[kbz1960]

This bug affects all traffic, not just email. When making an online payment someone connected to the same Wi-Fi network could in theory see your card details.

The same could go for BBRY on an unsecured wifi hotspot could it not?

[Haxorleet]

Awaiting for a hack...
And laugh holding a beer when it happens.

[kbz1960]

That site only works in Safari. It's moot for anyone not running an iOS device or a Mac to even try.

Attachment 250290
And yeah, my Mac (thus far) remains unpatched but at least they got the iOS patch out.

So all the tested devices the member posted as tested were worthless to test too.

[Genghis2k3]

Jesus, The petty bickering that goes on here when someone mentions apple is getting old.

Annoying - perhaps, but there are few things more current on all of CB than the BlackBerry vs. Apple/android bickering that goes on daily

[RazrRob]

The same could go for BBRY on an unsecured wifi hotspot could it not?

This is no cogent argument for using iOS from a risk management perspective. You do everything you can to mitigate a risk and then assess the remaining risk. This is done with one simple question - is the remaining (residual) risk something we can live with? From a purely budgetary perspective their decision makes sense. From a risk perspective there is no comparison between the two platforms, especially when the DoD clearly admits they have no controls in place. Unsecured wifi hot spot is just a red herring.

[Wiki Cydia]

It's cheaper for them to use Apple phones and iPads than to use Q10 on a BES.

Think about that for a second. I'm all for a business charging a fair price for its product, but does it make sense for BBRY to price its solution above Apple, even when BBRY knows that it's at a disadvantage by not offering a tablet?

[RazrRob]

Think about that for a second. I'm all for a business charging a fair price for its product, but does it make sense for BBRY to price its solution above Apple, even when BBRY knows that it's at a disadvantage by not offering a tablet?

I may be wrong but the hardware the Air Force was contracting for were Apple 4 and iPad2, both older models, at least in terms of what's available, hence the price differential.

[deptech]

Think about that for a second. I'm all for a business charging a fair price for its product, but does it make sense for BBRY to price its solution above Apple, even when BBRY knows that it's at a disadvantage by not offering a tablet?

Apple products are typically more expensive, but Apple has the financial ability to sell at a loss, which may be happening. There is also the Buy American Act which will influence the decision if the cost of a foreign vs domestic product is close to a certain percentage. What price do you put on security, I believe security should have a more weighted influence on the decision for the DOD than cost. I also believe there is more to this decision than what is publicized, I would imagine the path to this decision was long and painful.

Z30 on 10.2.1.537 in Canada

[sk8er_tor]

Why are so many people jumping to defend Apple on this? The point is it was a big security hole, one that has been open for quite a while too. How many times have Apple devices been jail broken, been able to bypass the lock screen, had security holes? I lost count. But that's fine because Apple devices were made to be consumer devices. They were made to play games, watch movies, listen to music. Now people want them to work in their business environment and expect these devices to be secure. Well too bad, that's not what these devices were made to be and they will never get there unless they overhaul the core OS.

[Richard Buckley]

So you have to be on an unsecured network? And the hacker has to be on that same unsecured network? How many people with top secret info use unsecured wifi networks to do their business? No matter the OS, I'm not doing banking or anything like that on an open unsecured wifi hotspot.

Very wise, but how many people do banking in Starbucks using the free Wi-Fi?

This also ignores the potential for ID theft. Firesheep went viral because people don't understand the implication of using unsecured Wi-Fi hotspots without encryption on the application layer.

[Richard Buckley]

The same could go for BBRY on an unsecured wifi hotspot could it not?

Only if BlackBerry had the same bug. That would be easy enough to find out, I'm sure someone is looking at all handsets. So far there have been reports about flaws in iOS and Android banking applications. Anyone found any similar reports for BlackBerry applications?

[kbz1960]

Very wise, but how many people do banking in Starbucks using the free Wi-Fi?

This also ignores the potential for ID theft. Firesheep went viral because people don't understand the implication of using unsecured Wi-Fi hotspots without encryption on the application layer.

True. There are many people who do all kinds of things they shouldn't or wouldn't if they knew. I guess if I stick my hand in a bear trap and it gets cut off I should blame the bear trap maker for not making a safer for me bear trap? Or should I buy a different bear trap or just learn not to stick my hand into them because that's stupid?

I get it though, a lot of people can be affected by this if they happen to be on an unsecured wifi network where there happens to be another person on that same unsecured network waiting. And yes apples security isn't near BBRY's. I have to wonder why anyone uses windows as every month security holes are patched so they are constant vulnerabilities waiting to be hacked. I think ID theft happens to people only using a windows PC daily.

[app_Developer]

It's an embarrassing bug that could very easily have been caught in basic testing. What it proves, again, is that Apple doesn't make security testing a priority.

They are a consumer electronics company. 5,000 phones sold to the USAF won't even register in their financials.

Having said that, though, it's disappointing that they don't even test something as simple as this.

Sent from my Nexus 5 using Tapatalk

[grover5]

True. There are many people who do all kinds of things they shouldn't or wouldn't if they knew. I guess if I stick my hand in a bear trap and it gets cut off I should blame the bear trap maker for not making a safer for me bear trap? Or should I buy a different bear trap or just learn not to stick my hand into them because that's stupid?

I get it though, a lot of people can be affected by this if they happen to be on an unsecured wifi network where there happens to be another person on that same unsecured network waiting. And yes apples security isn't near BBRY's. I have to wonder why anyone uses windows as every month security holes are patched so they are constant vulnerabilities waiting to be hacked. I think ID theft happens to people only using a windows PC daily.

