01-27-15 04:47 AM
183 123 ...
tools
  1. notfanboy's Avatar
    The Electronic Frontier Foundation released a scorecard comparing all of the messaging platforms.

    https://www.eff.org/secure-messaging-scorecard

    Edit: There's a dropdown control at the top of the page. Change the selection to "All Tools" to see BBM and BBM Protected.

    SECURE MESSAGING SCORECARD
    Which apps and tools actually keep your messages safe?

    In the face of widespread Internet surveillance, we need a secure and practical means of talking to each other from our phones and computers. Many companies offer “secure messaging” products—but are these systems actually secure? We decided to find out, in the first phase of a new EFF Campaign for Secure & Usable Crypto.
    They ranked BBM and BlackBerry Protect.

    I was expecting BBM to score high marks, but to my surprise BBM had one of the lowest security scores. WhatsApp is actually ranked higher. BBM has the same single checkmark as Yahoo Messenger and AIM. BlackBerry Protected, with three checkmarks, is middle of the road.

    What gives?
    Last edited by notfanboy; 11-04-14 at 03:35 PM. Reason: added instructions for the link
    11-04-14 01:06 PM
  2. BBZ10wannabe's Avatar
    Somebody should get this over to BlackBerry FactCheck. I wonder if they are referring to PIN-PIN messaging instead of regular BBM messages as that is known to use a common key that once compromised opens the door wide open so to speak.
    jojo beaconsfield likes this.
    11-04-14 01:41 PM
  3. laserx's Avatar
    I can't see anything about BBM or Blackberry? Even went to the home page and did a search, it came up with an article from 2013 nothing about BBM?
    11-04-14 01:45 PM
  4. BCITMike's Avatar
    No results found for "bbm" on that page. Try again.

    Posted via CB10
    howarmat likes this.
    11-04-14 01:54 PM
  5. howarmat's Avatar
    not seeing BBM on there either
    11-04-14 02:01 PM
  6. raino's Avatar
    I can't see anything about BBM or Blackberry? Even went to the home page and did a search, it came up with an article from 2013 nothing about BBM?
    No results found for "bbm" on that page. Try again.
    not seeing BBM on there either
    Change 'Featured Tools' to 'All Tools'
    11-04-14 02:05 PM
  7. nomloj's Avatar
    I can't find BBM either. But, looking at the last three columns, I don't think that BBM has: code open to independent review, security design properly documented, or code has been audited. I thought BBM was proprietary and so no one else's eyes would ever get the chance to look at the source code or documentation. That alone would take away 3 checks out of the 7.Could be wrong, but that's just my understanding.

    Edit: Ok, found the correct selection to locate BBM.
    11-04-14 02:09 PM
  8. tomsobon's Avatar
    Switch from Features tools to All tools, on top of the messengers list (pink squares)
    11-04-14 02:12 PM
  9. jmr1015's Avatar
    Change 'Featured Tools' to 'All Tools'
    This.
    11-04-14 02:15 PM
  10. FrankIAm's Avatar
    I don't even need to see this thread develop to see how it'll turn out, the comments so far and the "thanks" are more than enough.

    Good luck, OP, you made a big mistake.
    11-04-14 02:21 PM
  11. howarmat's Avatar
    ok I see it now

    and yes some of those I think are more secure being "unchecked"
    kevets likes this.
    11-04-14 02:29 PM
  12. Jimberry Storm's Avatar
    Somebody should get this over to BlackBerry FactCheck. I wonder if they are referring to PIN-PIN messaging instead of regular BBM messages as that is known to use a common key that once compromised opens the door wide open so to speak.
    Yes agree 100%, no way is yahoo messenger as secure as BBM, got to be spin masters at work here.
    11-04-14 02:40 PM
  13. NamelessStar's Avatar
    anyone not seeing it at the top there is a drop down change from features to all tools and it will show.
    11-04-14 03:11 PM
  14. THBW's Avatar
    Yes agree 100%, no way is yahoo messenger as secure as BBM, got to be spin masters at work here.
    One should always be cautious of any organization where funding sources and ownership are opaque. Often, corporate interests buy these foundations for the name and then use it according to their needs. I'm always a bit suspicious when Wikipedia puts up a flag as to whether their displayed information is valid. I have seen this before.
    MySOLE_2KEEP likes this.
    11-04-14 03:17 PM
  15. SethDove's Avatar
    Yes agree 100%, no way is yahoo messenger as secure as BBM, got to be spin masters at work here.
    Based on what? What do you know that makes it more secure?

