03-11-11 08:19 AM
111 1234 ...
tools
  1. Daniel Ratcliffe's Avatar
    Once your email address is transmitted to a malicious server yes you can get spammed. It has nothing to do with your phone.

    Posted from my CrackBerry at wapforums.crackberry.com
    It's not me being spammed. I set up filters to block their emails. It's their god-damn emails, and not everyone on my contacts list knows how to block emails... or texts for that matter. I sure hope they start spamming Apple, since I had Apple's email address in xD
    02-27-11 08:47 AM
  2. qbnkelt's Avatar
    But wouldn't your filters in your personal email block them from coming to your BBerry? I think I'm missing something.
    02-27-11 09:22 AM
  3. Daniel Ratcliffe's Avatar
    I hadn't really got much in the way of emails off them myself, but I did it anyway just to be safe when I read they were Spam City. I fear it is my friends who are falling prey...
    02-27-11 09:30 AM
  4. dcsr23's Avatar
    This seems like another forum post for trolling purposes to justify the owning of a blackberry vs any of the other great platforms out there.

    i7 did you actually read this article, or just figured posting it to stir the hornets nest up?

    To sum it up... "User installs malicious app with knowledge and machine is now infected." This could happen to anyone regardless of platform. I'd really like to hear your answer when Blackberry starts running Android apps... will that still make them "more secure" then?
    02-27-11 09:58 AM
  5. Daniel Ratcliffe's Avatar
    This seems like another forum post for trolling purposes to justify the owning of a blackberry vs any of the other great platforms out there.

    i7 did you actually read this article, or just figured posting it to stir the hornets nest up?

    To sum it up... "User installs malicious app with knowledge and machine is now infected." This could happen to anyone regardless of platform. I'd really like to hear your answer when Blackberry starts running Android apps... will that still make them "more secure" then?
    I'd say that with the likes of JaredCo and their spamfest I believe making up 85% of developers in BB App World, that Android is already more secure than RIM. Without apps, then I would say BB is more secure, but good developers generally hate developing for BB...
    02-27-11 10:04 AM
  6. iN8ter's Avatar
    The point is RIM can allow the user to either leave their phone unsecured to secure it to the nth degree. It's pretty much immune from casual drive-bys when the phone is set up properly. The doesn't make the platform unsecure, it makes it as secure as the user wants. You are debating that a device is unsecure because the manufacturer allows that option. The question really is when the device is secured properly how unsecure is it?
    The poster you responded to has a point, though. There are lots of computers and servers that got hacked due to default settings. Consumers are lazy. It's the way things are.

    Having the Administrator account in [some versions of] Windows XP not have a password by default opened up every users to attack, and Microsoft ha to change it in Vista. On servers sometimes the default installation activates superfluous services which can have vulnurabilities, and servers have been hacked because of it. It's why decent UNIX and BSD OSes like FreeBSD and Solaris disable everything but required (to run the computer) services by default.

    With smartphones being so widely used these days, you have to look at it in a similar way because they have the capability to hold as much IMPOTANT information as a computer - more in some cases. They are also much easier to steal, and since the defaults on pretty much every smartphone OS are so insecure (and consumers are pretty much lazy in general), this leads to problems.

    Giving a consumer the option is like giving them a Norton AntiVirus CD to install, but having the installation program turn off the AV program and give them to option to turn it on later. All smartphones (don't care which platform, it's a general line of thinking) should ship with secure defaults or have a non-exitable Setup application that prompts them to setup the phone in a secure fashion and doesn't allow early Exiting of said Setup application.

    Blackberries don't attempt to persuade the user to set up their device securely.

    Android does not.

    Windows Mobile doesn't.

    Windows Phone 7 doesn't.

    They all fail in that regard. At least attempting to have secure defaults matters more than any article that only a small fraction of the user base will see. People who use all smartphone platforms should be asking for that: secure defaults, or a setup app that tries to persuade the user to set up their phone to be at least moderately secure: i.e. Encrypted Storage/SD Card, at least a 4 letter passcode with no repeated numbers, and a screen lockout <= 3 minutes.
    02-28-11 01:21 AM
  7. i7guy's Avatar
    The poster you responded to has a point, though. There are lots of computers and servers that got hacked due to default settings. Consumers are lazy. It's the way things are.

    Having the Administrator account in [some versions of] Windows XP not have a password by default opened up every users to attack, and Microsoft ha to change it in Vista. On servers sometimes the default installation activates superfluous services which can have vulnurabilities, and servers have been hacked because of it. It's why decent UNIX and BSD OSes like FreeBSD and Solaris disable everything but required (to run the computer) services by default.

