[Papaguan]

DES btw was rumored to be crackable or near crackable in feasible time already shortly after it came out, the keysize was influenced by the NSA.

I still wonder about DES and its parity bits in the key. It has yet to be proven of a NSA backdoor still, right? Though after Snowden, I'm sure people probably assume there is a backdoor, lol.

[bberryfan16]

A beast attack hmm. It's the book of revelations repent I tell you repent!
Enough you said your peace. But seriously keep that secure stuff of your phone and you will be OK. Peace all

Posted via CB10

[IanWood62]

This has been an interesting thread to read. As one that deals with crypto on a fairly regular basis (no I don't have a PhD in mathematics, and I do not profess to have an intimate knowledge of cryptographic algorithms) I thought I would chime in on this.

Yes TLS 1.0 and 1.1 do have published exploits, and the move is on to get to TLS 1.2. However, one of the items that is probably slowing everyone to supporting it us that while TLS 1.0 and 1.1 have a clearly defined process for falling back to a prior level of tls/ssl, tls 1.2 does not,thus making implementation a challenge.

The different ciphers that are used are independent of the ssl variant used (keep in mind that tls 1.0 can also be thought of as ssl v4). SSL/TLS define a protocol that is used in negotiation of the encryption to be used in the session. Part of this negotiation is the decision on what cryptographic cipher will be used. Both the server and the client have a list of ciphers they support, and a sequence in which they support it. When the client connects, it asks the server for it's list of supported ciphers. It the goes.down the list, and the first one that matches is the one that gets used. This is a simplistic description of all that goes on, but it is the way it happens.

Thus, the actual security of an https session, is dependent on the settings of both server and client. Is the owner of.the website chooses to support this ciphers that have been clearly identified has having deficiencies, then the potential exists for the encryption to be weak, as once the cipher is chosen, all subsequent traffic.is done via a symmetric encryption key that was randomly generated during the ssl/tls negotiation.

My knowledge comes from dealing with secure file transmission in my work, and my digging to understand what's going on during the negotiation process. Yes Wikipedia can be used as a tool for resource, but is only as good as the information put into it.


Posted from an alternate universe via my Tardis enabled Z10!

[Bla1ze]

I just saved this to my SD Card. Am I safe now?

[Bla1ze]

Attachment 250831

TL;DR
BlackBerry's choice of Internet Security Protocols to secure Internet connections made from a BlackBerry 10 device is not the greatest and the competition is doing much better. BlackBerry 10 is using TLS 1.0, the competition TLS 1.2.

I'll let you decide if TLS 1.0 is safe enough to protect your connection to sites and services you use. Cryptographers, the US National Institute of Standards and Technology (NIST), Microsoft all say it isn't.

Just curious, does this span across the BES browser as well or is this just off the shelf BB browsers?

[anon(2729369)]

Just curious, does this span across the BES browser as well or is this just off the shelf BB browsers?

The document from BlackBerry I listed in the OP says so:
About BlackBerry Device Service solution security

Both the browser and apps, on both sides of Balance use TLS 1.0 at best.

The underlying libraries support more algorithms than what's available through the TLS bundle and VPNs can use stronger encryption.

[anon(2729369)]

However, one of the items that is probably slowing everyone to supporting it us that while TLS 1.0 and 1.1 have a clearly defined process for falling back to a prior level of tls/ssl, tls 1.2 does not,thus making implementation a challenge.

And these fallback mechanisms are dangerous as they can trick the browser into using SSLv3, bypassing security mechanisms put in place in TLS 1.x, but you are correct, if the sysadmin has not properly configured his servers, those won't recognise the newer version of the protocol even if there could be a ciphers suite match.

Yes, BlackBerry should address the use of older crypto code. While I doubt doing so would have any real effect on security, they are facing more and more competition in the security space. They shouldn't give competitors that kind of ammunition. I see it as a business problem, not a security problem.

I'm sure they have experts monitoring the dark net and will probably release a new OS very quickly with a fix if there is ever a new attack on CBC, because downgrading a connection to using RC4 is not a solution any more, despite it being the only cipher compatible with XP, which just won't die. The problem is that it can take months for updates to reach customers and BlackBerry's image could suffer.

[KermEd]

Thought this was an interesting read,

Posted via CB from my LE

[stabstabdie]

I just saved this to my SD Card. Am I safe now?

No, you need to save it to your device.

[Sith_Apprentice]

The document from BlackBerry I listed in the OP says so:
About BlackBerry Device Service solution security

Both the browser and apps, on both sides of Balance use TLS 1.0 at best.

The underlying libraries support more algorithms than what's available through the TLS bundle and VPNs can use stronger encryption.

All work data is protected between device and BES. Anything past that unfortunately is not protected by BES.

http://docs.blackberry.com/en/admin/...verview_en.pdf Take a look there.

