[Wayne_Enterprises]

Thanks for testing. But to say that they have some level of security is false. They have no level of security.

All this time you're shooting it down and attacking me "people are saying it doesn't happen so Wayne must be a liar!!!" and you don't even test it for yourself...

All makes sense now.

Posted via CB10 on 10.1.0.4780

[Bluenoser63]

All this time you're shooting it down and attacking me "people are saying it doesn't happen so Wayne must be a liar!!!" and you don't even test it for yourself...

All makes sense now.

Posted via CB10 on 10.1.0.4780

What makes no sense is you saying that BB10 isn't secure because of this feature when no phone you have in your organization is anymore secure that BB10 with this feature. You just don't get it.

[Wayne_Enterprises]

What makes no sense is you saying that BB10 isn't secure because of this feature when no phone you have in your organization is anymore secure that BB10 with this feature. You just don't get it.

Good job side-stepping. Test and verify before you lash out next time.

Posted via CB10 on 10.1.0.4780

[Jerry A]

Since I have said that leakage will occur on every phone because you are putting it into a insecure personal account. What W_E thinks is secure really isn't. I didn't prove your point.

Once again, you've proven my point. Did you actually read what I wrote? I'm not discussing what W_E thinks. I'm asking you if you read, in it's entirety, what I wrote.

In any credible security audit there is a difference between leakage due to technology and leakage due to human error. They both exist and they both must be enumerated.

You can keep apologizing for BlackBerry and saying the technological deficiency doesn't exist. That's your OPINION.

Unfortunately, the FACT is, the leak exists, and can be repeated.

[Bluenoser63]

Good job side-stepping. Test and verify before you lash out next time.

Posted via CB10 on 10.1.0.4780

This is rich coming from someone who doesn't understand IT security and points out so called IT security issues with BB10.

[Wayne_Enterprises]

Oh my god give it a rest. No one cares.

This is rich coming from someone who doesn't understand IT security and points out so called IT security issues with BB10.

[Bluenoser63]

Once again, you've proven my point. Did you actually read what I wrote? I'm not discussing what W_E thinks. I'm asking you if you read, in it's entirety, what I wrote.

In any credible security audit there is a difference between leakage due to technology and leakage due to human error. They both exist and they both must be enumerated.

You can keep apologizing for BlackBerry and saying the technological deficiency doesn't exist. That's your OPINION.

Unfortunately, the FACT is, the leak exists, and can be repeated.

Look. It isn't a leak. You can't leak work data when you use personal accounts (that have no security in the first place) to store work data. When I mentioned leakage, I did it in jest to someone who doesn't understand business security. And it looks like you are as blind as the other mouse. Just need a third mouse to make a nursery rime.

[Bluenoser63]

Oh my god give it a rest. No one cares.

Some of us care about IT security, it is plain to see that you and your company don't. So you should stop posting as you continue to show how little you know about the subject. I expect that you will just continue using swear words and the like.

[Wayne_Enterprises]

F*ck me! You hit me where it hurts.

Some of us care about IT security, it is plain to see that you and your company don't.

[Jerry A]

Look. It isn't a leak. You can't leak work data when you use personal accounts (that have no security in the first place) to store work data. When I mentioned leakage, I did it in jest to someone who doesn't understand business security. And it looks like you are as blind as the other mouse. Just need a third mouse to make a nursery rime.

I said there's data leakage. Nothing more, nothing less. That in and of itself is a by any security yardstick a deficiency.

The simple fact that one can't update their personal info without it spilling over is an issue. Security works all ways, not just the apologist manner you ill-define.

When I mentioned leakage, I did it before you ever joined this thread. I appreciate your wanting to be an ignorant ***** who wants to insult folks.

But it's getting old. With each post all you do is continue to show your lack of how real security protocols work.

I believe you're the mouse you joked about.

[Anonymous2039]

I said there's data leakage. Nothing more, nothing less. That in and of itself is a by any security yardstick a deficiency.

The simple fact that one can't update their personal info without it spilling over is an issue. Security works all ways, not just the apologist manner you ill-define.

When I mentioned leakage, I did it before you ever joined this thread. I appreciate your wanting to be an ignorant ***** who wants to insult folks.

But it's getting old. With each post all you do is continue to show your lack of how real security protocols work.

I believe you're the mouse you joked about.

Spill over into where? Unless the BlackBerry is connected to BES, the whole phone is nothing but personal!



Posted via CB10

[Wayne_Enterprises]

Spill over into where? Unless the BlackBerry is connected to BES, the whole phone is nothing but personal!