    With smartphones being so widely used these days, you have to look at it in a similar way because they have the capability to hold as much IMPOTANT information as a computer - more in some cases. They are also much easier to steal, and since the defaults on pretty much every smartphone OS are so insecure (and consumers are pretty much lazy in general), this leads to problems.

    Giving a consumer the option is like giving them a Norton AntiVirus CD to install, but having the installation program turn off the AV program and give them to option to turn it on later. All smartphones (don't care which platform, it's a general line of thinking) should ship with secure defaults or have a non-exitable Setup application that prompts them to setup the phone in a secure fashion and doesn't allow early Exiting of said Setup application.

    Blackberries don't attempt to persuade the user to set up their device securely.

    Android does not.

    Windows Mobile doesn't.

    Windows Phone 7 doesn't.

    They all fail in that regard. At least attempting to have secure defaults matters more than any article that only a small fraction of the user base will see. People who use all smartphone platforms should be asking for that: secure defaults, or a setup app that tries to persuade the user to set up their phone to be at least moderately secure: i.e. Encrypted Storage/SD Card, at least a 4 letter passcode with no repeated numbers, and a screen lockout <= 3 minutes.
    While I am security conscious you can't force a user to lock their car doors, or secure their phone.

    There are people who don't need government level encryption on their smartphones and shouldn't be required to have it. It's an individual choice.

    If you leave you car door unlocked, even in a supposed safe neighboorhood...
    02-28-11 03:23 PM
  8. i7guy's Avatar
    This seems like another forum post for trolling purposes to justify the owning of a blackberry vs any of the other great platforms out there.

    i7 did you actually read this article, or just figured posting it to stir the hornets nest up?

    To sum it up... "User installs malicious app with knowledge and machine is now infected." This could happen to anyone regardless of platform. I'd really like to hear your answer when Blackberry starts running Android apps... will that still make them "more secure" then?
    If you actually read the article you might have noticed it did say the words "top target". That's what makes it newsworthy.

    It appears to me the article is saying Android users are loosey goosey with the apps more so than Blackberry users and the popularity of apps will make it more easier for app writers to hide their malicous content.

    To say all phones are subject to viruses and malware is a truism but it doesn't reflect the fact RIM has stayed under the radar for whatever reason.

    When that changes, I'll come back and debate this again.
    02-28-11 03:29 PM
  9. iN8ter's Avatar
    While I am security conscious you can't force a user to lock their car doors, or secure their phone.

    There are people who don't need government level encryption on their smartphones and shouldn't be required to have it. It's an individual choice.

    If you leave you car door unlocked, even in a supposed safe neighboorhood...
    You obviously can't read.

    I'm through with you.
    03-01-11 02:06 AM
  10. i7guy's Avatar
    You obviously can't read.

    I'm through with you.
    That's one way of conceding you've lost the argument.
    03-01-11 07:13 AM
  11. Branta's Avatar
    But wouldn't your filters in your personal email block them from coming to your BBerry? I think I'm missing something.
    I believe the problem is that Jared Co applications steal the phone's contact database, and then spam the user's contacts. The spam is not confined to the unfortunate user who installs a Jared Co trojan.
    Daniel Ratcliffe likes this.
    03-01-11 07:37 AM
  12. Rickroller's Avatar
    That's one way of conceding you've lost the argument.
    No..i think it has more to do with having a pointless conversation with someone (i.e. you) who just keeps re-itterating the same off topic nonsense. It's like trying to have a conversation with Rain Man when Judge Whopner is on..
    03-01-11 08:08 AM
  13. i7guy's Avatar
    No..i think it has more to do with having a pointless conversation with someone (i.e. you) who just keeps re-itterating the same off topic nonsense. It's like trying to have a conversation with Rain Man when Judge Whopner is on..
    No, dude. Your comment is off-topic.

    My other comments are relevant to the thread title and linked article.

    I agree with your comment, but I really wonder who is Rain Main and who is Judge Whopner...
    03-01-11 08:21 AM
  14. Rickroller's Avatar
    You just keep spouting the same stuff..."If you leave the vehicle unlocked and the keys in it", "It's not the device, it's the user" blah blah..

    As i've said before WE ALL KNOW THIS. Someone makes a point and you just keep spouting the same ****e..move along already.

