This needs to stop; Apple more secure than BB; C'Mon Man!
- As I understand it, the EFF argument is based on the premise that true security is based on good code, and that understanding the code will not permit you to crack the encryption it produces. In fact, open source code and open audits will improve the chance that mistakes -- if they're made -- are rectified. That's what happened with OpenSSL.spikesolie and PatrickMJS like this.11-12-14 07:13 AMLike 2
- It has to do with politics and regulations (which are mostly *** covering), period.
Security in phones means several things: data encryption strength (when your phone is stolen), unlocking security and external networking security.
A phone is very much prone to Bluetooth, WiFi & NFC vulnerabilities, especially Blackberry (which I had done a quite significant research on, although on older versions, but the infrastructure usually won't change).
In terms of sheer exploits, Blackberry is basically more vulnerable than iPhones, because iOS has a built in virtual memory, virtual kernel & virtual disk access which is very successful keeping hackers off the kernel-mode (which is the highest permission, will allow hackers to install rootkits etc on your phone).
Just know that your phone is definitely not secure.
In terms of data encryption, the problem is not the encryption (which is sufficient), it's the mechanism that decrypt that data on daily use, which any hacker can get to in seconds (RAM cloning, reversing the mechanism etc).
In terms of exploits and vulnerabilities, they exists nowadays for each and every phone, although iOS are the hardest to find.
If security is a real issue for you (bigger issue than just losing your credit card number etc.), then use an unpopular brand with an unpopular OS, because hackers are buying exploits and are creating exploits only for popular OSes. No hacker will spend weeks trying to reverse engineer an unknown OS with few users. Also, do not, by any means, store your data on the "cloud", an external data hosting which future intrusion is inevitable.
If the Israeli intelligence "Unit 8200" got to the Iranian nuclear facilities which are not connected to the internet, trust me, your BB isn't really secure.11-12-14 07:21 AMLike 0 - I think it is really easy to dismiss this threat with just "lulz, who would side load a app anyways?"
People tend to forget that this is a mobile forum where people have great knowledge of do's and dont's! I work for a Big4 company and we have internal apps we use and we also have a lot of - let us just say not so tech oriented people! Go figure!
In my opinion you have to be a lot more stupid to believe that a Nigerian Prince will give you half of his wealth if you just transfer 2000 USD to his account and those stories pop up regularly.11-12-14 07:52 AMLike 0 - And no password in the world will help you if you have an unlimited amounts of tries to guess it - then it is just a question of processing power!11-12-14 07:55 AMLike 3
-
But you're also right, don't use 'password' for your password.
Posted via CB1011-12-14 08:18 AMLike 0 - Superfly_FRRetired ModeratorJust wondering how a SMS/Text-failover messaging app can raise any point in the security area ... did I miss something obvious (can be) ?11-12-14 08:24 AMLike 0
- That only works if the good guys find the bugs. If the bad guys find the bugs in open source, do you think that they will release information about it? Not on your life. As for OpenSSL, it was rumored that NSA found the bug two years before the bug was released to the public. Open Source only works if every open source app is checked by good people and the problem is fixed and released. Doesn't always happen that way.
None of the options are great though, are they?
Posted via CB1011-12-14 04:08 PMLike 0 - And the most important thing: Heartbleed was eventually discovered because of it. I don’t like how people are discrediting open source now because of Heartbleed, when it equally prevented many flaws in other software overall.11-12-14 05:30 PMLike 0
- It is harder to find exploits in software that you don't have access to. You have to do a lot more work to try and find the exploits. With open source you have to HOPE that good people are actually looking at ALL the open source code to find problems. You KNOW that bad people are looking.11-12-14 09:02 PMLike 0
- Unless the rumors are true that the NSA knew for two years of the heartbleed bug and didn't tell anyone.11-12-14 09:03 PMLike 0
- Do you think Business people would like to place their BB PP on a table at a huge meeting between companies and hear a snicker from the other company reps because they think their devices are better for business and security? Trust me, business cares about perception and not just if their contacts have read an article on a BB news site. The other people may only know about that security win by apple because their teenager is a techie and was reading about it and then told their father at dinner. Now the father trusts his kid on tech and thinks it is gospel.