[anon(2729369)]

All work data is protected between device and BES. Anything past that unfortunately is not protected by BES.

http://docs.blackberry.com/en/admin/...verview_en.pdf Take a look there.

That's one document I wanted to take a look at . It's pretty detailed, which is great.

What I got from it:

• It's more dangerous to connect to apps from work than it is from outside of work, since an attacker on the same network only needs to break TLS to have access to data from the target.
• When outside of work, it doesn't matter if the TLS tunnel is broken, since the inner tunnel is still safely encrypted using BlackBerry's encryption layer.
• Link supports TLS 1.1, not that it changes much in terms of strength of encryption
• It's still not clear to me if any proxy can be used to route TLS traffic or if businesses have to use the MDS, which only supports TLS 1.1 according to that document.
• Backups, data at rest, app verifications all use strong encryption, so it's strange to still have TLS 1.0 on devices.

[Paintman321]

No look what we've done:

BB10's 'dated' crypto lets snoops squeeze the juice from your BlackBerry – researcher • The Register

I thought we are protected from the BEAST!

[ArmedHitman]

No look what we've done:

BB10's 'dated' crypto lets snoops squeeze the juice from your BlackBerry �€“ researcher �€� The Register

I thought we are protected from the BEAST!

Someone from 'The Register' actually reads our forums :|

[BCITMike]

Someone from 'The Register' actually reads our forums :|

I hate journalists on the Internet. Such poor jobs. The quality of reporting has gone down big time in last 20 years.

Didn't quote the researcher, didn�t list the researcher, and specifically alluded to beast attack despite the thread disproving that.

[Naeg1995]

No look what we've done:

BB10's 'dated' crypto lets snoops squeeze the juice from your BlackBerry – researcher • The Register

WTF come on.......

From My Sexy Blackberry Z10

[clickitykeys]

Just want to thank ofutur and IanWood62 for their insightful posts. I learnt something from your posts. This is what makes Crackberry a good forum!

[Sith_Apprentice]

That's one document I wanted to take a look at . It's pretty detailed, which is great.

What I got from it:

• It's more dangerous to connect to apps from work than it is from outside of work, since an attacker on the same network only needs to break TLS to have access to data from the target.
• When outside of work, it doesn't matter if the TLS tunnel is broken, since the inner tunnel is still safely encrypted using BlackBerry's encryption layer.
• Link supports TLS 1.1, not that it changes much in terms of strength of encryption
• It's still not clear to me if any proxy can be used to route TLS traffic or if businesses have to use the MDS, which only supports TLS 1.1 according to that document.
• Backups, data at rest, app verifications all use strong encryption, so it's strange to still have TLS 1.0 on devices.

You have to break the TLS1.0, AND AES256 to get the encrypted data ALL BES data in transit is encrypted. Now, if you break the TLS you can intercept traffic between BES and app server absolutely. So both right and wrong in your statement. It isn't any less secure, but the TLS connection is still TLS1.0. You would have to get a malicious app into the workspace (can only be a bb10 app and HAS to be whitelisted from BES) but it is possible.

Posted via CB10

[anon(2729369)]

You have to break the TLS1.0, AND AES256 to get the encrypted data ALL BES data in transit is encrypted. Now, if you break the TLS you can intercept traffic between BES and app server absolutely. So both right and wrong in your statement. It isn't any less secure, but the TLS connection is still TLS1.0. You would have to get a malicious app into the workspace (can only be a bb10 app and HAS to be whitelisted from BES) but it is possible.

Posted via CB10

I was referring to this diagram. When you're connected to work wifi, there is no AES256 encryption. You simply need to be on the same network and break TLS 1.0 to have access to the data.

For example, in a work Wi-Fi connection, the data that a device and the BlackBerry Device Service send between each other is encrypted using SSL encryption. The data that the device and work wireless access point send to each other uses Wi-Fi encryption (unless the work wireless access point is an open network). Because the device uses tunneling, the data that the device sends to the BlackBerry Device Service is encrypted first by SSL encryption and then by Wi-Fi encryption as it travels between the device and the wireless access point

In my experience, corporations prefer the other 2, more secure options, but smaller structure may go for that one.


Regarding ElReg's article, I'm glad that people have contacted the journalist so that he could update his article to make it more accurate. I wished he had tried to discuss a few scenarios where this could be a problem.
On the same website, you can see that proper implementation of security components also matters (as mentioned by people in this thread) as Apple's pseudo-random number generator has just been discovered to be weak and predictable.

“An unprivileged attacker, even when confined by the most restrictive sandbox, can recover arbitrary outputs from the generator and consequently bypass all the exploit mitigations that rely on the early random PRNG,” Mandt concludes.