    EFF is a good organization. Their evaluation is clear on that page. You may not agree with their aim. But Blackberry has historically worked closely with governments. Which immediately makes their "security" questionable IMHO. And as EFF shows none of the alleged security can be verified. You just trust them based on your feelings. Blackberry isn't a team to root for. They sell products we buy. They won't do better if they don't have to.

    Posted via CB10
    11-04-14 03:35 PM
  16. Superdupont 2_0's Avatar
    I like this scorecard and I think BB must improve the security of BBM for consumers.

    However, I would disagree in three points:

    1) The security design for bbm is properly documented here

    2) With bbm protected "sender and recipient have unique public/private encryption and signing keys.". So why exactly can't I verify the idendities of my contacts?!?

    It's all here:
    BBM Protected | eBBM Secure Messaging & Encrypted Chat | BlackBerry - US

    3) To read past communications of bbm protected the attacker has to steal actually three keys (TLS + 3DES + your own), while for other platforms there are only 1-2 keys.
    And I just had short glance at the whitepaper, but if the sessions keys are created by "One-Pass ECDH" (see page 10), I would assume that is Forward Secrecy?
    raino, Jose Casiano, senel and 4 others like this.
    11-04-14 05:55 PM
  17. Bluenoser63's Avatar
    The last three are questionable at best.
    11-04-14 06:27 PM
  18. VR6's Avatar
    Get the EFF outta here!

    Posted via CB10
    11-04-14 07:03 PM
  19. Jose Casiano's Avatar
    This is a good point. I've also wondered if having your code always open to see can later open up security risks. It's like hey this is how my security works. Do you think it works yeah I think it works, and later deals a blow because they later find a vulnerability. Regular bbm should have a bit better security available for consumers but I'd trust blackberry personally for communication.

    Posted via CB10
    CherokeeMarty likes this.
    11-04-14 07:24 PM
  20. Bluenoser63's Avatar
    This is a good point. I've also wondered if having your code always open to see can later open up security risks. It's like hey this is how my security works. Do you think it works yeah I think it works, and later deals a blow because they later find a vulnerability. Regular bbm should have a bit better security available for consumers but I'd trust blackberry personally for communication.

    Posted via CB10
    OpenSSL is a good example. It was open source and there were people who knew the vulnerabilities and used them to their advantage as others didn't see the flaw. Open source only works if good people see the flaws first.
    11-04-14 07:29 PM
  21. llamax's Avatar
    EFF are the good guys - read up on Richard Stallman.

    The EFF's points are valid. Some, BBM would not be able to meet without being open source which is never likely to happen.

    It would be nice for some entity to audit the source code, though.
    11-04-14 08:14 PM
  22. KKrusher's Avatar
    EFF has always - in my mind - a rock solid reputation.
    In their list I see- a second and third entry:
    Blackberry Messenger
    Blackberry Protected

    I am not a tech guru but these findings merit a more thorough examination.

    Is someone with the proper tech credentals up to the challenge to verify these results?

    Cheers
    nah.uhh and jefbeard911 like this.
    11-04-14 08:17 PM
  23. CherokeeMarty's Avatar
    not seeing BBM on there either

    i clicked on the provided link, and went to the ranking, which is alphabetical, showing BBM as the second listing with BB "Protected" as the third listing. The rankings were heavily tilted towards open sourced type of code which I'm glad is not the case with BBM. Even Hushmail was ranked the same as BBM.
    11-04-14 10:19 PM
  24. CherokeeMarty's Avatar
    If you go to the link provided by Superdupont 2_0, you can actually determine the validity of the BBM security protocols, which show the EFF ranking to be bogus and self serving.
    Bluenoser63 likes this.
    11-04-14 10:26 PM
  25. bobshine's Avatar
    OK for all those that think that BBM isn't safe, why was BBM the only instant messaging platform that was ever banned by governments?

    Posted via CB10
    Bluenoser63 likes this.
    11-04-14 10:40 PM
183 123 ...

Similar Threads

  1. Why won't my BB Bold 9900 turn on?
    By CrackBerry Question in forum Ask a Question
    Replies: 1
    Last Post: 12-05-14, 04:15 PM
  2. Financial Post Article on Chen's one year at BlackBerry
    By Grafic111 in forum General BlackBerry News, Discussion & Rumors
    Replies: 13
    Last Post: 11-08-14, 01:35 AM
  3. New bbm force close
    By Hendri kusliawan in forum General BBM Chat
    Replies: 3
    Last Post: 11-04-14, 10:02 PM
  4. Replies: 2
    Last Post: 11-04-14, 01:04 PM
LINK TO POST COPIED TO CLIPBOARD