[tchocky77]

That's like telling your opponent in a football game what play you're going to run. You'll lose every time.

No. It's really nothing like football. In any way. At all.

[Telanch]

Well, the bashing will go on. But that doesn't mean we stop using BB! For me it works simply excellent!

[Bluenoser63]

As I understand it, the EFF argument is based on the premise that true security is based on good code, and that understanding the code will not permit you to crack the encryption it produces. In fact, open source code and open audits will improve the chance that mistakes -- if they're made -- are rectified. That's what happened with OpenSSL.

That only works if the good guys find the bugs. If the bad guys find the bugs in open source, do you think that they will release information about it? Not on your life. As for OpenSSL, it was rumored that NSA found the bug two years before the bug was released to the public. Open Source only works if every open source app is checked by good people and the problem is fixed and released. Doesn't always happen that way.

[Bluenoser63]

It has to do with politics and regulations (which are mostly *** covering), period.
Security in phones means several things: data encryption strength (when your phone is stolen), unlocking security and external networking security.
A phone is very much prone to Bluetooth, WiFi & NFC vulnerabilities, especially Blackberry (which I had done a quite significant research on, although on older versions, but the infrastructure usually won't change).
In terms of sheer exploits, Blackberry is basically more vulnerable than iPhones, because iOS has a built in virtual memory, virtual kernel & virtual disk access which is very successful keeping hackers off the kernel-mode (which is the highest permission, will allow hackers to install rootkits etc on your phone).

Just know that your phone is definitely not secure.

In terms of data encryption, the problem is not the encryption (which is sufficient), it's the mechanism that decrypt that data on daily use, which any hacker can get to in seconds (RAM cloning, reversing the mechanism etc).
In terms of exploits and vulnerabilities, they exists nowadays for each and every phone, although iOS are the hardest to find.

If security is a real issue for you (bigger issue than just losing your credit card number etc.), then use an unpopular brand with an unpopular OS, because hackers are buying exploits and are creating exploits only for popular OSes. No hacker will spend weeks trying to reverse engineer an unknown OS with few users. Also, do not, by any means, store your data on the "cloud", an external data hosting which future intrusion is inevitable.

If the Israeli intelligence "Unit 8200" got to the Iranian nuclear facilities which are not connected to the internet, trust me, your BB isn't really secure.

Thanks for the good laugh.

[Deppe]

I think it is really easy to dismiss this threat with just "lulz, who would side load a app anyways?"
People tend to forget that this is a mobile forum where people have great knowledge of do's and dont's! I work for a Big4 company and we have internal apps we use and we also have a lot of - let us just say not so tech oriented people! Go figure!
In my opinion you have to be a lot more stupid to believe that a Nigerian Prince will give you half of his wealth if you just transfer 2000 USD to his account and those stories pop up regularly.

[Deppe]

I still see this a lot. I thought everyone understood by now. All the security in the world won't help you if you set a password that can be guessed.

And no password in the world will help you if you have an unlimited amounts of tries to guess it - then it is just a question of processing power!

[dguy123]

I still see this a lot. I thought everyone understood by now. All the security in the world won't help you if you set a password that can be guessed.

It wasn't the user's fault, as you are implying here. With unlimited retries ANY password won't keep prying eyes out. I'm sure Apple has corrected this by now.

But you're also right, don't use 'password' for your password.


Posted via CB10

[Superfly_FR]

Just wondering how a SMS/Text-failover messaging app can raise any point in the security area ... did I miss something obvious (can be) ?

[anon(8063781)]

That only works if the good guys find the bugs. If the bad guys find the bugs in open source, do you think that they will release information about it? Not on your life. As for OpenSSL, it was rumored that NSA found the bug two years before the bug was released to the public. Open Source only works if every open source app is checked by good people and the problem is fixed and released. Doesn't always happen that way.

...and if malicious hackers or government agencies find the exploits in closed source? I guess then we trust the owners to close the exploit? I think I'd rather take my chances with open source.

None of the options are great though, are they?

Posted via CB10

[anon8656116]

...and if malicious hackers or government agencies find the exploits in closed source? I guess then we trust the owners to close the exploit? I think I'd rather take my chances with open source.

None of the options are great though, are they?

Posted via CB10

And the most important thing: Heartbleed was eventually discovered because of it. I don’t like how people are discrediting open source now because of Heartbleed, when it equally prevented many flaws in other software overall.

[Bluenoser63]

...and if malicious hackers or government agencies find the exploits in closed source? I guess then we trust the owners to close the exploit? I think I'd rather take my chances with open source.
None of the options are great though, are they?
Posted via CB10

It is harder to find exploits in software that you don't have access to. You have to do a lot more work to try and find the exploits. With open source you have to HOPE that good people are actually looking at ALL the open source code to find problems. You KNOW that bad people are looking.