Posted via CB10

Take security out of the equation for a split second. You cannot call a phone, no matter what it is, a personal phone just because it isn't hooked up to BES if people do in fact, use it for work purposes. What about self employed individuals??

It's like saying a car isn't a car unless it has gasoline in it! (Tesla, Leaf, and Volt jokes aside)...

Posted via CB10 on 10.1.0.4780

[Jerry A]

Spill over into where? Unless the BlackBerry is connected to BES, the whole phone is nothing but personal!




Posted via CB10

So? Seriously, a user may not want the contacts for one account to co-mingle with another account. They're out of luck.

A SMB may not need BES10, they simply want to ensure on-device encryption and a password via central policy.

BB10 devices are allowed onto an enterprise in a limited fashion because BB10 isn't supported by their current MDM.

Your insistence that if it's not being used in the manner you proscribe is inconsequential. The usage profile doesn't matter. What does is that the device, unlike the competition and current baseline security expectations automatically leaks data.

[Anonymous2039]

So? Seriously, a user may not want the contacts for one account to co-mingle with another account. They're out of luck.

A SMB may not need BES10, they simply want to ensure on-device encryption and a password via central policy.

BB10 devices are allowed onto an enterprise in a limited fashion because BB10 isn't supported by their current MDM.

Your insistence that if it's not being used in the manner you proscribe is inconsequential. The usage profile doesn't matter. What does is that the device, unlike the competition and current baseline security expectations automatically leaks data.

:eyeroll:
You keep going on. And. On. And. On. And. On about the same thing when everything was clearly explained to you.

Posted via CB10

[Bluenoser63]

I said there's data leakage. Nothing more, nothing less. That in and of itself is a by any security yardstick a deficiency.

The simple fact that one can't update their personal info without it spilling over is an issue. Security works all ways, not just the apologist manner you ill-define.

When I mentioned leakage, I did it before you ever joined this thread. I appreciate your wanting to be an ignorant ***** who wants to insult folks.

But it's getting old. With each post all you do is continue to show your lack of how real security protocols work.

I believe you're the mouse you joked about.

Please explain to us all how your own multiple personal accounts are secure from each other? Since you can't, you show a big lack of knowledge about security. There is no security with yourself.

[Bluenoser63]

So? Seriously, a user may not want the contacts for one account to co-mingle with another account. They're out of luck.

A SMB may not need BES10, they simply want to ensure on-device encryption and a password via central policy.

BB10 devices are allowed onto an enterprise in a limited fashion because BB10 isn't supported by their current MDM.

Your insistence that if it's not being used in the manner you proscribe is inconsequential. The usage profile doesn't matter. What does is that the device, unlike the competition and current baseline security expectations automatically leaks data.

This only makes sense if you have multiple personalities. Maybe you do. Might explain some things. You are splitting information from yourself on a personal phone.

[Bluenoser63]

:eyeroll:
You keep going on. And. On. And. On. And. On about the same thing when everything was clearly explained to you.

Posted via CB10

Yeah. Some people clearly don't want to understand or learn things. I am done with these guys.

I hope that people who are serious about security, do not listen to anything that Wayne_Enterprise or Jerry_A has to say in this regard. They would only lead you down a dangerous road.

[Wayne_Enterprises]

Pretty sure we're not the ones bible beating this forum to death trying to impress our views on security, and MDM, and this, and that. That's all you! Time to get your nose out of Papa Smurf's a$$ and act like an adult. You sound like the gestapo.

Yeah. Some people clearly don't want to understand or learn things. I am done with these guys.

I hope that people who are serious about security, do not listen to anything that Wayne_Enterprise or Jerry_A has to say in this regard. They would only lead you down a dangerous road.

[anon(2325196)]

They're not smart, that's all that tells me.

"It's easier to give in to whiny users who 'need' their iPhone than to make them all use BlackBerry's. Plus, they think us IT guys are 'cooler' now that we've taken the easy way out with BYOD."

An IT department that doesn't use BlackBerry as their mobile computing solution is stupid. Yes, stupid. I don't effing care.

Posted via CB10

[Jerry A]

Please explain to us all how your own multiple personal accounts are secure from each other? Since you can't, you show a big lack of knowledge about security. There is no security with yourself.

Once again, you fail to grasp. I never said the accounts were secure from each other. All I've said time and again is that: BB10, due to it's inability to keep contact data in a specific context has a security deficiency. The inability to control how data is synchronized is a leakage deficiency.

