[anon(2729369)]

It's a limiting factor because server hosting companies don't want to waste CPU utilisation encrypting and decrypting data on the fly to and from clients. This wastes power plus a lot of heat :/ just makes everything more tedious for them. People like bigger profit margins.

Agreed DHE is bad for that, even if that's what should be used today ... , but cipher configuration is performed per "domain" (vhost), so you only need to use it on connections which really need to be secure. There is probably no need for the stronger ciphers to protect the passwords on Instagram.

Only offering a device with the strongest of encrypting techniques would leave it out in the cold and be left alone out in the world.

Like for example the switch the USB 3.0 is there but it's too slow and legacy devices are still available and most PC's are still on 2.0.

Actually no. The server lists the cipher suites it supports and should enforce the order (which will make the lists look different than what you get when visiting a web site which tells you what your browser supports). Browsers pick the highest one they support from the list offered by the server. That's how public servers work. So if your browser only supports 3DES+SHA, then you can still connect to the website, if the sysadmin sees no problem with that.

But let's say you want to protect connections to a private service. You know which clients will connect to it and thus can enforce the stronger suites which are supported by the devices. That's where you can have a problem with BlackBerry 10 devices, because you'll need to enable weaker suites, for these to be able to connect.

After Snowden I thought the world would get their act together. So they're actually pushing for better cryptographic methods in devices we use daily and rely on, but hey that hasn't happened.

It is happening , it's just a slow process. Maybe BlackBerry can't go as fast as other vendors because of the certifications it holds.

[oystersourced]

That's why the imbeciles need someone else to look out for them.

Edit: BTW win 8.1 modern side browser is probably OK

I'm sorry but that is not possible, imbeciles will always be imbeciles so they need to be given jobs that don't require a level of security and privacy.

The OP keeps referring to Snowden for some reason, improved cryptographic algorithms do not protect against phishing and the installation of malware via traditional means, inc. gaining physical access to hardware.

Posted via CB10

[anon(2729369)]

For people who keep shooting at the messenger, from the cryptography group of the University of Bristol.

All the new attacks do is show how to exploit these weaknesses within TLS. Yet still people are claiming TLS 1.0 and 1.1 is secure

When real attacks on MD5 came along, which compromised security for real world users, cryptographer could claim a great big "We told you so", and engineers then had to spend (and are still spending) a great deal of effort removing uses of MD5 in software

[UnlimitedEra]

I find this doubting.

Posted Via CB10 Running On Z10STL100-2 Using OS Version 10.2.1.2141

[Richard Buckley]

After all the attacks are rather contrived and do not apply to most real world instantiations of TLS!

The attacks are largely theoretical, require specific instances or other contrived circumstances. This will, of course, change over time. Attacks only get better. And you are correct in that platforms need to be moving away from TLS 1.0 and 1.1, as they will one day have to move away from 1.2. What you seem to be completely ignoring is the fact that both servers and clients have to support 1.2 for it to do any good. BlackBerry has mitigated in place. The only other option is to mitigate in place and upgrade. I suppose I prefer a rather more conservative approach where, until server support is wide spread, the time is invested in ensuring the upgrade and mitigation is done correctly, rather than have a gaping hole in encryption since the release date of iOS 6. But that's just me.

[stabstabdie]

For people who keep shooting at the messenger, from the cryptography group of the University of Bristol.

Dude, we get it, you can read and aren't mentally disabled.
You made you point, give it a rest.
Are you sure you don't want to ask when an ota os update is coming on x carrier while you're here?

[BadGoliath42]

Dude, we get it, you can read and aren't mentally disabled.
You made you point, give it a rest.
Are you sure you don't want to ask when an ota os update is coming on x carrier while you're here?

We should keep this discussion civilised. ofutur is one of many that has brought a lot to this community, and he certainly has credibility on what he's saying. It doesn't mean he is right on the whole line, or any other person too that is. He is definitely not a troll, and is doing this for good reasons, I'm sure.

Now if somebody competent in the matter has something to add or discuss to arrive at a consensus, let's hear it. Personal attacks do not bring anything worthwhile to the table.

Posted via CB10 on my Z30

[kbz1960]

Just because this isn't about safari, or chrome or ??? some don't want to hear it but if it were about the others some would be piling on. I am interested no matter.

