[qbnkelt]

sorry, but you might want to read this:
� Scarlet Johansson Leaked Photos EXIF Data Mobile Privacy & Security it was a blackberry bold 9000

in fact, in recent years nearly all of these celebrity "hacks" have been on blackberry, paris hilton, britney spears, nicole richie, and some, if not all of the newer ones such as scarlett..

and if you want a picture, that's been edited so it doesn't have nudity, here http://i.imgur.com/e9mIa.png
Paris Hilton's BlackBerry Hacked
~ Celebrity Buzz ~: Lindsay Lohan's BlackBerry hacked

Wait - those photos were not retrieved from the phone. They were retrieved via email (gmail was mentioned) or some cloud service.
Please read the article in its entirety. There is no mention that the photos were obtained from the phone or from a DM backup.
Media on devices can be encrypted. If you don't and your pictures end up on tmz.com, then you were foolish. Nothing to do with the device in question.
In the Lindsay Lohan case, someone got her password to get access to her device. That is not a hack, that is a troubled starlet leaving her password for someone to steal. The article dates from 2006. Who knows what state she was in at the time.
The Paris Hilton article refers to someone getting access to her Blackberry. Again, not a hack into a Blackberry.

[katiepea]

Wait - those photos were not retrieved from the phone. They were retrieved via email (gmail was mentioned) or some cloud service.
Please read the article in its entirety. There is no mention that the photos were obtained from the phone or from a DM backup.
Media on devices can be encrypted. If you don't and your pictures end up on tmz.com, then you were foolish. Nothing to do with the device in question.

i can assure you i did read the article in it's entirety. did you? there is also no mention of knowing exactly how they were obtained, it says IT'S POSSIBLE they were obtained via a cloud service.

[Danf]

i can assure you i did read the article in it's entirety. did you? there is also no mention of knowing exactly how they were obtained, it says IT'S POSSIBLE they were obtained via a cloud service.

If you read the article then you should pay particular attention to this statement. it does not say it is merely "possible" but likely.

More likely is that the images are being stolen from cloud and backup services, where data sits unencrypted, not directly from the devices themselves.

The data on the ONE pic only shows it was taken with a blackberry not that it was hacked from a Blackberry. He states the other pic was NOT taken with the same phone.

I would not rule out a blackberry or any other device being hacked if it's owner leaves WiFi or Bluetooth on. but the very article you posted does not support you claim that a blackberry was hacked to get those pics.

[qbnkelt]

why is root such a big issue? most malware and hacks don't require root anyway, and you are aware that even if you're rooted, every single app has to ask permission to gain access as root (superuser) it can't just access a SU command on it's own, even if you're rooted and allowed an app to access email and that app had intentions of harming something, it can't just break encryption, root doesn't enter the phone into GOD mode where everything is possible, encryption still exists server side.

IT departments are not keen on devices where roots are widely available. They endanger what is behind the firewall. This is basic.

[quik4life]

sorry, but you might want to read this:
� Scarlet Johansson Leaked Photos EXIF Data Mobile Privacy & Security it was a blackberry bold 9000

in fact, in recent years nearly all of these celebrity "hacks" have been on blackberry, paris hilton, britney spears, nicole richie, and some, if not all of the newer ones such as scarlett..

and if you want a picture, that's been edited so it doesn't have nudity, here http://i.imgur.com/e9mIa.png
Paris Hilton's BlackBerry Hacked
~ Celebrity Buzz ~: Lindsay Lohan's BlackBerry hacked

Come on, katiepea... I thought you had more credibility than that. The article states that the pic was taken with a 9000, but it doesn't say where the pic was obtained from. In fact, the article states that the second pic was taken with a different phone. The article also states that the files were probably taken from an unencrypted cloud or backup service.

Nowhere in that article does it say that a BB was hacked. But nice try...

When you find an article that states a celebrity's encrypted BB was compromised, then we'll talk.

[katiepea]

If you read the article then you should pay particular attention to this statement. it does not say it is merely "possible" but likely.

More likely is that the images are being stolen from cloud and backup services, where data sits unencrypted, not directly from the devices themselves.