    "Definately gotta watch Judge Whopner..definately definately"
    03-01-11 08:26 AM
  15. i7guy's Avatar
    You just keep spouting the same stuff..."If you leave the vehicle unlocked and the keys in it", "It's not the device, it's the user" blah blah..

    As i've said before WE ALL KNOW THIS. Someone makes a point and you just keep spouting the same ****e..move along already.

    "Definately gotta watch Judge Whopner..definately definately"
    Blah, blah, blah, blah. Yada, yada, yada. I've promised myself I would always post on these internet forums the way I would like to have a conversation. But sometimes it is just not possible.

    WE ALL KNOW EVERYTHING. The same stuff keeps getting rehashed. In thousands of posts, nothing unique has really been said.
    03-01-11 08:35 AM
  16. Rickroller's Avatar
    WE ALL KNOW EVERYTHING. The same stuff keeps getting rehashed. In thousands of posts, nothing unique has really been said.
    +1 to that..each thread is the same thing just with different wording lol
    03-01-11 09:24 AM
  17. JRSCCivic98's Avatar
    I believe the problem is that Jared Co applications steal the phone's contact database, and then spam the user's contacts. The spam is not confined to the unfortunate user who installs a Jared Co trojan.
    With all the contacts and prestige that CB higher ups have with RIM, why aren't they doing their part to make RIM aware of the issue. I don't understand why they still haven't pulled those apps with more then 6 months worth of issues and complaints.
    03-01-11 09:48 AM
  18. FigureThisOut's Avatar
    With all the contacts and prestige that CB higher ups have with RIM, why aren't they doing their part to make RIM aware of the issue. I don't understand why they still haven't pulled those apps with more then 6 months worth of issues and complaints.
    Probably because Jared Co. are in RIM's pocket. That, and because there probably aren't so many complaints. Imagine people that do frequent forums like us and are using the apps. They most likely have absolutely NO IDEA what's going on. Now if they knew, I'm sure the e-mails and complaints would grow by a huge margin.

    I could see a big company saying "Okay, we know what's going on. But if we really start getting an overwhelming number of complaints about you guys, then that'll be our cue to do something."
    03-01-11 12:26 PM
  19. iN8ter's Avatar
    That's one way of conceding you've lost the argument.
    No. You just can't read. You're trolling hard, but I feel the need to set you straight.

    From my post.

    Giving a consumer the option is like giving them a Norton AntiVirus CD to install, but having the installation program turn off the AV program and give them to option to turn it on later. All smartphones (don't care which platform, it's a general line of thinking) should ship with secure defaults or have a non-exitable Setup application that prompts them to setup the phone in a secure fashion and doesn't allow early Exiting of said Setup application.
    This means that anyone with an insecure phone... It's their fault. At the moment, it's not chiefly their fault, because many of those options are hidden in an already rather mundane tree of options that lots of people simply don't see them.

    If you do not have your AV/FW application active on your computer, Windows pops up and says "Your Computer isn't secure" (basically) and there's a quick option to turn that stuff back on. Smartphones don't offer that, and the options systems on most smartphone OSes (blackberry, Symbian, Windows Mobile especially) aren't worth most people's time to navigate and find it.

    Also, the Setup applications really don't help the user set up everything on the phone... Just the basics, and those Setup programs can be exited the minute the phone is turned on, making them largely useless.

    So... In the future, READ the post you're replying to before you leak your postal diarrhea on the forum.

    Also, I'd like to remind you that much of the security of Blackberries are tied to BES, which means without a BES account you really only have access to about 10% of the whole of RIM's security features on the phone... They should build Policy Support into Desktop Manager and allow consumers to enable them on their phone if they don't have a BES account, IMO.

    Ciao!
    Last edited by N8ter; 03-01-11 at 11:30 PM.
    03-01-11 11:28 PM
  20. dcsr23's Avatar
    If you actually read the article you might have noticed it did say the words "top target". That's what makes it newsworthy.

    It appears to me the article is saying Android users are loosey goosey with the apps more so than Blackberry users and the popularity of apps will make it more easier for app writers to hide their malicous content.

    To say all phones are subject to viruses and malware is a truism but it doesn't reflect the fact RIM has stayed under the radar for whatever reason.

    When that changes, I'll come back and debate this again.
    The reason it's a top target is because it's a popular platform and their are 4x the number of actual apps people use. It's no different then Windows having more viruses than Macs.

