11-18-14 03:51 PM
93 ... 234
tools
  1. tchocky77's Avatar
    That's like telling your opponent in a football game what play you're going to run. You'll lose every time.
    No. It's really nothing like football. In any way. At all.
    11-12-14 03:39 AM
  2. Telanch's Avatar
    Well, the bashing will go on. But that doesn't mean we stop using BB! For me it works simply excellent!
    11-12-14 03:59 AM
  3. Bluenoser63's Avatar
    As I understand it, the EFF argument is based on the premise that true security is based on good code, and that understanding the code will not permit you to crack the encryption it produces. In fact, open source code and open audits will improve the chance that mistakes -- if they're made -- are rectified. That's what happened with OpenSSL.
    That only works if the good guys find the bugs. If the bad guys find the bugs in open source, do you think that they will release information about it? Not on your life. As for OpenSSL, it was rumored that NSA found the bug two years before the bug was released to the public. Open Source only works if every open source app is checked by good people and the problem is fixed and released. Doesn't always happen that way.
    spikesolie and PatrickMJS like this.
    11-12-14 08:13 AM
  4. Bluenoser63's Avatar
    It has to do with politics and regulations (which are mostly *** covering), period.
    Security in phones means several things: data encryption strength (when your phone is stolen), unlocking security and external networking security.
    A phone is very much prone to Bluetooth, WiFi & NFC vulnerabilities, especially Blackberry (which I had done a quite significant research on, although on older versions, but the infrastructure usually won't change).
    In terms of sheer exploits, Blackberry is basically more vulnerable than iPhones, because iOS has a built in virtual memory, virtual kernel & virtual disk access which is very successful keeping hackers off the kernel-mode (which is the highest permission, will allow hackers to install rootkits etc on your phone).

    Just know that your phone is definitely not secure.

    In terms of data encryption, the problem is not the encryption (which is sufficient), it's the mechanism that decrypt that data on daily use, which any hacker can get to in seconds (RAM cloning, reversing the mechanism etc).
    In terms of exploits and vulnerabilities, they exists nowadays for each and every phone, although iOS are the hardest to find.

    If security is a real issue for you (bigger issue than just losing your credit card number etc.), then use an unpopular brand with an unpopular OS, because hackers are buying exploits and are creating exploits only for popular OSes. No hacker will spend weeks trying to reverse engineer an unknown OS with few users. Also, do not, by any means, store your data on the "cloud", an external data hosting which future intrusion is inevitable.

    If the Israeli intelligence "Unit 8200" got to the Iranian nuclear facilities which are not connected to the internet, trust me, your BB isn't really secure.
    Thanks for the good laugh.
    11-12-14 08:21 AM
  5. Deppe's Avatar
    I think it is really easy to dismiss this threat with just "lulz, who would side load a app anyways?"
    People tend to forget that this is a mobile forum where people have great knowledge of do's and dont's! I work for a Big4 company and we have internal apps we use and we also have a lot of - let us just say not so tech oriented people! Go figure!
    In my opinion you have to be a lot more stupid to believe that a Nigerian Prince will give you half of his wealth if you just transfer 2000 USD to his account and those stories pop up regularly.
    11-12-14 08:52 AM
  6. Deppe's Avatar
    I still see this a lot. I thought everyone understood by now. All the security in the world won't help you if you set a password that can be guessed.
    And no password in the world will help you if you have an unlimited amounts of tries to guess it - then it is just a question of processing power!
    undone, spikesolie and PatrickMJS like this.
    11-12-14 08:55 AM
  7. dguy123's Avatar
    I still see this a lot. I thought everyone understood by now. All the security in the world won't help you if you set a password that can be guessed.
    It wasn't the user's fault, as you are implying here. With unlimited retries ANY password won't keep prying eyes out. I'm sure Apple has corrected this by now.

    But you're also right, don't use 'password' for your password.


