12-25-17 05:54 PM
418 ... 14151617
tools
  1. Richard Buckley's Avatar
    And what's interesting is QNX was notified in August when almost all other vendors were,

    https://www.kb.cert.org/vuls/id/CHEU-AQNN3H
    Yet according to this BlackBerry was notified October 13 th. I wonder if they have out of date contact information for QNX. The page above looks like auto generated proforma.

    https://www.kb.cert.org/vuls/byvendo...&SearchOrder=4

    LeapSTR100-2/10.3.3.2205
    11-07-17 04:53 PM
  2. Invictus0's Avatar
    Yet according to this BlackBerry was notified October 13 th. I wonder if they have out of date contact information for QNX. The page above looks like auto generated proforma.

    https://www.kb.cert.org/vuls/byvendo...&SearchOrder=4

    LeapSTR100-2/10.3.3.2205
    I thought that as well but their BlueBorne disclosure seems to imply that they have recent contact info for BlackBerry,

    https://www.kb.cert.org/vuls/id/240311
    11-07-17 05:16 PM
  3. Richard Buckley's Avatar
    I thought that as well but their BlueBorne disclosure seems to imply that they have recent contact info for BlackBerry,

    https://www.kb.cert.org/vuls/id/240311
    But they didn't mention QNX at all for that release.

    Difficult to say anything for sure.
    11-07-17 07:49 PM
  4. Leyra B10's Avatar
    You can still check certificates for the websites your visiting when you wish to do something sensitive like banking, at least on the stock browser.


    Posted via CB10
    11-08-17 11:17 AM
  5. G_Unit MVP's Avatar
    I've participated in yesterday's webinar about Public Wifi security, and at the end they did a Q&A. So, I asked the speaker about how secure is to still use BB10 devices on public wifi networks, and if we can expect any update some time in the near future. The answer was that it is secure if you use Blackberry Secure, basically because the data between the device and the server is encrypted. So, the vulnerability is still there, your communications can be intercepted, but theoretically can't be decrypted.
    It's not an official statement, but it's pretty clear that there will not be any update to fix the problem, cause the only BB10 users they care at this point are in working environments and they are protected if they use Blackberry software.
    The consumers like most of us here, well, we are on our own...
    11-10-17 10:06 AM
  6. wingnut666's Avatar
    mark my words. they will patch this vulnerability. leaving it open leaves them vulnerable to lawsuits. they are just moving slowly and reluctantly.

    Posted via CBX
    11-10-17 10:48 AM
  7. Invictus0's Avatar
    I've participated in yesterday's webinar about Public Wifi security, and at the end they did a Q&A. So, I asked the speaker about how secure is to still use BB10 devices on public wifi networks, and if we can expect any update some time in the near future. The answer was that it is secure if you use Blackberry Secure, basically because the data between the device and the server is encrypted. So, the vulnerability is still there, your communications can be intercepted, but theoretically can't be decrypted.
    It's not an official statement, but it's pretty clear that there will not be any update to fix the problem, cause the only BB10 users they care at this point are in working environments and they are protected if they use Blackberry software.
    The consumers like most of us here, well, we are on our own...
    Isn't that general advice for KRACK though? That it's dangerous across unsecure connection (i.e. http) less dangerous on secure connections?

    In other news, editorial aside, Pixel and Nexus devices won't be patched until December.

    https://arstechnica.com/gadgets/2017...lly-a-big-deal
    11-10-17 11:00 AM
  8. DrBoomBotz's Avatar
    mark my words. they will patch this vulnerability. leaving it open leaves them vulnerable to lawsuits. they are just moving slowly and reluctantly.

    Posted via CBX
    Your words are marked.
    When can we declare a no show?
    11-10-17 11:37 AM
  9. Elephant_Canyon's Avatar
    mark my words. they will patch this vulnerability. leaving it open leaves them vulnerable to lawsuits. they are just moving slowly and reluctantly.
    Consider them marked. What’s the deadline on this?

    EDIT- ninja’d
    11-10-17 11:38 AM
  10. wingnut666's Avatar
    Consider them marked. What’s the deadline on this?

    EDIT- ninja’d
    before world peace breaks out

    Posted via CBX
    11-10-17 01:48 PM
  11. DrBoomBotz's Avatar
    before world peace breaks out

    Posted via CBX
    Obviously you don't take yourself seriously, so no else should take you seriously either.
    11-10-17 02:54 PM
  12. johnny_bravo72's Avatar
    before world peace breaks out

    Posted via CBX
    Awww... Would have believed you if your answer was "coming soon." 😀
    11-10-17 03:20 PM
  13. DreadPirateRegan's Avatar
    before world peace breaks out

    Posted via CBX
    I hope your right bud, would be awesome. As to the other guy, wingnut is full of knowledge so I'd take him "seriously" just maybe not on this.. a sense of humor, how dare you! Haha..

