interpreted it the same way, I'd bet BB/QNX are vulnerable.10-17-17 11:18 PMLike 0 - They still have BB10 developers on staff, they post on the developer support forums and there's the occasional update in the spotted OS thread on CrackBerry. BB10 still has government and enterprise clients, of course people would care.10-17-17 11:48 PMLike 0
- Why are we all speculating? Why not just ask BlackBerry? Or ask blaze or Kevin, who must have inside info?
Hey, I have a simple solution. Turn off wifi. Use data only on my passport. Data is unlimited anyway, and my passport uses far less of it than my wife's iphone.
Signature: Still typing away on my Passport SE!10-17-17 11:59 PMLike 0 - Why are we all speculating? Why not just ask BlackBerry? Or ask blaze or Kevin, who must have inside info?
Hey, I have a simple solution. Turn off wifi. Use data only on my passport. Data is unlimited anyway, and my passport uses far less of it than my wife's iphone.
Signature: Still typing away on my Passport SE!
Posted with my BlackBerry Passport SE™10-18-17 04:04 AMLike 0 - Not to under state the importance of patching endpoints, or my total lack of surprise that the Wi-Fi people have let us down again (remember WEP, WPS). Anyway, still looking at this, but here are some of the questions I'm asking:
How many of the hot spots accessed where exploitation of this is possible are even offering WPA and are already really sketchy to use without additional security? How much more sketchy is using them, even with a patched endpoint, now vs before?
How many of those are going to be patched, have ever been patched, are still running vulnerable code like DNSMasq?
Etc.
Edit:
So it turns out that access points don't need to be patched unless they are also Wi-Fi clients of another AP.
LeapSTR100-2/10.3.3.2205Last edited by Richard Buckley; 10-18-17 at 05:30 AM.
10-18-17 04:16 AMLike 0 - Why are we all speculating? Why not just ask BlackBerry? Or ask blaze or Kevin, who must have inside info?
Hey, I have a simple solution. Turn off wifi. Use data only on my passport. Data is unlimited anyway, and my passport uses far less of it than my wife's iphone.
Signature: Still typing away on my Passport SE!
So you use your Passport less than your wife uses here iPhone, there is no surprise there. Sorry but data is data, there is no BlackBerry compression or data saving going on with BB10, your wife is just using more.10-18-17 07:19 AMLike 0 -
-
This has the potential to be a multi-year fiasco for individual users and small businesses.
Posted with my trusty Z1010-18-17 07:50 AMLike 0 - The larger issue is that carriers might not push it out so only enthusiasts who use autoloaders will receive it. This is similar to the problem with WiFi routers where, even when the patch is available, most vulnerable devices will never actually receive it.
This has the potential to be a multi-year fiasco for individual users and small businesses.
Posted with my trusty Z10
Hopefully they can issue it more like the Android Patch... something available from BlackBerry World.
I suspect most of Enterprise and Small Business... has already or is already in the process of phasing out BB10. Patch or no Patch this will only speed up the process. Proable a few IT guys have already told their bosses they have everything under control but a few EOL BlackBerry devices that there has been no word from BlackBerry about... hoping to get the approval to expedite their replacements.
But yes there will be users around the world with no clue about this issue and if BlackBerry patches it or not. Someone was posting about their Z10 still running a very early version of BB10 the other day - some people don't update.10-18-17 08:13 AMLike 0 - Slightly off topic, sort of, but Windows is already patched and I got an update for my Linksys router this morning although I've yet to confirm it includes a patch.10-18-17 09:17 AMLike 0
-
In Linux, Mac OS and Windows, most issues are patched before they're widely known. With this bug, any reasonably intelligent person can research it, put together a hacking toolkit, and successfully exploit it for weeks before it will be addressed for the vast majority of users.
Posted with my trusty Z10p1800nut likes this.10-18-17 09:29 AMLike 1 - That may work for you.... Unlimited data isn't the global standard though. There are many, especially in other markets where Wi-Fi is very important for their use. And I expect there are far more BB10 devices in use today in those markets. Most western markets have moved on from the older devices...
So you use your Passport less than your wife uses here iPhone, there is no surprise there. Sorry but data is data, there is no BlackBerry compression or data saving going on with BB10, your wife is just using more.
No data compression on passport, true, but I mostly use a 9900.
Signature: Still typing away on my Passport SE!10-18-17 09:34 AMLike 0
- Forum
- BlackBerry 10 Phones & OS
- BlackBerry 10 OS
With KRACK We'll Find Ou if BB10 is OFFICIALLY End-of-life
« replace battery on Passport?
|
Newbie with failing / non-working native BB10 apps - WhatsApp etc »
Similar Threads
-
How secure really is the Keyone finger sensor
By dorsetshaw in forum BlackBerry KEYoneReplies: 19Last Post: 10-27-17, 08:53 PM -
KRACK WPA2 Vulnerability on BB10
By EFats in forum BlackBerry 10 OSReplies: 8Last Post: 10-18-17, 01:38 PM -
how to stop auto download of mail attachment in hub
By madh263362 in forum BlackBerry Android OSReplies: 2Last Post: 10-17-17, 08:51 AM -
KEYone Keyboard scrolling issue with ads on articles
By Turborat in forum BlackBerry Android OSReplies: 0Last Post: 10-17-17, 07:56 AM -
Problem with finger sensor on may K1
By mikimike2 in forum BlackBerry Android OSReplies: 1Last Post: 10-17-17, 05:49 AM
LINK TO POST COPIED TO CLIPBOARD