    Posted via CB10
    11-12-14 09:18 AM
  8. Superfly_FR's Avatar
    Just wondering how a SMS/Text-failover messaging app can raise any point in the security area ... did I miss something obvious (can be) ?
    11-12-14 09:24 AM
  9. Shuswap's Avatar
    That only works if the good guys find the bugs. If the bad guys find the bugs in open source, do you think that they will release information about it? Not on your life. As for OpenSSL, it was rumored that NSA found the bug two years before the bug was released to the public. Open Source only works if every open source app is checked by good people and the problem is fixed and released. Doesn't always happen that way.
    ...and if malicious hackers or government agencies find the exploits in closed source? I guess then we trust the owners to close the exploit? I think I'd rather take my chances with open source.

    None of the options are great though, are they?

    Posted via CB10
    11-12-14 05:08 PM
  10. anon8656116's Avatar
    ...and if malicious hackers or government agencies find the exploits in closed source? I guess then we trust the owners to close the exploit? I think I'd rather take my chances with open source.

    None of the options are great though, are they?

    Posted via CB10
    And the most important thing: Heartbleed was eventually discovered because of it. I don’t like how people are discrediting open source now because of Heartbleed, when it equally prevented many flaws in other software overall.
    11-12-14 06:30 PM
  11. Bluenoser63's Avatar
    ...and if malicious hackers or government agencies find the exploits in closed source? I guess then we trust the owners to close the exploit? I think I'd rather take my chances with open source.
    None of the options are great though, are they?
    Posted via CB10
    It is harder to find exploits in software that you don't have access to. You have to do a lot more work to try and find the exploits. With open source you have to HOPE that good people are actually looking at ALL the open source code to find problems. You KNOW that bad people are looking.
    11-12-14 10:02 PM
  12. Bluenoser63's Avatar
    And the most important thing: Heartbleed was eventually discovered because of it. I don’t like how people are discrediting open source now because of Heartbleed, when it equally prevented many flaws in other software overall.
    Unless the rumors are true that the NSA knew for two years of the heartbleed bug and didn't tell anyone.
    11-12-14 10:03 PM
  13. bbjdog's Avatar
    Do you think Business people would like to place their BB PP on a table at a huge meeting between companies and hear a snicker from the other company reps because they think their devices are better for business and security? Trust me, business cares about perception and not just if their contacts have read an article on a BB news site. The other people may only know about that security win by apple because their teenager is a techie and was reading about it and then told their father at dinner. Now the father trusts his kid on tech and thinks it is gospel.

    It would be quite easy and cheap to hire another PR person to illuminate the internet with BBs true security policies and accolades when articles like this come out.

    Not everyone does their homework. I didn't and I should have looking back. The chart was even childish looking and I am ashamed that I thought it could have been at all valid.
    You have a great story, but the details are totally wrong. When someone brings out a Blackberry passport they deserve respect, because it's a work horse. Now when someone brings out toys and want respect, sorry you can't get it. IPhone and Android phones have a stigma of being toys.
    Go ahead walk into a meeting and bring out your phone, just be careful of who you are meeting.

    Posted via CB10
    11-12-14 10:48 PM
  14. BigAl_BB9900's Avatar
    Do you think Business people would like to place their BB PP on a table at a huge meeting between companies and hear a snicker from the other company reps because they think their devices are better for business and security? Trust me, business cares about perception.......
    Just to point out..... at the pinnacle of the business world, most people are using BlackBerry's as their corporate phones for email/data....
    • Big 4 Accountancy firms - all the partners I've met use BlackBerrys (and I know KPMG mandates a BlackBerry-10-only rule for all corporate phones)
    • Magic Circle Law Firms - never seen anything other than a BlackBerry as the corporate phone for email/data (many law firms also supply another basic non-BlackBerry handset for making voice calls)
    • Other international law firms - have never seen anything except a BlackBerry (except as a non-corporate personal phone)
    • International Consultancy firms - most (though not all) mandate BlackBerry as the corporate phone (some only mandate BlackBerry for more senior personnel - eg Partners)
    • Investment Banking - again, pre-dominantly BlackBerry (especially for senior staff)

    So perception wise - wearing a suit and having a BlackBerry, in the City of London / Wall Street, generally indicates that you have a really good career.....
    11-13-14 08:12 AM
  15. undone's Avatar
    I recall reading about government players dumbing down standards to make them easier to open up.

