[chuckiev79]

Whatever happens I just wish BlackBerry would have some official comments/updates on the priv and dtek devices regarding updates of security updates and OS updates. I guess the April security patch isn't officially late until April is over, but it is odd that it hasn't arrived yet; at least when compared to their past security updates. As for nougat, just say unfortunately due to our current focus Yada Yada it's not happening Yada Yada. We would at least know what's what.

[Matt J]

We all love our BlackBerry devices, but the issue here is simply saying one thing and doing another.

BlackBerry is not zero day patching. This much is obvious. They cannot claim to deliver secure smartphones if other manufacturers are providing the latest OS and the latest security patch.

Right now my Priv is on 6.0.1 and the March patch. That is one OS behind and one month behind. These are the facts and are indisputable.

[BB-JAM215]

We all love our BlackBerry devices, but the issue here is simply saying one thing and doing another.

BlackBerry is not zero day patching. This much is obvious. They cannot claim to deliver secure smartphones if other manufacturers are providing the latest OS and the latest security patch.

Right now my Priv is on 6.0.1 and the March patch. That is one OS behind and one month behind. These are the facts and are indisputable.

Other manufacturers don't have the built in firmware boot level security that BlackBerry has.

It's only been 9 days since the April security update was announced. It takes time to deliver the monthly security updates to even device.

It took about five weeks for my DTEK to receive the October update, now it's down to about nine days. As long as it comes every month it doesn't really matter whether it comes earlier or later.

[Matt J]

This is interesting

https://help.blackberry.com/en/secur...226529665.html

I don't think that kernel hardening is as big a deal to do as some may make it out.

[sidtek50]

Other manufacturers don't have the built in firmware boot level security that BlackBerry has.

It's only been 9 days since the April security update was announced. It takes time to deliver the monthly security updates to even device.

It took about five weeks for my DTEK to receive the October update, now it's down to about nine days. As long as it comes every month it doesn't really matter whether it comes earlier or later.

Oh come on man.... Stop defending it. Blackberry promised it. It doesn't matter if they have secure boot or not. They promised it and aren't delivering. That's the top and bottom of it.

[drobbie]

Oh come on man.... Stop defending it. Blackberry promised it. It doesn't matter if they have secure boot or not. They promised it and aren't delivering. That's the top and bottom of it.

Would you rather have an update that causes problems or something that is properly tested? The software will be released when it is ready.

[BB-JAM215]

Oh come on man.... Stop defending it. Blackberry promised it. It doesn't matter if they have secure boot or not. They promised it and aren't delivering. That's the top and bottom of it.

So you've been receiving regular monthly security updates, something most Android phones never see, but they're just not coming fast enough?

[Matt J]

So you've been receiving regular monthly security updates, something most Android phones never see, but they're just not coming fast enough?

Zero day is zero day.... or it isn't.

https://en.wikipedia.org/wiki/Zero-day_(computing)

[sidtek50]

So you've been receiving regular monthly security updates, something most Android phones never see, but they're just not coming fast enough?

I didn't get a security patch on my dtek50's for almost 3 months...

We're mid April and no patch.

The key difference: blackberry charge more for their devices and justify it by saying they do "zero day patching".... which they simply do not. Fact.

Other manufacturers don't sell their devices promising 0day patching so your argument is void.

I'm a security guy. It's what i do. It's in my blood. Blackberry are trying to appeal to people like me but they're opening themselves up to huge levels of scrutiny. You absolutely do not tell a security professional you offer a 0day patching service and fail to deliver. It's a poor show regardless of how you feel about it; they are the ones who promised. They sold their devices on that basis, with that narrative.

[BB-JAM215]

Zero day is zero day.... or it isn't.

https://en.wikipedia.org/wiki/Zero-day_(computing)

"Zero day" is a reference to undisclosed software vulnerabilities, it doesn't refer to the patching process or the time it takes to deliver a security patch.

[BB-JAM215]

I didn't get a security patch on my dtek50's for almost 3 months...

Did you buy your DTEKs directly from BlackBerry or unlocked from another retailer or through a carrier?

[Bla1ze]

not a great example, yahoo would still be encrypting your password

hahahahahahahahahahahahahahahahahahahha!

Ohhh Ohhh, the tears....

Yahoo would still be encrypting your password.

Bahahahahahahahahahahahahahahahahahaha!

I'm a security guy. It's what i do. It's in my blood.

And you still had the nerve to say that?

You're killing me smalls.

[thurask]

Not a great example, yahoo would still be encrypting your password, but I see what you were getting at.

Yeah, about that.

