[bb10adopter111]

I lost you. Who is forcing you to download random apps?

No one. But most people do. That's the real world.

Posted with my trusty Z10

[bb10adopter111]

...

[conite]

No one. But most people do. That's the real world.

Posted with my trusty Z10

We are discussing our own choices, no?

If you're concerned about a team under you, you have an EMM solution that only allows vetted, whitelisted apps.

[bb10adopter111]

We are discussing our own choices, no?

If you're concerned about a team under you, you have an EMM solution that only allows vetted, whitelisted apps.

I'm concerned about the average consumer, their friends, families and their employers. They are much more vulnerable than they are led to believe. If Apple and Google were being honest that would recommend that users limit their app use only to trusted companies that they absolutely need.

But, since they won't do that, I'm calling the current app store business model fundamentally insecure.

Posted with my trusty Z10

[Chuck Finley69]

I'm concerned about the average consumer, their friends, families and their employers. They are much more vulnerable than they are led to believe. If Apple and Google were being honest that would recommend that users limit their app use only to trusted companies that they absolutely need.

But, since they won't do that, I'm calling the current app store business model fundamentally insecure.

Posted with my trusty Z10

Does this not apply to BB10 as well for it’s own App Store?

[bb10adopter111]

Does this not apply to BB10 as well for it’s own App Store?

In theory, absolutely. If people download from app stores indiscriminately, the risks are similar (though I don't think criminal hackers or foreign intelligence agencies are wasting a lot of time on apps in BlackBerry World).!

I'm not saying that BB10 is more secure than Android in theory and for the same activities. I'm saying that, in the real world, with real users, Android encourages many, many more app downloads, presenting a much larger attack surface for social engineering than BB10.

My point wasn't that BB10 is "better", whatever the heck that would mean, but that all the talk about Android being newer and more secure (which is theoretically true) is negated by the difference in actual user behavior on Android vs. BB10.

The average Android user presents a much larger attack surface to threat actors than the average BB10 user and the only reason is the ease and frequency of downloading third party apps.

Posted with my trusty Z10

[ppeters914]

PEBKAC, which hasn't changed since personal computers and smartphones were invented.

Posted via CB10 / AT&T /Z10 STL100-3 /10.3.3.3216

[Chuck Finley69]

In theory, absolutely. If people download from app stores indiscriminately, the risks are similar (though I don't think criminal hackers or foreign intelligence agencies are wasting a lot of time on apps in BlackBerry World).!

I'm not saying that BB10 is more secure than Android in theory and for the same activities. I'm saying that, in the real world, with real users, Android encourages many, many more app downloads, presenting a much larger attack surface for social engineering than BB10.

My point wasn't that BB10 is "better", whatever the heck that would mean, but that all the talk about Android being newer and more secure (which is theoretically true) is negated by the difference in actual user behavior on Android vs. BB10.

The average Android user presents a much larger attack surface to threat actors than the average BB10 user and the only reason is the ease and frequency of downloading third party apps.

Posted with my trusty Z10

Relax, I trust your opinions along with Conite. It’s that I want to understand other perspectives as compared to mine. You two have technical expertise that I wish I would have developed into a second career. Perhaps one day..... LOL

[conite]

I'm concerned about the average consumer, their friends, families and their employers.

Honestly I'm not.

I'm not concerned in the least bit about my Windows box at home becoming compromised because I know what to do. Apart from the fact that I will probably have to go and fix it, I couldn't really care less about my neighbour's Windows laptop. Same with our phones.

[johnsliderbb]

How is WhatsApp working? Still showing... Loading? I remember it was really slow WA in the 650....

Posted via CB10

Working fine. Including video call.

[elfabio80]

You do realize that Krack took about 6 months to be patched on BB10, but only 2 weeks on BlackBerry Android? Same for Meltdown - although the browser fixes aren't coming to BB10.

If you're concerned about security today, BB10 is probably your worst option.

As far as privacy, you can lock down Google, use Outlook or G Suite (or any number of secure email providers), and avoid any and all apps if you so choose.

Well, Android needs monthly security updates...this means that something is wrong... Immagine your car to receive monthly a recall from the constructor.... Sorry man, you are trying here to see the ice to the north Pole.

Android for sure improved about security and privacy, but the Google store is full of trash apps... and again, the fact that monthly security patches are published means that the OS is not so entirely secure. For sure we have to congratulate with Google for keep on working on its OS...but many questions remain....

It would be interesting to read something from the user RichardBukley...since he seemed to be well prepared and with big knowledge about security and OS(s).... It is a pity he is not longer writing here....

Cheers!