The data on the ONE pic only shows it was taken with a blackberry not that it was hacked from a Blackberry. He states the other pic was NOT taken with the same phone.

I would not rule out a blackberry or any other device being hacked if it's owner leaves WiFi or Bluetooth on. but the very article you posted does not support you claim that a blackberry was hacked to get those pics.

i won't argue that, but both pictures show a bold 9000 in exif data as you can see from the link to the picture i posted, and they're clearly taken at the same time in the same hotel room. the only thing i find hard to believe is that she would actually store that image on a cloud service of any kind. oh well, the FBI is investigating it, maybe we'll find out

she is only one instance, you have to wonder how all of these celebrities with blackberries over the years have had their information stolen, recently entire contact lists with phone numbers and emails have been released as well as bbm pins a few years ago. i could see wifi snooping or bluetooth, but i couldn't ever think of a way bbm pins were obtained unless someone had the actual device, or nobody has just figured out how it was done yet.

[qbnkelt]

i can assure you i did read the article in it's entirety. did you? there is also no mention of knowing exactly how they were obtained, it says IT'S POSSIBLE they were obtained via a cloud service.

Kindly point to the sentence where it states that the Blackberry was hacked in order to obtain the media.


From the article itself:


"Recently Scarlet Johansson has been added to the list of celebrities who have had photos taken on their phone compromised. The media is stating this is an apparent ring of hackers that are stealing the data from celebrities phones and laptops, however this theory seems suspect.

More likely is that the images are being stolen from cloud and backup services, where data sits unencrypted, not directly from the devices themselves. I took a look at the recent alleged images ( research! ) and scanned them for EXIF data to see what information I could find about the images. One of the images had quite a bit of data embedded, I was able to see that the photo was taken with Blackberry Bold 9000 taken on October, 12, 2010 at 8:02PM. It is interesting that these photos are over a year old. Unless the image data and EXIF tags were tampered with the image came directly from the phone and was not modified by any applications like Photoshop, or compressed by any service. The images could have been emailed to another party as an attachment, it is highly likely that an email account or backup service was compromised.



The second photo that shows Johansson’s backside was not taken with the same phone, very little EXIF data was embedded in the image, but it was taken at a much higher resolution of 300 px/inch, the image also uses Progressive DCT encoding vs Baseline DCT like we have on the Blackberry device.

Several celebrities have had images leaked lately Vanessa Hudgens reportedly had nude images leaked after someone hacked her Gmail account. Odds are something similar has happened here, particularly given the age of the images.

Celebrity security needs to be taken as seriously as government security, all data should be encrypted even personal images and data. If celebrities are using cloud services they need to make sure the data is encrypted before it is backed up."

[Chrisy]

Wouldn't IT departments then just not allow rooting? Two people I know on BES cannot loar non official carrier OSs or certain apps.

[quik4life]

And I'm not even gonna bother talking about the credibility of that Gizmodo link you posted.

[qbnkelt]

Wouldn't IT departments then just not allow rooting? Two people I know on BES cannot loar non official carrier OSs or certain apps.

In theory you could. But you could also have a root that renders an IT policy void.
I can't even load The Weather Channel on my BES 9650.

[katiepea]

And I'm not even gonna bother talking about the credibility of that Gizmodo link you posted.

gizmodo didn't break the story, it was everywhere

Paris Hilton's Contact LIst Has Been Hacked [Archive] - gprime.net boards

Paris Hilton Hacked Cell Phone Pictures Released | BlackBerry Cool <- mentions blackberry hack

[BitPusher2600]

I don't care for the linux kernel nor will I ever again use an Android as my experience with one sucked (advanced task killer? Rofl).
But I love killing time reading tech sites and forums and I can honestly say that its easy to find a hundred Android fanboys who can "prove" they know it all while they so happen to be in their teens or early 20's, but I've never read a thing on any forum on Android security being any good or remotely any better than any other platform on the market from someone who has been a corporate IT manager for x number of years. Why is that? I only wonder out of interest. Not that it would matter for me because people's opinions nor white paper facts can convince me to use something I don't like or trust.