    Honestly, I don't even care about Krack as much as like signs of Life over with BB10 even though I still know chances of it coming back to the surface are nill.

    On that not, Jan the new big Youtuber for blackberry (think he is in german) says that blackberry only recently signed the no upgrade to dalvik (art) when they started with priv. It was in the contract and prior they could have, had they wanted to like amazon had did up until at least lollipop as far as I know. Anyway, this seems to be where the smart people are so was wandering if anybody knew if this was true or not as If so it means...

    They could have and they didn't as well as..

    They sold out to Droid fully in a big way and why would google care since "BB10" isn't really good anyway..

    I can't wait for everyone to leave so it's just ME. Oh, and hopefully Cobalt still releases his suite of God-Like applications.

    To go back on topic,

    " BlackBerry10 don't do Krack! "
    or maybe they do, we shall see.

    Are the android blackberry's corrected as of now with the Bluebourne and/or Krack yet?...

     Passport SE  -Working wiDe in 2017+...
    11-10-17 05:46 PM
  14. Invictus0's Avatar
    Are the android blackberry's corrected as of now with the Bluebourne and/or Krack yet?...
    Only those that have at least the October 2017 update are safe from both (September for BlueBorne, October for KRACK).
    11-10-17 07:38 PM
  15. bobshine's Avatar
    mark my words. they will patch this vulnerability. leaving it open leaves them vulnerable to lawsuits. they are just moving slowly and reluctantly.

    Posted via CBX
    Lawsuits? From whom?
    11-10-17 07:52 PM
  16. Chuck Finley69's Avatar
    Lawsuits? From whom?
    Harry Potter Incorporated....
    11-10-17 08:12 PM
  17. i_plod_an_dr_void's Avatar
    I
    Honestly, I don't even care about Krack as much as like signs of Life over with BB10 even though I still know chances of it coming back to the surface are nill.
     Passport SE  -Working wiDe in 2017+...
    Just like ultra-secure submarines don't surface...but still live.
    11-11-17 12:05 AM
  18. DreadPirateRegan's Avatar
    Just like ultra-secure submarines don't surface...but still live.
    I never said I made sense.. just 100.

     Passport SE  -Working wiDe in 2017+...
    11-11-17 10:41 AM
  19. Newfangled's Avatar
    In this case, I'm assuming no news is bad news...

     BlackBerry | CLASSIC
    11-18-17 09:01 AM
  20. Invictus0's Avatar
    In this case, I'm assuming no news is bad news...

     BlackBerry | CLASSIC
    I don't believe they've commented on QNX yet either so who knows. We've either overestimated how many resources BlackBerry has or how much they consider this an issue.
    11-18-17 11:12 AM
  21. eshropshire's Avatar
    I don't believe they've commented on QNX yet either so who knows. We've either overestimated how many resources BlackBerry has or how much they consider this an issue.
    Is QNX impacted?
    11-19-17 12:40 AM
  22. johnsliderbb's Avatar
    How much actual programming would be involved to fix it?

    Posted via CB10
    11-19-17 03:58 AM
  23. Invictus0's Avatar
    Is QNX impacted?
    We don't know but apparently they're looking into it,

    https://forums.crackberry.com/showth...1#post13063195
    11-19-17 10:50 AM
  24. DreadPirateRegan's Avatar
    We don't know but apparently they're looking into it,

    https://forums.crackberry.com/showth...1#post13063195
    Nice!

    Why do WE always "look into it first" like @conite fixing the runtime, etc, etc. Even when they were alive or supposed to be. LOL. What gives.. yet, still love blackberry and will one day in the distant future go to blackdroid. The motion is looking purdyyyy..

     Passport SE  -Working wiDe in 2017+...
    11-19-17 12:09 PM
  25. Rob Longmire's Avatar
    If we got dark hub it'd be enough for me to switch back to my passport from the keyone
    11-24-17 03:37 PM
418 ... 14151617

Similar Threads

  1. How secure really is the Keyone finger sensor
    By dorsetshaw in forum BlackBerry KEYone
    Replies: 19
    Last Post: 10-27-17, 09:53 PM
  2. KRACK WPA2 Vulnerability on BB10
    By EFats in forum BlackBerry 10 OS
    Replies: 8
    Last Post: 10-18-17, 02:38 PM
  3. how to stop auto download of mail attachment in hub
    By madh263362 in forum BlackBerry Android OS
    Replies: 2
    Last Post: 10-17-17, 09:51 AM
  4. KEYone Keyboard scrolling issue with ads on articles
    By Turborat in forum BlackBerry KEYone Support
    Replies: 0
    Last Post: 10-17-17, 08:56 AM
  5. Problem with finger sensor on may K1
    By mikimike2 in forum BlackBerry KEYone Support
    Replies: 1
    Last Post: 10-17-17, 06:49 AM
LINK TO POST COPIED TO CLIPBOARD