[oystersourced]

For people who keep shooting at the messenger, from the cryptography group of the University of Bristol.

It's actually scary how much code you come across which is using 20th century tutorial level security practices.

Posted via CB10

[BCITMike]

With regards to the thread title, "dated" is not a problem, it's "compromised" or similar.

As my buddy pointed out when I told him about Soft Ether, it's better to have an older tested protocol than a brand new one (in comparison to openvpn that is well reviewed and tested).

Posted via CB10

[anon(2729369)]

The attacks are largely theoretical, require specific instances or other contrived circumstances. This will, of course, change over time. Attacks only get better. And you are correct in that platforms need to be moving away from TLS 1.0 and 1.1, as they will one day have to move away from 1.2.

On SHA1, yes, but something like RC4 is getting too risky to use, even Microsoft has released a security advisory.

In light of recent research into practical attacks on biases in the RC4 stream cipher, Microsoft is recommending that customers enable TLS1.2 in their services and take steps to retire and deprecate RC4 as used in their TLS implementations. Microsoft recommends TLS1.2 with AES-GCM as a more secure alternative which will provide similar performance.

What you seem to be completely ignoring is the fact that both servers and clients have to support 1.2 for it to do any good. BlackBerry has mitigated in place. The only other option is to mitigate in place and upgrade. I suppose I prefer a rather more conservative approach where, until server support is wide spread, the time is invested in ensuring the upgrade and mitigation is done correctly, rather than have a gaping hole in encryption since the release date of iOS 6. But that's just me.

Yes, both need to support it, but not all servers are public or popular, so there is no point in stalling a security upgrade which could benefit businesses because only 70% of public servers supports TLS 1.2. For security conscious businesses which don't offer a public service (which requires compatibility with the maximum number of devices), the limiting factor is the devices and they depend on hardware vendors.
The next time a CBC attack is published, we'll get a rushed update made by BlackBerry and as we've seen in the past, not everybody gets them in a timely fashion (same problem on Android), so I'm not in favour of a conservative approach here.

We should keep this discussion civilised. ofutur is one of many that has brought a lot to this community, and he certainly has credibility on what he's saying. It doesn't mean he is right on the whole line, or any other person too that is. He is definitely not a troll, and is doing this for good reasons, I'm sure.

Now if somebody competent in the matter has something to add or discuss to arrive at a consensus, let's hear it. Personal attacks do not bring anything worthwhile to the table.

Thanks!
The only reason I started this post, is because I was genuinely disappointed when I found out that we couldn't connect BlackBerry 10 devices to a service without having to lower our security standards. I didn't expect that from the company which is playing the security card all the time. I'm sure they don't care much about this issue because BES is probably doing a better job protecting connections of those who tunnel everything through it.

It's actually scary how much code you come across which is using 20th century tutorial level security practices.

Agreed and that goto fail incident reminded me how I hate shorthands.

With regards to the thread title, "dated" is not a problem, it's "compromised" or similar.

As my buddy pointed out when I told him about Soft Ether, it's better to have an older tested protocol than a brand new one (in comparison to openvpn that is well reviewed and tested).

Generally, I would agree with you, "don't break it unless it's broken", "let others break their neck first", etc., but not in this case. TLS 1.0 has been compromised and patched too many times. Cryptographers have implemented new ways to hash and encrypt messages and most vendors have upgraded their stack.

[anon(2729369)]

Updated the OP with some risks, so that people might better understand what using TLS 1.0 means...

What are the risks?

• If you're the target of a government agency, well, there is not much you can do. Stronger crypto might not even help you as they'll probably target your device directly or the services that you use
• If you use your device for business and you're connecting to company services using a combination of elliptic curves and ephemeral keys, only the US government and spies who have copied their keys will be able to intercept your conversations. Apart from that, you'll know when there is a SHA1 exploit or a new attack on CBC in the wild as banks will probably be the first targets, unless your business is very valuable
• If you're a consumer, your bank, email provider, cloud, etc. will choose the strength of the connection for you and they'll probably pick the one which costs them the least in terms of resources from the list of what BlackBerry 10 has to offer. As long as it's DHE or ECDHE (click on the lock in a secure connection to find out), that's probably good enough to protect you from hackers until TLS 1.0 falls again, but won't stop the US government from collecting data

[sinkingphoenix]

Wow, people here should really take a step back and stop criticizing the OP or flat out saying he's wrong when he's absolutely right.

