The "secure" BB10 OS is not great at establishing secure connections because it uses dated protocols
-
Could you post a screenshot of the 10.3 blocking the test site?05-19-14 06:19 AMLike 0 -
-
I just have checked randomly a few more (AirVPN, Coccon, Okayfreedom, NordVPN, WorldVPN, YourFreedom)...and ups, indeed no BlackBerry support.
I've read somewhere that 10.3 will support OpenVPN.
Hope the university admins are aware of this one:
https://community.openvpn.net/openvpn/wiki/heartbleed05-19-14 06:42 AMLike 0 - southlander likes this.05-19-14 06:52 AMLike 1
- Would be cool if you could find the source of that rumour
If you get tired of waiting for native OpenVPN support you can follow the instructions in this thread to set up an IPSEC server on Amason EC2, then add OpenVPN tunnelling to the server of your choice. I can now tunnel from my BB10 devices, via IPSEC then OpenVPN to home.05-19-14 07:09 AMLike 0 -
-
And for some people, there is the problem of where the company is located. Witopia is US based.05-19-14 08:26 AMLike 0 - And out of these 3-4, you should check which of their servers support connections from BlackBerry. Witopia seems OK, but PureVPN would not be a good option.
And for some people, there is the problem of where the company is located. Witopia is US based.
Purevpn supports Blackberry (over IKEv2) with servers in the USA, Canada and Romania.
If you comment is aiming at the problem with the 5-Eyes (NSA, CSEC...), Witopia is a no-no, because of this problem:
U.S. VPN provider shuts consumer service in response to Lavabit case | PCWorld
But to be honest, I chose Purevpn over Witopia for other reasons (service packages, prices, etc etc....)
My first concerns are criminals and insecure hotspots, while Purevpn appears to be neither criminal nor insecure.
Actually, Playbook and Q5 are running smoothly over Purevpn and instead of dozens of localsysAdmins, I have to keep an eye only on Purevpn.
If one really wants to hide information from agencies, you have to run your own servers (BES, VPN) and vote for other politicians.
Or even better: Don't use smartphones. Really.
Did some very, very unobstrusive tiny ping probes yesterday to check the (server side) firewall for my assigned IP (it's filtered).
And while connected to Purevpn, I can still see the green lock on sites like this https://www.grc.com/fingerprints.htm
Tried to find some stuff about hacking "IKEv2" "EAP-MS CHAPv2", but didn't find anything significant.Last edited by Superdupont 2_0; 05-19-14 at 10:47 AM. Reason: Corrected server location of Purevpn
anon(2729369) likes this.05-19-14 09:19 AMLike 1 - Great thread. I've been a fan of Steve Gibson since I first dialed up to the internet on a Windows 3.1 machine.
Running 10.2.1, the Evolution Browser passes the test and blocks the revoked page. But the built-in BlackBerry browser fails and gets the red warning on that page.
Evolution screenshot: Attachment 271934
Ups, Firefox on Android 4.2.2 does indeed pass the test on https://revoked.grc.com/05-19-14 09:28 AMLike 0 - It's funny that you say that, because I chose Purevpn.
Purevpn supports Blackberry (over IKEv2) with servers in the USA, UK and Canada.
If you comment is aiming at the problem with the 5-Eyes (NSA, GCHQ, CSEC...), Witopia is a no-no, because of this problem:
U.S. VPN provider shuts consumer service in response to Lavabit case | PCWorld
But to be honest, I chose Purevpn over Witopia for other reasons (service packages, prices, etc etc....)
My first concerns are criminals and insecure hotspots, while Purevpn appears to be neither criminal nor insecure.
Actually, Playbook and Q5 are running smoothly over Purevpn and instead of dozens of localsysAdmins, I have to keep an eye only on Purevpn.
If one really wants to hide information from agencies, you have to run your own servers (BES, VPN) and vote for other politicians.
Or even better: Don't use smartphones. Really.
Did some very, very unobstrusive tiny ping probes yesterday to check the (server side) firewall for my assigned IP (it's filtered).
And while connected to Purevpn, I can still see the green lock on sites like this https://www.grc.com/fingerprints.htm
Tried to find some stuff about hacking "IKEv2" "EAP-MS CHAPv2", but didn't find anything significant.Superdupont 2_0 likes this.05-19-14 09:44 AMLike 1 - Great thread. I've been a fan of Steve Gibson since I first dialed up to the internet on a Windows 3.1 machine.
Running 10.2.1, the Evolution Browser passes the test and blocks the revoked page. But the built-in BlackBerry browser fails and gets the red warning on that page.
Evolution screenshot: Attachment 271934
I have problems to view your screenshot.
Actually, when I visit https://revoked.grc.com/ with Evolution Browser (OS 10.2.1) it doesn't pass the test.
05-19-14 10:42 AMLike 0 -
The third server location is Romania!
Will correct my post on this.05-19-14 10:45 AMLike 0 - That's strange - I can't see the screenshot in your original post either, but it shows up in the quote now; silly CB10. *sigh*
I wonder if the settings in the Evolution browser affect how it reacts to that page.
Yeah, his website could become my new startpage!
I have problems to view your screenshot.
Actually, when I visit https://revoked.grc.com/ with Evolution Browser (OS 10.2.1) it doesn't pass the test.