I'm not following your argument. Are you saying the flaw in Apples products is really the users fault?

Or are you saying the flaw is ok because windows pc's also experience security flaws?

Or are you saying apple iPhones were designed to provide no security or privacy and any user who doesn't expect to immediately lose all private information to unknown cyber crooks is as dumb as someone who expects to still have a hand after putting it in a bear trap?

The only consistency I'm seeing here is that no matter who you blame it better not be apple.

Posted via CB10

[kbz1960]

I'm not following your argument. Are you saying the flaw in Apples products is really the users fault?

Or are you saying the flaw is ok because windows pc's also experience security flaws?

Or are you saying apple iPhones were designed to provide no security or privacy and any user who doesn't expect to immediately lose all private information to unknown cyber crooks is as dumb as someone who expects to still have a hand after putting it in a bear trap?

The only consistency I'm seeing here is that no matter who you blame it better not be apple.

Posted via CB10

No I'm saying no matter what you use YOU have to be aware of what could happen if I............ I know most people don't worry or care about it until after they did something dumb and it effected them. Yes we may all be better off using one system over another and I guess those in the know and that care do.

Yes apple has vulnerabilities so does android so does wp so does BBRY otherwise BBRY would never have to release security patches either, which they do.

[Wiki Cydia]

I may be wrong but the hardware the Air Force was contracting for were Apple 4 and iPad2, both older models, at least in terms of what's available, hence the price differential.

That may be, but at a minimum the iPhone 4 and the iPad 2 are interoperable and run the same OS (and can run the same apps). BBRY doesn't offer a similar solution, which is a disadvantage here.

Apple products are typically more expensive, but Apple has the financial ability to sell at a loss, which may be happening.

Nothing in the article suggests anything being sold at a loss, or even at cost.

[app_Developer]

Only if BlackBerry had the same bug. That would be easy enough to find out, I'm sure someone is looking at all handsets. So far there have been reports about flaws in iOS and Android banking applications. Anyone found any similar reports for BlackBerry applications?

Well, to be fair, most researchers studying mobile security are focused on Android and iOS. Any potential vulnerability in BB10 would affect a very small number of people.

Likewise if you were a criminal trying to exploit a vulnerability, you would probably focus on the many hundreds of millions of people using Android and iOS.

[crackbrry fan]

Why worry about security? "We have nothing to hide" only if you have "top secret" information .eh?

Posted via CB10

[Wiki Cydia]

It's an embarrassing bug that could very easily have been caught in basic testing. What it proves, again, is that Apple doesn't make security testing a priority.

It also proves that most people don't really care about security. They talk a good game: "yeah my privacy is important." But it's really not that important, because the market's actions prove that security is well down the priority list, if it's on the list at all.

[jiminica]

As a frequent traveler, you will be amazed how many people do. I see it all the time, even when they have been trained not to, they do it anyway.

Posted via CB using my Q10

[Richard Buckley]

True. There are many people who do all kinds of things they shouldn't or wouldn't if they knew. I guess if I stick my hand in a bear trap and it gets cut off I should blame the bear trap maker for not making a safer for me bear trap? Or should I buy a different bear trap or just learn not to stick my hand into them because that's stupid?

I get it though, a lot of people can be affected by this if they happen to be on an unsecured wifi network where there happens to be another person on that same unsecured network waiting. And yes apples security isn't near BBRY's. I have to wonder why anyone uses windows as every month security holes are patched so they are constant vulnerabilities waiting to be hacked. I think ID theft happens to people only using a windows PC daily.

You have missed the point entirely. This bug is such that even a knowledgeable person would believe that they are secured by SSL / TLS, but aren't because the security protocol was implemented incorrectly.



Posted via CB10

[RazrRob]

Apple products are typically more expensive, but Apple has the financial ability to sell at a loss, which may be happening. There is also the Buy American Act which will influence the decision if the cost of a foreign vs domestic product is close to a certain percentage. What price do you put on security, I believe security should have a more weighted influence on the decision for the DOD than cost. I also believe there is more to this decision than what is publicized, I would imagine the path to this decision was long and painful.

Z30 on 10.2.1.537 in Canada

If you want to see what went behind the decision follow the connection through Fixmo

[kbz1960]

You have missed the point entirely. This bug is such that even a knowledgeable person would believe that they are secured by SSL / TLS, but aren't because the security protocol was implemented incorrectly.



Posted via CB10

While using an unsecured wifi hotspot while the malicious snooper is also on the same unsecured wifi hotspot is what I remember reading. Is it other than that?

[TheScionicMan]

That site only works in Safari. It's moot for anyone not running an iOS device or a Mac to even try.

Attachment 250290
And yeah, my Mac (thus far) remains unpatched but at least they got the iOS patch out.

This site would work on ANY browser that doesn't actually check the key against the certs. It just so happens that Safari seems to be the only one not doing this very important step. It's moot for anyone with a properly coded browser to expect to get to the site as configured

[TheScionicMan]

The same could go for BBRY on an unsecured wifi hotspot could it not?

It would be very difficult to set this up for a properly configured SSL connection. With this Apple flaw in the coding, it's a pretty simple matter to spoof a site. When you go to an HTTPS site, it will offer its cert and your browser checks that against the site's key. With this flaw in Apple browsers, a site can say "I'm Google.com" and their browsers say "Ok, continue..." without checking to see if it is valid.