First off: The site is from (or at least given as a way to test your SSL-security by) the computer security department of the Leibniz University Hannover, which I think is a credible enough source to not just discard the results.

Secondly, learning cryptography takes a while, I can understand that the OP would rather link to wikipedia than to hold a lecture on the topic, but if you're really interested AND have some time, go to https://forums.crackberry.com/e?link...token=lHfBxmmR and learn stuff yourself. After the 6-week course you'll have some idea about what the OP is talking about.

And third, I agree that blackberry should take browsersecurity more serious. There's also a Flash-Vulnerabiltiy that isn't patched as of today which is known since 4th of February and which is so critical that Apple for example simply blocked Safari using Flash until the user updated to a non-inflicted version.

I like blackberry a lot as a company, but you guys should accept criticism where it is right, and not just go to (meaningless) arguments about how it got DoD-certified, or how users are the biggest security problems. Both are statements that are true, but that doesn't in any way mean that something easy to fix like using TLS1.2 instead of 1.0 should be overlooked or ignored.

[sinkingphoenix]

This is the cypher equivalent of spec chasing. The other guys have a bigger number than BlackBerry. They must have better security. Should BlackBerry update the encryption stack so the OP can sleep at night? Assuming it doesn't take engineering time from important tasks like adding new gadgets to the Facebook app, sure, go ahead.

I hope you're joking.. it isn't the equivalent of spec chasing. If you want a secure system you need to use the most recent cipher suites. There's a reason updates to these protocols and ciphers happen, and it's mostly because the old variant has been broken.

I'd rather have a secure crypto stack than an updated facebook app, and anyone who wants to use Blackberry for confidential data should be on that page too.

[Richard Buckley]

I hope you're joking.. it isn't the equivalent of spec chasing. If you want a secure system you need to use the most recent cipher suites. There's a reason updates to these protocols and ciphers happen, and it's mostly because the old variant has been broken.

I'd rather have a secure crypto stack than an updated facebook app, and anyone who wants to use Blackberry for confidential data should be on that page too.

Except that new cryptography isn't developed mostly because old variants are broken, but because weakness accumulates over time. Computing power also improves over time. It is possible to predicted a point when a brute force, either using known weakness, or against mitigated weakness, is practical. New cryptography is developed, and tested with the aim of having it available before that point.

This is what happened to DES. At introduction the 56 bit key length was enough. Over time some keys were found to be weak, and key generation was patched so those keys weren't used. DES continued in use for some time after that, then in 3DES. But today a single DES key is east to brute force, so it was replaced by AES.

Your privacy is much more likely to be compromised by a bug in a Facebook or banking application than the cryptography use by your BlackBerry as long as it is implemented properly, not the way it was on iOS 7, and still is on iOS 6 (or is there a patch out for iOS 6 now)?

Posted via CB10

[oystersourced]

These protocols are developed at a snails pace so keeping up to date shouldn't be too difficult, especially for a security-centric solutions company.

However this is not the be all and end all.

Posted via CB10

[anon(2729369)]

Your privacy is much more likely to be compromised by a bug in a Facebook or banking application than the cryptography use by your BlackBerry as long as it is implemented properly, not the way it was on iOS 7, and still is on iOS 6 (or is there a patch out for iOS 6 now)?

Indeed and banks have proven that they're not checking at all whether they're talking to their own servers or not. They just assume that the crypto stack in the OS is doing its job. It's just as bad as not doing any code review.

However this is not the be all and end all.

Agreed. It's just a weak spot in the attack surface.

[sinkingphoenix]

Except that new cryptography isn't developed mostly because old variants are broken, but because weakness accumulates over time. Computing power also improves over time. It is possible to predicted a point when a brute force, either using known weakness, or against mitigated weakness, is practical. New cryptography is developed, and tested with the aim of having it available before that point.

This is what happened to DES. At introduction the 56 bit key length was enough. Over time some keys were found to be weak, and key generation was patched so those keys weren't used. DES continued in use for some time after that, then in 3DES. But today a single DES key is east to brute force, so it was replaced by AES.