Posted from my CrackBerry at wapforums.crackberry.com

[Chrisy]

Wow, what's wrong with the weather channel?

I would think employees that are required to have secure devices wouldn't try to get around the policy and risk being fired or compromising their data.

[katiepea]

In theory you could. But you could also have a root that renders an IT policy void.
I can't even load The Weather Channel on my BES 9650.

i suppose technically you could void and IT policy, but if you do you shouldn't be able to authenticate on the server after it's gone, unless the root break's it's encryption, which would be news everywhere, as were the recent SSL spoof hacks, which is really a pretty big deal and should have gotten more attention.

[katiepea]

I don't care for the linux kernel nor will I ever again use an Android as my experience with one sucked (advanced task killer? Rofl).
But I love killing time reading tech sites and forums and I can honestly say that its easy to find a hundred Android fanboys who can "prove" they know it all while they so happen to be in their teens or early 20's, but I've never read a thing on any forum on Android security being any good or remotely any better than any other platform on the market from someone who has been a corporate IT manager for x number of years. Why is that? I only wonder out of interest. Not that it would matter for me because people's opinions nor white paper facts can convince me to use something I don't like or trust.

Posted from my CrackBerry at wapforums.crackberry.com

you used advanced task killer? well that's probably why your experienced sucked, google says not to use those. platform security isn't the same as server security, bb's platform has been compromised with the webkit browser, people were able to obtain contact lists and access to all the pictures on a device with a java hole, which actually could explain how some peoples phones are being hacked, even tho the 9000 doens't use the webkit, if she backed those pictures up and put them on a newer model, the exif data would still be the same and someone could have accessed them that way, i find it hard to believe she uploaded them anywhere.and i believe the java hack still has yet to be fixed? but the bis/bes servers are probably next to impossible to get into, and android and iphone both support exchange which is an alternative equivalent.

http://www.berryreview.com/2011/03/1...ts-and-images/
more detail: http://www.zdnet.com/blog/security/p...er-attack/8401

to me this scenario is pretty frightening, especially since a lot of people have to wait for carrier issued updates, which are painfully slow, sure you can turn off javascript, but then you've eliminated a ton of functionality, RIM should be issuing updates without a 3rd party. especially with BES users

and what they guys who hacked it had to say:
While the research team acknowledged that the BlackBerry benefits from obscurity, Iozzo said the absence of ASLR, DEP and code signing has put the device “way behind the iPhone” from a security perspective.

“The advantage for BlackBerry is the obscurity. It makes it a bit harder to attack a system if you don’t have documentation and information,” Iozzo said.

[qbnkelt]

Wow, what's wrong with the weather channel?

I would think employees that are required to have secure devices wouldn't try to get around the policy and risk being fired or compromising their data.

Nothing really wrong with the Weather Channel itself, it's just an example of a widely used app that under strict BES IT guidelines cannot be loaded. That's how restrictive some BES environments are, when dealing with the secure community.

As far as employees - the agency's greatest embarrasing spy incident, Robert Hanssen, came directly up from the ranks and gave up several agents to the Soviets. Greed overtakes many.

[_StephenBB81]

Wow, what's wrong with the weather channel?

I would think employees that are required to have secure devices wouldn't try to get around the policy and risk being fired or compromising their data.

Weather channel uses data, and anything installed on a device changes the device from being a duplicate image, any error a device may have could be caused by an application that isn't on the approved list.

GOOD IT admins lock out anything they have not extensively tested across all services, you don't want some rouge code causing hours of problems when you have no extra staff to deal with these problem.

as for trying to get around, I take great pride in getting around EVERY security policy put on my notebook and BlackBerry I will try and try and try to find a hole missed. always done it, they just patch the hole if/when the find I found one.

[qbnkelt]

Weather channel uses data, and anything installed on a device changes the device from being a duplicate image, any error a device may have could be caused by an application that isn't on the approved list.