[krazyatom]

Blackberry is all about keyboard. If you security, go for Google pixel or iPhone.

[Bla1ze]

We're mid April and no patch.

I don't think your situation is the same for everyone. My DTEK50 has the April patch just fine. Now if you had of said Priv or DTEK60, you would be right.

[FF22]

https://help.blackberry.com/en/secur...263164972.html

"Security maintenance releases

Each month, Google™ releases a security bulletin containing a list of recently discovered Android vulnerabilities to BlackBerry and other Android OEMs. BlackBerry will release these security maintenance releases (SMRs) to users that have purchased devices through shopblackberry.com and to resellers (carriers and other authorized dealers) that have agreed to participate in our regular SMR program and deliver our SMRs OTA to their subscribers."

[BB-JAM215]

https://help.blackberry.com/en/secur...263164972.html

"Security maintenance releases

Each month, Google™ releases a security bulletin containing a list of recently discovered Android vulnerabilities to BlackBerry and other Android OEMs. BlackBerry will release these security maintenance releases (SMRs) to users that have purchased devices through shopblackberry.com and to resellers (carriers and other authorized dealers) that have agreed to participate in our regular SMR program and deliver our SMRs OTA to their subscribers."

The reference to "other authorized dealers" is interesting. I would have thought the only source of updates other than BlackBerry would be the carriers.

I doubt that Staples Canada or Amazon are pushing out the updates being received by phones purchased through them.

[Drenegade]

The reference to "other authorized dealers" is interesting. I would have thought the only source of updates other than BlackBerry would be the carriers.

I doubt that Staples Canada or Amazon are pushing out the updates being received by phones purchased through them.

Yeah. I would expect that unlocked phones sold thru amazon or staples would have the same status as those sold at shopblackberry.

Posted via CB10

[anon(10101748)]

The differentiator is devices specifically designed for Enterprise. This isn't a difficult concept in my mind. The PRIV, DTEK50, and DTEK60 were not exactly Enterprise cash cows nor are they typically offered by corporations or gov't agencies. Large corporations and government agencies at least in the US are on an iPhone and Galaxy cycle. Most offer one or the other or both. Depending on where you are in the replacement cycle determines which device you have. At my agency new hires can choose the iPhone 7 or Galaxy S7. However, some employees are still on iPhone 5s or Galaxy S5. The replacement cycle set for September clearly stated that all replacement phones between now and then will be Android devices and in September the entire organization will move to Android. I have it on good authority that the KEYone will be the standard issued device as of September 1st and deployed to the entire workforce just like our old Bold 9900s were. The $$$ savings is astonishing with 30,000 employees and saving at least $150 per device. That's 4.5 million right there. So in order for the KEYone to succeed in it's "Target Audience" (yes, Enterprise is who it's aimed at) it must have Nougat, the latest OS. At some point people will need to give in that BlackBerry, BlackBerry Mobile, TCL whatever we're calling it today is targeting the Enterprise with hopes of penetrating the consumer market too. But the continued partnership and existence relies heavily if not entirely on the Enterprise space.

It would be nice if the PRIV, DTEK50, or DTEK60 would get the update and I personally believe they will, but after the KEYone is released, it's simply not important to the strategy being deployed.

[sidtek50]

Yeah, about that.

Oh lol well I didn't realise they were hashing passwords...

EITHER WAY....If someone is sniffing traffic then the hashed password you type in won't show.

I'm a security analyst. Bla1ze you can laugh but I've been warned for laughing at users so I won't retaliate.

If we're talking about hackers or mitm attacks that's different. Either way this is getting a tiny bit off topic

[sidtek50]

hahahahahahahahahahahahahahahahahahahha!

Ohhh Ohhh, the tears....

Yahoo would still be encrypting your password.

Bahahahahahahahahahahahahahahahahahaha!



And you still had the nerve to say that?

You're killing me smalls.

I meant the website certificate would be encrypting your password in transition.

[sidtek50]

I don't think your situation is the same for everyone. My DTEK50 has the April patch just fine. Now if you had of said Priv or DTEK60, you would be right.

Gee bla1ze whats with you tonight?? You're on a rampage for me.

Dtek60 and priv not patched despite being more expensive than the 50.

Happy?

[pineapple2607]

Bla1ze is just saying that Nougat is coming soon too our devices and yes the security patch is late, and that's not okay. But i can live with it.

[Carjackd]

Not a great example, yahoo would still be encrypting your password,

Have you been watching any news feeds in the past 8 months?

[Carjackd]

Yeah, about that.

I see you have been reading the news feeds.