Your privacy is much more likely to be compromised by a bug in a Facebook or banking application than the cryptography use by your BlackBerry as long as it is implemented properly, not the way it was on iOS 7, and still is on iOS 6 (or is there a patch out for iOS 6 now)?

Posted via CB10

You're confusing security parameters with cryptographic ciphers in my post. If there is a new version of a cryptographic cipher available it is quite often because the old version had serious problems that would break it. Of course computational advances might at some point make our ciphers with the currently used security parameters obsolete, but only if they are broken in one way or another you actually need to change the cipher. As long as the cipher itself remains intact, you can use the same original idea and just use a longer key, for instance (i.e. AES 256 instead of 128).
DES btw was rumored to be crackable or near crackable in feasible time already shortly after it came out, the keysize was influenced by the NSA.

TLS 1.0 is considered broken, that's why newer TLS versions have been developed. So a phone vendor boasting its security should at least give you the option to use a newer version of TLS.

[f_d]

The Certicom security library used by BB10 actually has *all* the latest crypto suites, so it's not as if the *platform* itself is necessarily insecure or dated, but it's really just the *web browser* component that may not be fully up to date, so it's a fair bit inflammatory to claim that the whole "OS" is bad..

When used in an "enterprise" configuration, you get additional layers of encryption back to your enterprise network, including VPN, etc, and you design your whole enterprise network security strategy with many different layers of security controls vs. relying solely on any one component, so as an enterprise, if you felt the browser not supporting the latest modes was an issue, you could for example, rely on a secure VPN connection back to enterprise and provide a secure web proxy service corporately that supported not only stronger crypto modes, but also firewall and other network protection and content scanning services..

Security is so misunderstood that it's very easy for someone who is not a professional in this area with just a small amount of knowledge to completely overexaggerate a situation and sow lots of FUD (Fear, Uncertainty and Doubt).... Yes, there is a bit of a problem with the *WEB BROWSER* not supporting higher crypto modes, but this is far from being able to cast the entire platform and OS into doubt..

[PostMortem]

The OP is correct and there's no taking that away.

What I don't like is that he's making it seem like this single handedly makes iOS or Android more secure.

The fact of the matter is that yes, BlackBerry needs to update it, but that doesn't matter where it counts for them. Referencing BlackBerry for touting their security is irrelevant in the field that they tout it; BES.

By the way, wonder if the BES Work environment mode on BB10 has the same thing... not that it would matter anyway if it's going through BES.

Overall, I'm glad the OP brought this to light because it should and does matter and staying quiet about it wouldn't help anyone.

Posted via CB10

[Alex Keb]

Why does this matter? Most people who have sensitive data or want super privacy use vpn tunneling and BES

Posted via CB10

[PostMortem]

Why does this matter? Most people who have sensitive data or want super privacy use vpn tunneling and BES

Posted via CB10

It still matters, I just don't think it is as big of a deal as the OP seemingly made it out to be. It's a personal decision when you are only making the decision for yourself. All things being equal, of course I would choose what is more secure.

Posted via CB10

[f_d]

This is the big misconception about "security" among those who are not "in the industry".. Security these days is about dealing with risk and managing risk. We do not build "secure" systems where there is any one single cornerstone, that if weak, the whole castle comes tumbling down.. We realize these days, that not every component in a system or a network can be 100% perfect, and this can be due to many factors; in some cases you can't do anything about a weakness, in some cases you may be able to address it, but may choose not to for various reasons, and in such cases if you can mitigate each of these deficiencies using other methods, components or procedures, we can still build a "secure" system even though there may be a lot of individual components that may have deficiences..

In this case, BlackBerry has patched their implementation to address currently known vulnerabilities, and even if they did update their web browser, which I'm sure is in their plans, the truth of the matter is that besides the major organizations like Google and Microsoft, there are still millions of web sites out on the internet that are still only TLS 1.0 compliant, and you'd still have a vulnerability if you connected to them, and it WOULD NOT BE A BLACKBERRY PROBLEM...