GOOD IT admins lock out anything they have not extensively tested across all services, you don't want some rouge code causing hours of problems when you have no extra staff to deal with these problem.

as for trying to get around, I take great pride in getting around EVERY security policy put on my notebook and BlackBerry I will try and try and try to find a hole missed. always done it, they just patch the hole if/when the find I found one.

Hee, hee....I once loaded Google Maps...I had it for all of five minutes!!!!

[Chrisy]

Aren't you concerned about getting fired for doing that?

For certain things, I don't trust cloud storage either.

[qbnkelt]

Aren't you concerned about getting fired for doing that?

For certain things, I don't trust cloud storage either.

Me? I manage my a section of my agency's IT department. I'm supposed to find vulnerabilities.

That was a couple of years back. Can't even begin to load it now.

[BitPusher2600]

you used advanced task killer? well that's probably why your experienced sucked, google says not to use those.

Good god how do you not? I've been thru every major smartphone platform on the market and Droid is the only one that I can watch the ram (and the battery) eat itself alive as the phone fires up a slew of apps on its own that you cannot stop (read: terminate) by normal means. Google is blatantly full of sh*t on that call, maybe not directly as perhaps the carrier is to blame as their bloatware is given a disgusting amount of authority on the device, but then you get into having to change your OS (root) which does not speak well for anything.

Posted from my CrackBerry at wapforums.crackberry.com

[katiepea]

Good god how do you not? I've been thru every major smartphone platform on the market and Droid is the only one that I can watch the ram (and the battery) eat itself alive as the phone fires up a slew of apps on its own that you cannot stop (read: terminate) by normal means. Google is blatantly full of sh*t on that call, maybe not directly as perhaps the carrier is to blame as their bloatware is given a disgusting amount of authority on the device, but then you get into having to change your OS (root) which does not speak well for anything.

Posted from my CrackBerry at wapforums.crackberry.com

no pretty much everyone agrees, tasks are easy to kill without them if you want, and ram being used up on a phone is a good thing, it's not a pc, the more stuff in ram the faster you phone operates.

Android Task Killers Explained: What They Do and Why You Shouldn't Use Them

The truth about Android task killers and why you don't need them | PhoneDog

i WANT the applications i use most running and in my ram, they're exceedingly faster like this, killing them causes issues especially with notifcation and sync services, using a task killer is only limiting your functionality.

root is not a bad thing, and it can be undone thus not voiding your warranty, if your carrier apps are bugging you, you can root, remove them, and unroot

[K Bear]

Good god how do you not? I've been thru every major smartphone platform on the market and Droid is the only one that I can watch the ram (and the battery) eat itself alive as the phone fires up a slew of apps on its own that you cannot stop (read: terminate) by normal means. Google is blatantly full of sh*t on that call, maybe not directly as perhaps the carrier is to blame as their bloatware is given a disgusting amount of authority on the device, but then you get into having to change your OS (root) which does not speak well for anything.

Posted from my CrackBerry at wapforums.crackberry.com

OS 2.2 and higher does not require a task killer. Most issues are mot truly with the OS, it is with the overlay (Sense, TouchWiz, etc.), pure Android (2.2 & above) are not the battery hogs that the uninformed claim them to be.

[_StephenBB81]

Come on, katiepea... I thought you had more credibility than that. The article states that the pic was taken with a 9000, but it doesn't say where the pic was obtained from. In fact, the article states that the second pic was taken with a different phone. The article also states that the files were probably taken from an unencrypted cloud or backup service.

Nowhere in that article does it say that a BB was hacked. But nice try...

When you find an article that states a celebrity's encrypted BB was compromised, then we'll talk.

If one goes on an Internet search of Scarlett Jo's phone that was "hacked" most sites say it was an iPhone that was hacked, OR cloud storage service but when a device is mentioned as her current device it has been an iPhone

also if you go and check the Celebrity Blackberry sighting website
Celebrity BlackBerry Sightings you wont find her name on it

[_StephenBB81]

Aren't you concerned about getting fired for doing that?

For certain things, I don't trust cloud storage either.

Not really.

I ensure my value is such that when I stir the pot, it will be overlooked