    To me it seems like you need to justify another reason to owning your inferior blackberry with minimal app support. Yeah it's hard not to be less secure when you don't have a choice of over 100,000 apps to install.
    03-02-11 01:32 AM
  21. i7guy's Avatar
    No. You just can't read. You're trolling hard, but I feel the need to set you straight. !
    Do you know what the definition of a troll is? I've seen some of your posts and they fit the definition.

    From my post.



    This means that anyone with an insecure phone... It's their fault. At the moment, it's not chiefly their fault, because many of those options are hidden in an already rather mundane tree of options that lots of people simply don't see them.

    If you do not have your AV/FW application active on your computer, Windows pops up and says "Your Computer isn't secure" (basically) and there's a quick option to turn that stuff back on. Smartphones don't offer that, and the options systems on most smartphone OSes (blackberry, Symbian, Windows Mobile especially) aren't worth most people's time to navigate and find it.

    Also, the Setup applications really don't help the user set up everything on the phone... Just the basics, and those Setup programs can be exited the minute the phone is turned on, making them largely useless.

    So... In the future, READ the post you're replying to before you leak your postal diarrhea on the forum.

    Also, I'd like to remind you that much of the security of Blackberries are tied to BES, which means without a BES account you really only have access to about 10% of the whole of RIM's security features on the phone... They should build Policy Support into Desktop Manager and allow consumers to enable them on their phone if they don't have a BES account, IMO.

    Ciao!

    On Blackberries there is a trade off between security and battery-life. I don't know if other platforms give those options or if it's a one size fits all. But I like having options.

    You're somewhat wrong about BES. With a BIS account you can turn on the strongest level of security and encrypt your media card. As far as the communication stream between phone and server I don't know and I don't care.

    As far as leaking "postal diarrhea" you've done a very good job, you get an A+.
    03-02-11 06:48 AM
  22. qbnkelt's Avatar
    And to me that seems like an oversimplification of the issue.
    As to a determination of what device is "inferior," that depends on what functionalities/attributes are being discussed.
    a

    Posted from my CrackBerry at wapforums.crackberry.com
    03-02-11 06:53 AM
  23. i7guy's Avatar
    The reason it's a top target is because it's a popular platform and their are 4x the number of actual apps people use. It's no different then Windows having more viruses than Macs.

    To me it seems like you need to justify another reason to owning your inferior blackberry with minimal app support. Yeah it's hard not to be less secure when you don't have a choice of over 100,000 apps to install.
    It's also a top target due to a bunch of vulnerabilities. A poster recently posted an article from engadget on a reported stack overflow hack for IOS. It's one thing to have an app misuse my information after I've given consent, it's a whole different level to do a drive by stack overflow or take advantage of a critical vulnerability in the O/S to get root access.

    It seems to me Android is going to become irrelevant with the news of a Blackberry virtual machine to run Android apps. Since for you it appears to be quantity and not quality I can see you back on Blackberry once this happens.
    03-02-11 06:54 AM
  24. scorpiodsu's Avatar
    03-02-11 08:54 AM
  25. JRSCCivic98's Avatar
    It's also a top target due to a bunch of vulnerabilities. A poster recently posted an article from engadget on a reported stack overflow hack for IOS. It's one thing to have an app misuse my information after I've given consent, it's a whole different level to do a drive by stack overflow or take advantage of a critical vulnerability in the O/S to get root access.

    It seems to me Android is going to become irrelevant with the news of a Blackberry virtual machine to run Android apps. Since for you it appears to be quantity and not quality I can see you back on Blackberry once this happens.
    The same can be said for your example. The user would have to trigger that stack overflow to trigger the exploit (be it visiting a website or whatever is needed to be done for that to happen). If they don't do that (similar to your not installing a malitious app off of AppWorld and giving it permission to your stuff), the problem won't happen on their platform either.

    One very nice point is brought up in the Engadget version of this article. Android 2.2.2 is imune to the hacks used in those apps. Right now the only handsets to get this update and contant updates are the Nexus ones. Seems Google takes care of their own and a lot of vulnerability blame can be put on other Android handset manufacturers for not allowing Google to do their own OS updates across all hardware makes. Having to wait for Samsung/HTC/Motorola to release and update for security reasons seems rediculous. This has always been a weakness for anyone who hands over control of their platform OS to that of a manufacturer or a carrier (in RIM's case). Apple sucks because their updates aren't quick and constant. They seem to want to pool fixes together and make one giant OS update every few months or so. I wish they'd treat iOS a bit more like OSX in terms of patches... maybe 5 will bring OTA updates, who knows.
    03-02-11 10:19 AM
111 1234 ...
LINK TO POST COPIED TO CLIPBOARD