[KemKev]

Very interesting thread and thanks to the knowledgeable folks who have contributed and continue to contribute to our understanding of the issues. My question is: has anyone told BlackBerry?

[anon(2729369)]

Very interesting thread and thanks to the knowledgeable folks who have contributed and continue to contribute to our understanding of the issues. My question is: has anyone told BlackBerry?

BlackBerry knows about it and is probably working on the implementation of TLS 1.2 as we speak. The revelation of the 2nd half of 2013 just got a few companies to accelerate the implementation of stronger protection mechanisms, but BlackBerry had bigger issues to deal with and is taking a conservative approach: There is no known exploit in the wild, so there is no rush, just be prepared. Microsoft is doing the same thing with their migration to SHA-2. The only problem is that you can be sure that many people are working on how to crack those older suites as the rewards can be big, so it may take some time for reports of successful attacks to surface.

[anon(2729369)]

I found this article from the Google Online Security Blog to be informative

Summary


While we recommend the world move to support TLS 1.2, AES-GCM and ChaCha20-Poly1305 (as Chrome and Google are doing) we have to deal with a large fraction of the Internet that moves more slowly than we would like. While RC4 is fundamentally flawed and must be replaced, the attacks against it are very costly. The attacks against CBC mode, however, are much more practical and only one can be conclusively addressed on the client side. It is not clear which is best when nothing better is available.


TLS 1.2 is needed in order to use AES-GCM and ChaCha20-Poly1305. TLS 1.2 deployment is hampered by older servers that fail to process valid TLS messages and thus break version negotiation. It also remains to be seen whether firewalls and other network intermediaries are erroneously processing TLS connections that pass through them, breaking TLS 1.2. Chrome 32 includes an experiment that tests for this issue. If TLS 1.2 is found to be viable on the modern Internet, remedial measures can be taken to repair the TLS version negotiation without breaking the previously mentioned, flawed TLS servers.

[anon(2729369)]

A huge vulnerability in OpenSSL, one of the crypto libraries used by BlackBerry, has been revealed on Monday.
Let's see how long it takes BlackBerry to patch BlackBerry 10...
A rogue server can compromise any connected client which uses the library.

Attacks don't leave a trace and thus, if BlackBerry takes security seriously, they should also revoke all their server certificates and replace them with new ones...

What leaks in practice?

We have tested some of our own services from attacker's perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.

Does OpenSSL's FIPS mode mitigate this?

No, OpenSSL Federal Information Processing Standard (FIPS) mode has no effect on the vulnerable heartbeat functionality.

EDIT:
Btw, anybody can steal all admins and mods passwords on here right now...


EDIT 2:
Example of leaked passwords as seen by anybody who can do a search on the Internet for tools to get servers to send passwords, courtesy of Yahoo!


EDIT 3:
List of vulnerable sites
https://github.com/musalbas/heartble...er/top1000.txt

EDIT 4:
BlackBerry is on the case and upgrading servers as I write this

EDIT 5: Crackberry has been patched!

[higherdestiny]

Oooh snap.

Heartbleed Bug

The vulnerable versions have been out there for over two years now and they have been rapidly adopted by modern operating systems. A major contributing factor has been that TLS versions 1.1 and 1.2 came available with the first vulnerable OpenSSL version (1.0.1) and security community has been pushing the TLS 1.2 due to earlier attacks against TLS (such as the BEAST).

TLS 1.0 does NOT contain the vulnerable version of OpenSSL and therefore BlackBerry 10 is not affected by the heartbleed vulnerability.

Seems there's some intelligence in BlackBerry staying with TLS 1.0.

Not only is it immune to the BEAST attack, it's also now immune to the Heartbleed vulnerability.

Go BlackBerry!

[sinkingphoenix]

Oooh snap.

Heartbleed Bug



TLS 1.0 does NOT contain the vulnerable version of OpenSSL and therefore BlackBerry 10 is not affected by the heartbleed vulnerability.

Seems there's some intelligence in BlackBerry staying with TLS 1.0.

Not only is it immune to the BEAST attack, it's also now immune to the Heartbleed vulnerability.

Go BlackBerry!

No, this is a vulnerability on the Server site, not on the user site. There's nothing good with not supporting the latest crypto, TLS1.0 is broken.

Posted via CB10

[anon(2729369)]

TLS 1.0 does NOT contain the vulnerable version of OpenSSL and therefore BlackBerry 10 is not affected by the heartbleed vulnerability.

Seems there's some intelligence in BlackBerry staying with TLS 1.0.

Not only is it immune to the BEAST attack, it's also now immune to the Heartbleed vulnerability.

Go BlackBerry!

Unfortunately, you got it all wrong
BlackBerry 10 uses OpenSSL 1.0.1e and is vulnerable...