It would be quite easy and cheap to hire another PR person to illuminate the internet with BBs true security policies and accolades when articles like this come out.
Not everyone does their homework. I didn't and I should have looking back. The chart was even childish looking and I am ashamed that I thought it could have been at all valid.
Go ahead walk into a meeting and bring out your phone, just be careful of who you are meeting.
Posted via CB1011-12-14 09:48 PMLike 0 - Do you think Business people would like to place their BB PP on a table at a huge meeting between companies and hear a snicker from the other company reps because they think their devices are better for business and security? Trust me, business cares about perception.......
- Big 4 Accountancy firms - all the partners I've met use BlackBerrys (and I know KPMG mandates a BlackBerry-10-only rule for all corporate phones)
- Magic Circle Law Firms - never seen anything other than a BlackBerry as the corporate phone for email/data (many law firms also supply another basic non-BlackBerry handset for making voice calls)
- Other international law firms - have never seen anything except a BlackBerry (except as a non-corporate personal phone)
- International Consultancy firms - most (though not all) mandate BlackBerry as the corporate phone (some only mandate BlackBerry for more senior personnel - eg Partners)
- Investment Banking - again, pre-dominantly BlackBerry (especially for senior staff)
So perception wise - wearing a suit and having a BlackBerry, in the City of London / Wall Street, generally indicates that you have a really good career.....11-13-14 07:12 AMLike 3 - I recall reading about government players dumbing down standards to make them easier to open up.
Written Sept 2013
A Few Thoughts on Cryptographic Engineering: On the NSA
Just a clip from it:
If you haven't read the ProPublica/NYT or Guardian stories, you probably should. The TL;DR is that the NSA has been doing some very bad things. At a combined cost of $250 million per year, they include:
Tampering with national standards (NIST is specifically mentioned) to promote weak, or otherwise vulnerable cryptography.
Influencing standards committees to weaken protocols.
Working with hardware and software vendors to weaken encryption and random number generators.
Attacking the encryption used by 'the next generation of 4G phones'.
Obtaining cleartext access to 'a major internet peer-to-peer voice and text communications system' (Skype?)
Identifying and cracking vulnerable keys.
Establishing a Human Intelligence division to infiltrate the global telecommunications industry.
And worst of all (to me): somehow decrypting SSL connections.11-13-14 08:30 AMLike 0 -
- It is harder to find exploits in software that you don't have access to. You have to do a lot more work to try and find the exploits. With open source you have to HOPE that good people are actually looking at ALL the open source code to find problems. You KNOW that bad people are looking.
Posted via CB1011-18-14 02:21 PMLike 0 -
BlackBerry doesn't currently do either of these (device encryption is an opt-in process, BBM is not end-to-end encrypted without BBM Protected), nor do they release a transparency report detailing any legal pressure that they might be under. You can definitely argue that certain parts of the OS are more secure that the competition, but BlackBerry has room for improvement in regards to consumer security. I submitted an idea on the I Can Make It Better suggestion for BlackBerry with the hope that they do take the time to improve. You can vote/comment on it here: https://blackberry.icanmakeitbetter....sumer-securityanon62607 and anon(8063781) like this.11-18-14 02:51 PMLike 2
- Forum
- BlackBerry 10 Phones & OS
- BlackBerry Passport
This needs to stop; Apple more secure than BB; C'Mon Man!
Similar Threads
-
Can anyone help me get the Whatsapp 2.11.840 bar file?
By hani baessa in forum Ask a QuestionReplies: 4Last Post: 12-10-14, 05:31 PM -
urgent need help about OS how to stop downloading OS
By Thunderstrom in forum BlackBerry 10 OSReplies: 16Last Post: 11-11-14, 08:37 PM -
How to Block contacts - calls
By mjcharata in forum BlackBerry PassportReplies: 4Last Post: 11-11-14, 10:34 AM -
is there any way to set permission of application forcely
By Thunderstrom in forum BlackBerry Z10Replies: 7Last Post: 11-10-14, 02:10 PM -
Passport screen colour reproduction compared to Z30
By barryb20 in forum BlackBerry PassportReplies: 2Last Post: 11-10-14, 01:41 PM
LINK TO POST COPIED TO CLIPBOARD