Posted via CB10

[conite]

Well, Android needs monthly security updates...this means that something is wrong... Immagine your car to receive monthly a recall from the constructor.... Sorry man, you are trying here to see the ice to the north Pole.

Android for sure improved about security and privacy, but the Google store is full of trash apps... and again, the fact that monthly security patches are published means that the OS is not so entirely secure. For sure we have to congratulate with Google for keep on working on its OS...but many questions remain....

It would be interesting to read something from the user RichardBukley...since he seemed to be well prepared and with big knowledge about security and OS(s).... It is a pity he is not longer writing here....

Cheers!

Posted via CB10

Most threats that are patched are purely theoretical and have never been exploited in the real world. But yes, a healthy system is constantly audited and updated.

BB10, by nature, is more "locked-down" , per se, but any advantages that it may have enjoyed in that respect, are essentially gone today. The 6 month delay for Krack was a major security issue and made the devices almost unusable in a corporate environment.

[bb10adopter111]

Honestly I'm not.

I'm not concerned in the least bit about my Windows box at home becoming compromised because I know what to do. Apart from the fact that I will probably have to go and fix it, I couldn't really care less about my neighbour's Windows laptop. Same with our phones.

That would be fine, if the cyber threats we faced were similarly siloed so that nothing that happens to your neighbor ever affected you.

In the real world, the threats we face from cyber-insecurity threaten our economy, health, safety and advanced civilization. It's not just a bunch of minor criminals in hoodies grabbing your neighbor's wallet.

The estimated annual global losses from cyber crime by 2021 are projected to be $6 Trillion. Beyond economic damage nation state threat actors attack critical infrastructure daily, from nuclear power plants to governments, hospitals and election systems.

80% of successful attacks involve the compromise of credentials through social engineering. In this context there is absolutely no difference between privacy and security. If a hacker can see someone's public transactions in Venmo, and their social network relations in Facebook and LinkedIn, they can generate carefully targeted phishing and other social engineering attacks that are likely to succeed.

I get where you're coming from, but to me it sounds like someone in 2007 saying that the housing frenzy doesn't affect them because they already have a fixed rate mortgage and don't plan to sell their home. That person isn't considering the systemic risk that will cost them their job, their home, and their place in the middle class.

Posted with my trusty Z10

[conite]

That would be fine, if the cyber threats we faced were similarly siloed so that nothing that happens to your neighbor ever affected you.

In the real world, the threats we face from cyber-insecurity threaten our economy, health, safety and advanced civilization. It's not just a bunch of minor criminals in hoodies grabbing your neighbor's wallet.

The estimated annual global losses from cyber crime by 2021 are projected to be $6 Trillion. Beyond economic damage nation state threat actors attack critical infrastructure daily, from nuclear power plants to governments, hospitals and election systems.

80% of successful attacks involve the compromise of credentials through social engineering. In this context there is absolutely no difference between privacy and security. If a hacker can see someone's public transactions in Venmo, and their social network relations in Facebook and LinkedIn, they can generate carefully targeted phishing and other social engineering attacks that are likely to succeed.

I get where you're coming from, but to me it sounds like someone in 2007 saying that the housing frenzy doesn't affect them because they already have a fixed rate mortgage and don't plan to sell their home. That person isn't considering the systemic risk that will cost them their job, their home, and their place in the middle class.

Posted with my trusty Z10

99.9% of all that has nothing specific to do with mobile phones though.

Most breaches are through bad passwords and/or brute force attacks on online servers.

[bb10adopter111]

99.9% of all that has nothing specific to do with mobile phones though.

Most breaches are through bad passwords and/or brute force attacks on online servers.

Certainly a lot of criminal hacking is based on grabbing the low hanging fruit from the activities you describe. But many, if not most significant data breaches are multi week or month targeted campaigns by focused, patient individuals and teams who slowly peel back the onion of well-secured systems one layer at a time using a big toolbox of techniques. So while they may find weak passwords or unpatched systems at some levels, they also use many other techniques in the course of an attack, including credential compromise via social engineering using not only email, but mobile apps.

In that context, social engineering using the information people share on their social networks and mobile apps is a critical vector for access to sets of credentials that enable the breach.

So, my thesis, which has been confirmed by a number of security chiefs at large companies, is that mobile and web-based applications that expose user information, whether or not it's within the terms of use, and whether or not it's in the personal profile on a phone with EMM, are inherently dangerous and meaningfully increase the attack surface for users and. If they use BYOD, their employers.

In summary, people should use as few apps as possible and share as little personal information as possible in the apps they use.

Posted with my trusty Z10

[curves2000]

Most threats that are patched are purely theoretical and have never been exploited in the real world. But yes, a healthy system is constantly audited and updated.