05-19-14 01:05 PMLike 0 - use the ssh to company server, forward ports what you need (tunnels) to localhost from remote network, and enjoy da secure whatever ;-)05-19-14 03:17 PMLike 0
- Same here, Omni. I have all of those enabled, except "Lightning Browsing" because frankly, I don't know what it is, lol.
The rest of the settings are cosmetic only, as far as I can tell.
Posted with my Q10, SQN100-2, 10.2.1.2947/2274 Radio05-19-14 06:12 PMLike 0 - That's about what I was guessing, too. I think I'll leave it off. I prefer to see the results of actual code on a web page, esp. if testing my own code.
Posted with my Q10, SQN100-2, 10.2.1.2947/2274 Radio05-20-14 12:26 PMLike 0 -
Never gets old: What's your score on https://panopticlick.eff.org/ with Tor on 10.3?
My Q5 (10.2.) native browser's fingerprint is unique among the 4,152,566 tested so far!
Get the same result with Evolution Browser (js and cookies disabled).05-25-14 01:08 PMLike 0 - Never gets old: What's your score on https://panopticlick.eff.org/ with Tor on 10.3?
My Q5 (10.2.) native browser's fingerprint is unique among the 4,152,566 tested so far!
Get the same result with Evolution Browser (js and cookies disabled).
"Snap" is the best stop-gap solution for Android apps while we wait for BlackBerry to get its act together...05-25-14 05:25 PMLike 0 -
One thing that is scary is that it has a Java plug in. When you try to load that on Chrome/Win7 it does say that the certificate is invalid, but under more information the reason is that the Root CA is not trusted.
This is one of the beg problems with the current system, who decides which CAs should be trusted?
Posted via CB1005-25-14 06:26 PMLike 0 - The certificate is not invalid. it is signed by StartCom Ltd, but their CA certificate is not in the BB10 trusted list. Firefox and Chrome on Windows 7 accept it.
One thing that is scary is that it has a Java plug in. When you try to load that on Chrome/Win7 it does say that the certificate is invalid, but under more information the reason is that the Root CA is not trusted.
This is one of the beg problems with the current system, who decides which CAs should be trusted?
Posted via CB10
Option 1: One starts with the man in the mirror and untrusts certificates in the settings.
Option 2: Approach the industry with suggestions, e.g. these people here https://cabforum.org/ca-practices/
By the way, in the BB 10 browser one can click "site Info" > "More Info" > "Learn more"�where icons are explained. It seems that BlackBerry is not totally unaware of the problem.
However, when I visit https://test-sspev.verisign.com:2443...-verisign.html I get that green lock in my browser???
Uhm, they are still working on 10.3, so �no pressure.
I will probably move to Firefox on 10.3, although I speculate this move won't be necessarily the best solution, when I compare the number of CVE records �Firefox alone� vs. �BlackBerry Ecosystem�.05-27-14 09:57 AMLike 0 - May I suggest...
Option 1: One starts with the man in the mirror and untrusts certificates in the settings.
Option 2: Approach the industry with suggestions, e.g. these people here https://cabforum.org/ca-practices/
By the way, in the BB 10 browser one can click "site Info" > "More Info" > "Learn more"…where icons are explained. It seems that BlackBerry is not totally unaware of the problem.
However, when I visit https://test-sspev.verisign.com:2443...-verisign.html I get that green lock in my browser???
Uhm, they are still working on 10.3, so …no pressure.
I will probably move to Firefox on 10.3, although I speculate this move won't be necessarily the best solution, when I compare the number of CVE records “Firefox alone” vs. “BlackBerry Ecosystem”.
Revocation checking by mobile browsers is not widespread, primarily it seems because the certificate revocation lists are very large. There are tens of thousands of certificates revoked on a daily basis. What we really need is OCSP Stapling. For now Firefox really is the leading browser in the mobile space for this issue.Last edited by Richard Buckley; 05-27-14 at 10:48 AM. Reason: s
05-27-14 10:47 AMLike 0 - While bbm is using only TLS1.0, it�s actually not as bad as I thought.
Interesting read here: https://os3.nl/_media/2013-2014/cour...bbm_report.pdf
One of the reasons their MITM attack failed was "(Un)fortunately, the client forces the use of TLS 1.0, which makes downgrading of the cipher suite impossible by including a hash over the handshake and key-material".
Which seems to be in good match with the whitepaper from BlackBerry.
For non-bes users who desperately want end-to-end encryption for bbm there is an app (that I have not tested yet): PGpgp - BlackBerry World06-02-14 05:03 AMLike 0
- Forum
- BlackBerry 10 Phones & OS
- BlackBerry 10 OS
The "secure" BB10 OS is not great at establishing secure connections because it uses dated protocols
« It's probably already too late to worry about FREAK vulnerability
|
Update for BlackBerry 10 devices »
Similar Threads
-
Not Taking a Step Back
By JAS0NB0URNE in forum BlackBerry ClassicReplies: 11Last Post: 02-28-14, 02:05 PM -
BlackBerry ahead of Android 2 years back , hope we had the same thing now.
By rave1090 in forum General BlackBerry News, Discussion & RumorsReplies: 4Last Post: 02-25-14, 11:43 AM -
It's business as usual with app development on the BlackBerry Q20
By CrackBerry News in forum CrackBerry.com News Discussion & ContestsReplies: 1Last Post: 02-25-14, 11:12 AM
LINK TO POST COPIED TO CLIPBOARD