1. berry.man's Avatar
    Is it better to use the BB BIS email or google than say hotmsail and yahoo for SSL communications? Jusr to confirm, the BB BIS email is encrypted right?

    Hotmail and yahoo don't encrypt the communication except during authentication in their norm web based browsers. So granted the BB devices are always on and is wireless no less, is it not such a good idea to use hotmail and yahoo?

    Posted from my CrackBerry at wapforums.crackberry.com
    04-22-10 01:03 PM
  2. Radius's Avatar
    BB email is encrypted end to end between any two BB devices. As soon as that email is sent outside of the BB system all bets are off. Most email can be read on any server it passes through.

    So use whatever service you want. The bottom line is these big companies have back doors for law enforcement anyhow so if they want to look at you, they will and you can't stop them.

    As for regular people viewing your email, there's no real worries about that.
    04-22-10 01:07 PM
  3. F0nage's Avatar
    I don't understand what you are saying. Googlemail, hotmail, and yahoo are all accessible via SSL both via the web and via BIS.

    However, SSL email accessed by BIS is not encrypted end-to-end like it is on the web. BIS sees the plaintext you send and receive. It's encrypted in transit. The SSL is only between hops.

    And google, hotmail, and yahoo store the plaintext on their servers. If you want encrypted email end-to-end you have to set up PGP or S/MIME.
    04-22-10 01:07 PM
  4. berry.man's Avatar
    I don't understand what you are saying. Googlemail, hotmail, and yahoo are all accessible via SSL both via the web and via BIS.

    However, SSL email accessed by BIS is not encrypted end-to-end like it is on the web. BIS sees the plaintext you send and receive. It's encrypted in transit. The SSL is only between hops.

    And google, hotmail, and yahoo store the plaintext on their servers. If you want encrypted email end-to-end you have to set up PGP or S/MIME.
    yahoo mail and hotmail using the browser interface isn't encrypted except authentication.

    Google is the only major free one I know with always encrypted connections between mail client and the mail servers

    I'm actually just worried about ID theft stealing my data as I move around etc. As long as emails are not plaintext for I/O to my BB

    Posted from my CrackBerry at wapforums.crackberry.com
    Last edited by berry.man; 04-22-10 at 01:19 PM.
    04-22-10 01:17 PM
  5. MrObvious's Avatar
    So you're saying BIS encrypts the Gmail, Yahoo, Hotmail, etc. in SSL along with the encryption for BIS? If so, cool!
    04-22-10 01:33 PM
  6. Branta's Avatar
    The major risk of snooping for a mobile user is the WiFi hotspot at the coffee shop. Once it leaves there it is relatively safe from third parties until it gets to the last few hops to the recipient. By using your BB you completely avoid the local risk factor.

    Cellular transmission is not "completely secure" but it does need substantial resources to intercept and decrypt the wireless packets, and it is not real-time like you see in films. At this time it is not a risk you need to worry too much about unless you think law enforcement or government agencies are interested in your activity. If they are involved it is more likely they will go direct to the service providers rather than sniffing off-air.
    04-22-10 01:42 PM
  7. Radius's Avatar
    The major risk of snooping for a mobile user is the WiFi hotspot at the coffee shop. Once it leaves there it is relatively safe from third parties until it gets to the last few hops to the recipient. By using your BB you completely avoid the local risk factor.

    Cellular transmission is not "completely secure" but it does need substantial resources to intercept and decrypt the wireless packets, and it is not real-time like you see in films. At this time it is not a risk you need to worry too much about unless you think law enforcement or government agencies are interested in your activity. If they are involved it is more likely they will go direct to the service providers rather than sniffing off-air.
    Yep, even encrypted data on the BIS network is completely recoverable from the servers of RIM. Even using PGP or any similar system won't help you from Johnny law, they can get into it.

    And if you need to protect from regular users then most will never figure out how to intercept your email unless they know a few tricks.
    04-22-10 01:53 PM
  8. F0nage's Avatar
    yahoo mail and hotmail using the browser interface isn't encrypted except authentication.
    I just checked, you're right. I use a desktop client and you can definitely use SSL with those, though. Just not with the web interface, apparently

    Google is the only major free one I know with always encrypted connections between mail client and the mail servers
    There are plenty, try GMX for one.
    04-22-10 01:59 PM
  9. F0nage's Avatar
    Yep, even encrypted data on the BIS network is completely recoverable from the servers of RIM.
    Yes, the RIM EULA clearly states they'll bend over for anybody who asks.