BB10, by nature, is more "locked-down" , per se, but any advantages that it may have enjoyed in that respect, are essentially gone today. The 6 month delay for Krack was a major security issue and made the devices almost unusable in a corporate environment.

Why do you think that BlackBerry didn't patch it quicker considering the issue and the corporate environment?

I understand the need to not throw more money at BlackBerry 10 considering they are out of the device business for the most part, but still? How much could it of cost for a patch? They are still in the corporate security business and are trying to sell them security software and services along with secured smart phones from their partners?

Any thoughts on this or was it just a lack of resources on the BlackBerry 10 side?

Posted via CB10

[conite]

Why do you think that BlackBerry didn't patch it quicker considering the issue and the corporate environment?

I understand the need to not throw more money at BlackBerry 10 considering they are out of the device business for the most part, but still? How much could it of cost for a patch? They are still in the corporate security business and are trying to sell them security software and services along with secured smart phones from their partners?

Any thoughts on this or was it just a lack of resources on the BlackBerry 10 side?

Posted via CB10

Plain lack of resources I would imagine. They probably have only a couple guys left.

[ppeters914]

In summary, people should use as few apps as possible and share as little personal information as possible in the apps they use.

Posted with my trusty Z10

That's just plain common sense. Doesn't matter if Android, BBOS, BB10, iOS, etc.

Granted, (IMO) Android and iOS make it easier to forget common sense. You can inform/warn, but it's unrealistic to expect the masses to not make less than optimal choices, or for the vendors to care.

Posted via CB10 / AT&T /Z10 STL100-3 /10.3.3.3216

[bb10adopter111]

That's just plain common sense. Doesn't matter if Android, BBOS, BB10, iOS, etc.

Granted, (IMO) Android and iOS make it easier to forget common sense. You can inform/warn, but it's unrealistic to expect the masses to not make less than optimal choices, or for the vendors to care.

Posted via CB10 / AT&T /Z10 STL100-3 /10.3.3.3216

100% agree. That was my entire point, and I also agree it's common sense. App stores give a false sense of security for most users.

Posted with my trusty Z10

[elfabio80]

Why do you think that BlackBerry didn't patch it quicker considering the issue and the corporate environment?

I understand the need to not throw more money at BlackBerry 10 considering they are out of the device business for the most part, but still? How much could it of cost for a patch? They are still in the corporate security business and are trying to sell them security software and services along with secured smart phones from their partners?

Any thoughts on this or was it just a lack of resources on the BlackBerry 10 side?

Posted via CB10

Bcs Chen has no money/competences to invest in...

Posted via CB10

[conite]

Bcs Chen has no money/competences to invest in...

Posted via CB10

Or he has profitable business lines to spend money on instead.

[z10Jobe]

Even though it hasn't been developed in some time, I still prefer the simplicity and maintenance free aspect of bb10. It is ready to go out of the box (including a wide format range music player that my keyone sorely lacks.. Bb should add their music player to their android suite) and no googleness required if one prefers not to be tracked.

If you need all the popular apps, however, then Android is your only reasonable option. I don't mind Android, but it seems like I am always being followed and have to constantly reset settings.

Posted via CB10

[markmall]

If you are a PKB fan and a BlackBerry lover.... sticking with BB10 does nothing for BlackBerry and nothing for YOUR future chances of owning a PKB phone. Without support right now, BlackBerry might not exist in the future. If you don't care about that, then what kind of a fan are you really?

What if we continue using BB10 and just write a check to BlackBerry, Limited as a donation? At least that will not disrupt our work as would switching to an unfamiliar OS not suited to our needs.



Posted via CB10

[bb10adopter111]

What if we continue using BB10 and just write a check to BlackBerry, Limited as a donation? At least that will not disrupt our work as would switching to an unfamiliar OS not suited to our needs.



Posted via CB10

In you could write a check for several million dollars, BlackBerry might keep the essential servers running, but BlackBerry World would still disappear, and the Browser would continue to fall behind.

Any new app core app development would require 10s to 100s of millions if dollars, and there's almost no reasonable amount of money that would entice BlackBerry to wotk on the OS or Android run time.

Posted with my trusty Z10

[Chuck Finley69]

In you could write a check for several million dollars, BlackBerry might keep the essential servers running, but BlackBerry World would still disappear, and the Browser would continue to fall behind.

Any new app core app development would require 10s to 100s of millions if dollars, and there's almost no reasonable amount of money that would entice BlackBerry to wotk on the OS or Android run time.

Posted with my trusty Z10

So you’re saying there’s a chance...