That's straight from any security handbook and CISSP exam. But you're right, obviously I must know nothing about security since I won't engage in your straw-man apologist framework. That's fine. If it makes you feel better go ahead an tell yourself that I don't know anything about security. As with every other part of this conversation, your royal fiat and inability to engage in any meaningful comprehension of the issue is obviously more true then the technical facts.

I await your witty retort which will most likely be once again filled with personal attacks and a redirection away from the actual issue being discussed.

[Jerry A]

:eyeroll:
You keep going on. And. On. And. On. And. On about the same thing when everything was clearly explained to you.

Posted via CB10

Please, tell me what was clearly explained? That BB10 can't properly compartmentalize it's data? Or that a good chunk of apologists refuse to accept that fact and continue to bury this under other straw-man arguments?

Seriously, please clearly explain this to me since you think I don't grasp the issue.

[BravoZuluDelta]

I have to attempt to clarify both sides here. We need to distinguish between ideal security and acceptable security.

It seems most of us are arguing for ideal security, which would involve an MDM solution locking out any attempt at mixing work and personal information. BB10 excels at this aspect with integrated work and personal spaces, although the alternative phones are more than adequate for most corporate scenarios.

Acceptable security is less straightforward. Every corporation will have to decide what they're comfortable with. If employees can be trusted to voluntarily keep work and personal information separated, then BB10 lags behind the competition in this regard. The current official OS does not allow contacts to be saved to specific accounts. This is not ideal security, however, if this is what the company is comfortable with, then the competition outperforms BB10.

BB10 has the potential to be more secure than the other platforms, as evidenced in their certification and usage throughout the US government. However, in the middle of that scale, different phones all have their strengths and weaknesses.

[pbeasley]

Forget work vs personal for a moment. Forget MDM, Encryption, and BES. Because none of thos are what the "Bug" is really about.

Yez, I agree this is a bug (which by my definition includes planned features that are poorly implemented).

I have 3 personal accounts on my Q10. I also volunteer in the community. One group has a shared email account that 5 of us have access to. I have added that account to my phone. If i add a new contact to one of my personal accounts it gets added to the volunteer account and *i can't stop that from happening* while still creating the contact from my phone. I have to add the contact, unlink the contact, and then go delete it from the other account.

The auto creation is a feature, but the implementation is buggy at worst, poorly thought out at best.

[Wayne_Enterprises]

Forget work vs personal for a moment. Forget MDM, Encryption, and BES. Because none of thos are what the "Bug" is really about.

Yez, I agree this is a bug (which by my definition includes planned features that are poorly implemented).

I have 3 personal accounts on my Q10. I also volunteer in the community. One group has a shared email account that 5 of us have access to. I have added that account to my phone. If i add a new contact to one of my personal accounts it gets added to the volunteer account and *i can't stop that from happening* while still creating the contact from my phone. I have to add the contact, unlink the contact, and then go delete it from the other account.

The auto creation is a feature, but the implementation is buggy at worst, poorly thought out at best.

Thank you for sharing your experience as well!!!! Maybe this will get bluesmurfnoser to CTRL+ALT+DEL and see this in a different light.

But, be prepared. He will shi* on your volunteer group, which I'm sure is doing great work, for sharing an email account, or not having a MDM solution in place.

Posted via CB10 on 10.1.0.4780

[iN8ter]

This only makes sense if you have multiple personalities. Maybe you do. Might explain some things. You are splitting information from yourself on a personal phone.

A contractor who uses his personal phone with a hosted exchange account, personal account, and an account he shares with a spouse (bills, etc.) Adds a work contact to his phone.

Wife automatically gets all that information.

Its pretty simple. Why would one person freelancing want to lock his phone down with MDM. They don't need BES10, however that auto leakage happens without giving him a choice. That's a flaw in the security of this phone. No device should ever leak personal info to other accounts without confirmation. This is like an app stealing contact info without asking, only I s built into the operating system... Are you serious?

This can happen to a freelance journalist with their sources. An attorney, anyone.

What is wrong with you people. You act like any criticism must be damned. This is actually a serious issue in their software. Very serious.

Very sensitive information can be in a VCF file (address, phone number, and the Notes field exists for a reason - many people use it).

I cannot believe people are defending this. Blown away. Just wow...

You are aware iPhone and Android devices can be secured via MDM, and yet still do not have this flaw built into them, are you. Only with BB10 must you worry about this issue.

Sent from my Galaxy S III using Tapatalk 4