Every year for the last few years, I have tried using the about::config settings in Firefox to disable the weak protocols like SSL 3.0 and TLS 1.0 and weaker crypto suites like MD5, RC4, DES, 3DES, RSA1024, etc in favor of the stronger suites, and as of last year, yes, I can now connect to Google with TLS 1.1/1.2 and AES_GCM, but there are still loads of sites that will fail if support for weaker suites and protocols are disabled.. If the rest of the internet has updated and BlackBerry is the lone holdout, then yes, I too would point the finger, but until that time, this is really not that big a concern..

[anon(2729369)]

The Certicom security library used by BB10 actually has *all* the latest crypto suites, so it's not as if the *platform* itself is necessarily insecure or dated, but it's really just the *web browser* component that may not be fully up to date, so it's a fair bit inflammatory to claim that the whole "OS" is bad.

If you were referring to the OP, I only mentioned the Internet Security Protocols, not the whole platform...,but yes, the title could do with an extra "Internet" word.
It's not just the browser which is affected but all the apps that get installed on the personal side. Work apps can be protected via BES 10.

When used in an "enterprise" configuration, you get additional layers of encryption back to your enterprise network, including VPN, etc, and you design your whole enterprise network security strategy with many different layers of security controls vs. relying solely on any one component, so as an enterprise, if you felt the browser not supporting the latest modes was an issue, you could for example, rely on a secure VPN connection back to enterprise and provide a secure web proxy service corporately that supported not only stronger crypto modes, but also firewall and other network protection and content scanning services..

Agreed, except that BlackBerry is quite restrictive in its support of VPN technologies. It hasn't evolved in years. Also, not everyone wants to have to manage an extra VPN+proxy stack unless they really have to, especially smaller structures.

What I don't like is that he's making it seem like this single handedly makes iOS or Android more secure.

I don't think I am. I specifically talk about secure connections to websites and services and mention that Google and Apple do a better job by supporting the latest standards.

The fact of the matter is that yes, BlackBerry needs to update it, but that doesn't matter where it counts for them. Referencing BlackBerry for touting their security is irrelevant in the field that they tout it; BES.

By the way, wonder if the BES Work environment mode on BB10 has the same thing... not that it would matter anyway if it's going through BES.

And that's my biggest problem with BlackBerry. There is a big gap between their secure BES environment and what they offer as standard. Most of the benefits for consumers and small businesses are inherited from the requirements needed to get certified and for everything that's missing, you need BES. Want ONE email account encrypted? Use BES, etc. The competition doesn't get the foundation right, but is better at what comes on top of that.

And the work environment has the same protocols, so people who feel they need stronger encryption need to route everything through BES or a VPN.

Why does this matter? Most people who have sensitive data or want super privacy use vpn tunneling and BES

Why should privacy or better security for e-banking be a luxury?

In this case, BlackBerry has patched their implementation to address currently known vulnerabilities, and even if they did update their web browser, which I'm sure is in their plans, the truth of the matter is that besides the major organizations like Google and Microsoft, there are still millions of web sites out on the internet that are still only TLS 1.0 compliant, and you'd still have a vulnerability if you connected to them, and it WOULD NOT BE A BLACKBERRY PROBLEM...

Agreed, but like you said, the major organisations have upgraded and offer safer Perfect Forward Secrecy. On a Z10 you get a RC4 connection to Google...
Like I mentioned in a previous post, we wanted to set something simple up and didn't expect 10.2.1 to still be on TLS 1.0. Felt unlike BlackBerry.

Every year for the last few years, I have tried using the about::config settings in Firefox to disable the weak protocols like SSL 3.0 and TLS 1.0 and weaker crypto suites like MD5, RC4, DES, 3DES, RSA1024, etc in favor of the stronger suites, and as of last year, yes, I can now connect to Google with TLS 1.1/1.2 and AES_GCM, but there are still loads of sites that will fail if support for weaker suites and protocols are disabled.. If the rest of the internet has updated and BlackBerry is the lone holdout, then yes, I too would point the finger, but until that time, this is really not that big a concern..

Yep, and the bigger offenders in my tests were email clients, but the movement has accelerated. Consumers are poorly equipped to detect weak connections and if they don't know about it, it doesn't put any pressure on service providers.

[crjohnston]

why do people site wikipedia as fact. It's a great starting point for research or basic info. That's it.

It's logic is if the majority of people think it's true then it must be. Under that logic the world would be flat lol.

And it's been done where the truth was changed to a lie on wiki.

Posted via CB10