    Even using PGP or any similar system won't help you from Johnny law, they can get into it.
    That's patently false. If you use S/MIME or PGP set up properly, nobody can crack it.

    If bad guys want the data bad enough, they use more direct methods and bypass the whole encryption issue.

    And why do people assume people who value their privacy are breaking the law? Privacy is a basic human right, nobody should have to explain why he wants to keep his personal information private, and nobody should assume people who are interested in privacy are abusing it any more than anybody exercising any of his other human rights.
    Last edited by F0nage; 04-22-10 at 02:07 PM.
    04-22-10 02:01 PM
  10. F0nage's Avatar
    So you're saying BIS encrypts the Gmail, Yahoo, Hotmail, etc. in SSL along with the encryption for BIS? If so, cool!
    No, BIS encryption is between your device and RIM. They use SSL to communicate with the mail servers (if supported).
    04-22-10 02:02 PM
  11. berry.man's Avatar
    Not all intentions are malicious. Security experts always advocate always encrypting communications to prevent man in the middle type ID theft. Being new to BBs I just have my reservations about the security aspect of the smartphone scene, it being a 24/7, wireless!!!, communication device. With PCs, most understand security and wireless are oxymorons when spoken together. You sacrifice data security for convenience. Thatsd why its important to ensure thieves of all technical know-how will have to work real hard to steal ur data. Law enf should have access of course, but they are trusted sources that likely won't steel ur CC info to go shopping.

    So does BB encrypt/decryt locally before communicating with srrvice providers, or do they do that at the server and relay plaintext to ur BB?

    Posted from my CrackBerry at wapforums.crackberry.com
    04-22-10 02:17 PM
  12. berry.man's Avatar
    Yep, even encrypted data on the BIS network is completely recoverable from the servers of RIM. Even using PGP or any similar system won't help you from Johnny law, they can get into it.

    And if you need to protect from regular users then most will never figure out how to intercept your email unless they know a few tricks.
    theoretically no. If a set of data is securely encrypted locally before communication, noone can crack the data without the key or using brute force. That's cryptography 101.

    Posted from my CrackBerry at wapforums.crackberry.com
    04-22-10 02:25 PM
  13. Branta's Avatar
    That's patently false. If you use S/MIME or PGP set up properly, nobody can crack it.

    If bad guys want the data bad enough, they use more direct methods and bypass the whole encryption issue.
    Not strictly true. Admittedly, putting you in a cell and holding you there until you disclose the decryption keys is not strictly "cracking" but it is effective. The real bad guys have a slightly less subtle version involving a baseball bat, but it is often faster.
    04-22-10 02:31 PM
  14. MrObvious's Avatar
    No, BIS encryption is between your device and RIM. They use SSL to communicate with the mail servers (if supported).
    Oh ok. So it gets decrypted in Canada before going to Gmail in my case. That makes sense. Thanks!
    04-22-10 04:09 PM
  15. F0nage's Avatar
    Not strictly true. Admittedly, putting you in a cell and holding you there until you disclose the decryption keys is not strictly "cracking" but it is effective. The real bad guys have a slightly less subtle version involving a baseball bat, but it is often faster.
    Why do you say "not strictly true" and then go on to agree with me?

    When used correctly, the over the counter crypto available today is stronger than any organization's ability to attack it. Therefore, as I said, they resort to other methods than attacking the crypto. One of the most popular is rubber hose cryptanalysis.
    04-23-10 04:42 AM
  16. F0nage's Avatar
    Oh ok. So it gets decrypted in Canada before going to Gmail in my case. That makes sense. Thanks!
    You're welcome.
    04-23-10 04:43 AM
  17. renzomd's Avatar
    Consider this

    You go to your carrier site (say, sprint.blackberry.com)

    log in

    put your gmail icon on your BB desktop

    now, some clever company person duplicates your identity onto another instrument. BB pushes out service books, and presto, your personal email icon is on the BB desktop, and it is open.

    BB should force a password entry anytime that service books are pushed.
    08-13-10 10:05 PM
LINK TO POST COPIED TO CLIPBOARD