    Written Sept 2013
    A Few Thoughts on Cryptographic Engineering: On the NSA

    Just a clip from it:

    If you haven't read the ProPublica/NYT or Guardian stories, you probably should. The TL;DR is that the NSA has been doing some very bad things. At a combined cost of $250 million per year, they include:

    Tampering with national standards (NIST is specifically mentioned) to promote weak, or otherwise vulnerable cryptography.
    Influencing standards committees to weaken protocols.
    Working with hardware and software vendors to weaken encryption and random number generators.
    Attacking the encryption used by 'the next generation of 4G phones'.
    Obtaining cleartext access to 'a major internet peer-to-peer voice and text communications system' (Skype?)
    Identifying and cracking vulnerable keys.
    Establishing a Human Intelligence division to infiltrate the global telecommunications industry.
    And worst of all (to me): somehow decrypting SSL connections.
    11-13-14 09:30 AM
  16. Prem WatsApp's Avatar
    THE MASQUE...


    This needs to stop; Apple more secure than BB; C'Mon Man!-3601444-0528864382-0cc52.jpg

    Hahaha
    ...smokin' !

    ? ? ? Passposted via CB Chen ? ? ?
    11-16-14 06:35 PM
  17. Shuswap's Avatar
    It is harder to find exploits in software that you don't have access to. You have to do a lot more work to try and find the exploits. With open source you have to HOPE that good people are actually looking at ALL the open source code to find problems. You KNOW that bad people are looking.
    Hmm. I believe Windows disproves your first assertion.

    Posted via CB10
    11-18-14 03:21 PM
  18. LazyEvul's Avatar
    I love my BlackBerries. They're great phones. But I wouldn't trust any company to maintain my privacy, especially under legal pressure.
    That's the crux of the issue, and why iOS and Android are now encrypted by default, while WhatsApp has just implemented end-to-end encryption by default. If they can't decrypt it, then no amount of legal pressure is going to help. Sure, an exploit could still theoretically be found, but it makes it harder to just collect data en masse.

    BlackBerry doesn't currently do either of these (device encryption is an opt-in process, BBM is not end-to-end encrypted without BBM Protected), nor do they release a transparency report detailing any legal pressure that they might be under. You can definitely argue that certain parts of the OS are more secure that the competition, but BlackBerry has room for improvement in regards to consumer security. I submitted an idea on the I Can Make It Better suggestion for BlackBerry with the hope that they do take the time to improve. You can vote/comment on it here: https://blackberry.icanmakeitbetter....sumer-security
    anon62607 and Shuswap like this.
    11-18-14 03:51 PM
93 ... 234

Similar Threads

  1. Can anyone help me get the Whatsapp 2.11.840 bar file?
    By hani baessa in forum Ask a Question
    Replies: 4
    Last Post: 12-10-14, 06:31 PM
  2. urgent need help about OS how to stop downloading OS
    By Thunderstrom in forum BlackBerry 10 OS
    Replies: 16
    Last Post: 11-11-14, 09:37 PM
  3. How to Block contacts - calls
    By mjcharata in forum BlackBerry Passport
    Replies: 4
    Last Post: 11-11-14, 11:34 AM
  4. is there any way to set permission of application forcely
    By Thunderstrom in forum BlackBerry Z10
    Replies: 7
    Last Post: 11-10-14, 03:10 PM
  5. Passport screen colour reproduction compared to Z30
    By barryb20 in forum BlackBerry Passport
    Replies: 2
    Last Post: 11-10-14, 02:41 PM
LINK TO POST COPIED TO CLIPBOARD