- 02-22-14 03:07 PMLike 1
- Here's a test site that you can check your browsers against. The owner set up this port to be signed with a different key than the certs it presents. If your SSL security is implemented correctly, you'll get an SSL error from this link. Unpatched Apple users should be able to get to the site.
https://www.imperialviolet.org:1266/
I tested on Z10, PlayBook and a Nexus 4 and all caught the mismatch.
Posted via CB1002-22-14 03:10 PMLike 0 - The Snowden releases showed that the iPhone is known to be the easiest cell phone to hack. If I was the head of internal data security for the US military, for which the Air Force is responsible, and I thought that there might be a big security issue from someone inside, then I would make everyone carry a phone that was known to be easy to hack, such as 100% hackable, such as the iPhone.02-22-14 03:14 PMLike 0
- I'm not splitting hairs at all. The person he was responding to wasn't addressing typical users. . . users with "top secret info" were specifically referenced.02-22-14 04:40 PMLike 0
-
- Because the US airforce announced they are going with iphone instead of blackberry, now a major flaw was revealed in iphone. How isnt it related?CerveloJohn likes this.02-22-14 05:17 PMLike 1
- So you have to be on an unsecured network? And the hacker has to be on that same unsecured network? How many people with top secret info use unsecured wifi networks to do their business? No matter the OS, I'm not doing banking or anything like that on an open unsecured wifi hotspot.
The problem is that the device is not checking the certificate. If someone can trick your device into connecting to another place than the intended one (and there are myriad ways of doing this, from simple speed by being closer to poisoning resolver caches to other, more-esoteric things) you are screwed as your device will THINK it is talking to the correct server when it is not, and it will dutifully negotiate a SSL connection with the fake that then delivers unencrypted data to the fake site!
The fake could then simply steal it with a fake login prompt or worse, connect to the real one, pass it through transparently and steal your login and password in the process and you would have no idea it happened.
There is no defense against this; I looked at the actual code "error" and what I want to know is when the bad code got in there and how many revs back have been sent out with this. There is every reason to believe this isn't a new problem and if so the number of thefts that have likely taken place are extremely high, including some really nasty systemic thefts that have involved re-routing traffic temporarily on the backbone through places like China and Belarus.02-22-14 07:44 PMLike 0 - no, its showing how USAF dropped BB to go with Apple and people on here said it was a dumb idea because of security issues - this came up in a BB forum - seems relevant to me foks!BriGuy19872015 likes this.02-22-14 08:20 PMLike 1
- kbz1960Doesn't MatterHere's a test site that you can check your browsers against. The owner set up this port to be signed with a different key than the certs it presents. If your SSL security is implemented correctly, you'll get an SSL error from this link. Unpatched Apple users should be able to get to the site.
https://www.imperialviolet.org:1266/
I tested on Z10, PlayBook and a Nexus 4 and all caught the mismatch.02-22-14 10:31 PMLike 0 - I work in risk management for a large multinational. We used to be BlackBerry only but now it's byod. Even though there is a policy that transmitting sensitive proprietary information via a smartphone is a terminable event, guess what? People still do it because it's easy and convenient. Just because there is a rule in place does not guarantee people will abide by it. So why take the chance?02-22-14 11:22 PMLike 0
- I work in risk management for a large multinational. We used to be BlackBerry only but now it's byod. Even though there is a policy that transmitting sensitive proprietary information via a smartphone is a terminable event, guess what? People still do it because it's easy and convenient. Just because there is a rule in place does not guarantee people will abide by it. So why take the chance?kbz1960 likes this.02-23-14 12:53 AMLike 1
- I hope the USAF saw this news after they ditched Blackberry for Apple I-phone. This is evident that Apple products are susceptible to hackers because their IOS is not well secured, unlike the Blackberry that is #1 with phone security, even the POTUS has one. Shame on the US Air Force, I would have thought they would have followed their commander-in-chief and upgrade their phones to BES-10, but no they want to play candy crush and watch Nexflix all day, so they've switched to I-phone. Jokers!02-23-14 01:35 AMLike 0
-
Sent from my iPhone 5S using Tapatalk02-23-14 02:03 AMLike 2 - No matter what Security issues there is with Apple IOS Apple fans will not change, I work for the councils here in the UK they are all Apple and Microsoft Phones, it starts from the IT Manager's they are Apple fans , the directors are Apple Fans , they cannot see changing to BES 10 or a Blackberry platform, it is all about the apps,
If I was in a position of influence in IT I would want the most secure platform especially if I was in Government, but this how these councils operate, and what scares me, is if any data gets capture or hacked, who will they blame.02-23-14 02:34 AMLike 0 - Thank you for an intelligent comment. You don't build a platform, then in retrospect add a security patch and hope for the best. Security has to start at the ground floor which is why we hear at least 6-10 times a year about a security flaw.
Posted via CB10RazrRob likes this.02-23-14 04:55 AMLike 1 -
- True. But security clearly isn't the only priority. If it were, the USAF wouldn't be changing anything. (Also, again, the fact that these agencies use mobile platforms at all is per se proof that security is but one item on a list of priorities.) This is not new; security wasn't the only reason the USAF went with BlackBerry previously, either. Clearly though, BBRY had a lot more success competing against Palm and Windows Mobile than it does any of the current crop of competitors.02-23-14 05:24 AMLike 0
- Correct, Apple didn't reveal the exploit. However, the community revealed the exploit. It was stupidly simple to spot.
I suggest you read this: Understanding Apple's SSL/TLS Bug | iMore02-23-14 05:41 AMLike 0 - True. But security clearly isn't the only priority. If it were, the USAF wouldn't be changing anything. (Also, again, the fact that these agencies use mobile platforms at all is per se proof that security is but one item on a list of priorities.) This is not new; security wasn't the only reason the USAF went with BlackBerry previously, either. Clearly though, BBRY had a lot more success competing against Palm and Windows Mobile than it does any of the current crop of competitors.02-23-14 07:32 AMLike 0
- Because the holes keep coming...... every few weeks there is a new one. not the best platform to be using in any security capacity. Anyone can see that, if not they have their heads elsewhere.......apps or not.
If the app is that Important to have, then get the most secure company device in blackberry and develop the app for that....done!
Hate solves nothing, Respect gains everything!02-23-14 07:37 AMLike 0
- Forum
- Popular at CrackBerry
- General BlackBerry News, Discussion & Rumors
Apple Security Issue
« The "How many people have you converted to BlackBerry " Thread
|
Need help, company email server blacklisted by Blackberry! »
Similar Threads
-
Microphone issues
By nanapabb in forum BlackBerry Z10Replies: 15Last Post: 03-28-14, 03:51 PM -
MMS issues on Z10 since 10.2.1
By ReSeanRussell in forum BlackBerry Z10Replies: 12Last Post: 02-24-14, 05:07 AM -
Whatsapp beta dark theme and security settings updated
By FranRamos in forum BlackBerry 10 OSReplies: 29Last Post: 02-23-14, 10:08 AM -
OoVoO on BlackBerry z30 issue
By blackone85 in forum BlackBerry Z30Replies: 6Last Post: 02-22-14, 01:27 PM -
Touchscreen issue
By lady of the lake in forum BlackBerry Z30Replies: 3Last Post: 02-21-14, 07:38 PM
LINK TO POST COPIED TO CLIPBOARD