[Bluenoser63]

And the most important thing: Heartbleed was eventually discovered because of it. I don’t like how people are discrediting open source now because of Heartbleed, when it equally prevented many flaws in other software overall.

Unless the rumors are true that the NSA knew for two years of the heartbleed bug and didn't tell anyone.

[bbjdog]

Do you think Business people would like to place their BB PP on a table at a huge meeting between companies and hear a snicker from the other company reps because they think their devices are better for business and security? Trust me, business cares about perception and not just if their contacts have read an article on a BB news site. The other people may only know about that security win by apple because their teenager is a techie and was reading about it and then told their father at dinner. Now the father trusts his kid on tech and thinks it is gospel.

It would be quite easy and cheap to hire another PR person to illuminate the internet with BBs true security policies and accolades when articles like this come out.

Not everyone does their homework. I didn't and I should have looking back. The chart was even childish looking and I am ashamed that I thought it could have been at all valid.

You have a great story, but the details are totally wrong. When someone brings out a Blackberry passport they deserve respect, because it's a work horse. Now when someone brings out toys and want respect, sorry you can't get it. IPhone and Android phones have a stigma of being toys.
Go ahead walk into a meeting and bring out your phone, just be careful of who you are meeting.

Posted via CB10

[BigAl_BB9900]

Do you think Business people would like to place their BB PP on a table at a huge meeting between companies and hear a snicker from the other company reps because they think their devices are better for business and security? Trust me, business cares about perception.......

Just to point out..... at the pinnacle of the business world, most people are using BlackBerry's as their corporate phones for email/data....

• Big 4 Accountancy firms - all the partners I've met use BlackBerrys (and I know KPMG mandates a BlackBerry-10-only rule for all corporate phones)
• Magic Circle Law Firms - never seen anything other than a BlackBerry as the corporate phone for email/data (many law firms also supply another basic non-BlackBerry handset for making voice calls)
• Other international law firms - have never seen anything except a BlackBerry (except as a non-corporate personal phone)
• International Consultancy firms - most (though not all) mandate BlackBerry as the corporate phone (some only mandate BlackBerry for more senior personnel - eg Partners)
• Investment Banking - again, pre-dominantly BlackBerry (especially for senior staff)

So perception wise - wearing a suit and having a BlackBerry, in the City of London / Wall Street, generally indicates that you have a really good career.....

[undone]

I recall reading about government players dumbing down standards to make them easier to open up.

Written Sept 2013
A Few Thoughts on Cryptographic Engineering: On the NSA

Just a clip from it:

If you haven't read the ProPublica/NYT or Guardian stories, you probably should. The TL;DR is that the NSA has been doing some very bad things. At a combined cost of $250 million per year, they include:

Tampering with national standards (NIST is specifically mentioned) to promote weak, or otherwise vulnerable cryptography.
Influencing standards committees to weaken protocols.
Working with hardware and software vendors to weaken encryption and random number generators.
Attacking the encryption used by 'the next generation of 4G phones'.
Obtaining cleartext access to 'a major internet peer-to-peer voice and text communications system' (Skype?)
Identifying and cracking vulnerable keys.
Establishing a Human Intelligence division to infiltrate the global telecommunications industry.
And worst of all (to me): somehow decrypting SSL connections.

[Prem WatsApp]

THE MASQUE...




Hahaha
...smokin' !

? ? ? Passposted via CB Chen ? ? ?

[anon(8063781)]

It is harder to find exploits in software that you don't have access to. You have to do a lot more work to try and find the exploits. With open source you have to HOPE that good people are actually looking at ALL the open source code to find problems. You KNOW that bad people are looking.

Hmm. I believe Windows disproves your first assertion.

Posted via CB10

[LazyEvul]

I love my BlackBerries. They're great phones. But I wouldn't trust any company to maintain my privacy, especially under legal pressure.

That's the crux of the issue, and why iOS and Android are now encrypted by default, while WhatsApp has just implemented end-to-end encryption by default. If they can't decrypt it, then no amount of legal pressure is going to help. Sure, an exploit could still theoretically be found, but it makes it harder to just collect data en masse.

BlackBerry doesn't currently do either of these (device encryption is an opt-in process, BBM is not end-to-end encrypted without BBM Protected), nor do they release a transparency report detailing any legal pressure that they might be under. You can definitely argue that certain parts of the OS are more secure that the competition, but BlackBerry has room for improvement in regards to consumer security. I submitted an idea on the I Can Make It Better suggestion for BlackBerry with the hope that they do take the time to improve. You can vote/comment on it here: https://blackberry.icanmakeitbetter....sumer-security