04-13-14 02:51 PM
26 12
tools
  1. nkBamz's Avatar
    nkBamz
    What's the ramifications for us BlackBerry users? How compromised are we?

    Posted via CB10 on an awesome Z10!
    04-10-14 12:30 PM
  2. zocster's Avatar
    zocster
    Network Moderator
    to those who don't know Heartbleed Bug have a read... but I think we should be safe... I could be wrong....

    http://supportforums.blackberry.com/...ty/m-p/2850642 keep an eye on this too

    Updated and moving threads around, I think this belongs to the main BlackBerry discussion...
    Last edited by zocster; 04-10-14 at 12:59 PM.
    04-10-14 12:49 PM
  3. UnlimitedEra's Avatar
    UnlimitedEra
    If it does have OPENSSL then it's affected. for those of you who don't know heartbleed it's a bug in openssl that is considered dangerous and could lead you bankrupt
    A flaw in the popular OpenSSL software has left millions of people vulnerable to having their banking information, tax files, emails, and other online data exposed. And there's no way to know if someone has accessed your information.

    Nicknamed "Heartbleed," the "bug" is actually a weakness in OpenSSL's cryptographic software that makes SSL/TLS encryption backfire on computer users. The "https" protocol that is supposed to identify a secure website is actually a signal to hackers that the site is vulnerable to cyber attack. The hackers can then trick a computer's server into sending data stored in its memory.

    Google security researcher Neel Mehta was the first to discover Heartbleed, and the weakness was confirmed by internet security firm Codenomicon. Alarmingly, researchers found that the Heartbleed flaw has been in OpenSSL for two years. It is unknown if attacks have been carried out, because exploiting the software loophole leaves no trace.
    04-10-14 01:25 PM
  4. zocster's Avatar
    zocster
    Network Moderator
    Well what I got from that support forum of BB someone claims

    YES, We need to know if Blackberry Link is affected as it installs the NGINX web-server on your local PC. That web-server is AFFECTED by the HEARTBLEED bug.
    expect BBLink to be updated in the near future... lol
    04-10-14 01:35 PM
  5. Ment's Avatar
    Ment
    Wonder if the Android runtime is affected. Android version 4.1(.0) and 4.1.1 are affected by Heartbeat as it shipped with OpenSSL 1.0.1, but I don't know what if BB uses OpenSSL for the runtime and if so what version it uses.
    04-10-14 02:45 PM
  6. masterscarhead1's Avatar
    masterscarhead1
    Originally Posted by Ment
    Wonder if the Android runtime is affected. Android version 4.1(.0) and 4.1.1 are affected by Heartbeat as it shipped with OpenSSL 1.0.1, but I don't know what if BB uses OpenSSL for the runtime and if so what version it uses.
    Everything that goes in and out of the runtime passes through the BB QNX mainframe, so I would assume that it isn't affected.
    04-10-14 02:51 PM
  7. SubmarinerOne's Avatar
    SubmarinerOne
    There's this site where one can get some info on the security of "SSL-affected" (my quotes) services: www.sllabs.com

    It looks like this:

    Heartbleed bug - is BlackBerry affected?-img_20140410_135035.png

    After input of "blackberry.com" these are the results:

    Attachment 262100

    Don't Know exactly how to interpret it as I'm not that tech savvy. Anyone cares to decipher?

    More here...

    Attachment 262101

    Attachment 262103

    Attachment 262104

    Also, I've found this somewhere else, about other services (BlackBerry' not there):

    Attachment 262105

    Attachment 262106
    04-10-14 02:54 PM
  8. sedalia066's Avatar
    sedalia066
    Ambassador
    [QUOTE=SubmarinerOne;10229162]There's this site where one can get some info on the security of "SSL-affected" (my quotes) services: www.sllabs.com

    It looks like this:

    Click image for larger version.  Name: IMG_20140410_135035.png  Views: 1980  Size: 128.2 KB  ID: 262099

    After input of "blackberry.com" these are the results:

    /QUOTE]

    Attachments do not open on my PC and do not even appear on the Z30.
    04-10-14 03:07 PM
  9. masterful's Avatar
    masterful
    Who is ssllab??

    ? Slicing using my ?
    04-10-14 03:18 PM
  10. limaofarofa's Avatar
    limaofarofa
    SubmarinerOne: Link should be S S L L a b s, not the random I-don't-know-what-I've-just-clicked thing. o.O
    04-10-14 03:33 PM
  11. bberryfan16's Avatar
    bberryfan16
    The attack happens only open when you log into a ssl1.0 server encryption. It isn't something to fix on the browser because while you are connected to a encryption website your traffic between the server and you is visible and therefore vulnerable to having all data going through to being copied and used to gain access for illicit purposes

    Posted via CB10
    04-10-14 04:36 PM
  12. jic999's Avatar
    jic999
    Has BlackBerry made a comment concerning Heartbleed on their devices and BlackBerry Link ?

    Z30 : posted via CB10 app
    04-10-14 06:50 PM
  13. jic999's Avatar
    jic999
    is this a true statement from BlackBerry :
    Update; BlackBerry customers can rest assured that while BlackBerry continues to investigate, we have determined that BlackBerry smartphones, BlackBerry Enterprise Server 5 and BlackBerry Enterprise Service 10 are not affected and are fully protected from the OpenSSL issue.


    Z30 : posted via CB10 app
    04-10-14 06:53 PM
  14. XP7051V3's Avatar
    XP7051V3
    KB35882-BlackBerry response to OpenSSL “Heartbleed” vulnerability

    Affected Software



    �BBM for iOS and Android
    �Secure Work Space for iOS and Android
    �BlackBerry Link for Windows
    �BlackBerry Link for Mac OS
    04-10-14 06:55 PM
  15. Jerale's Avatar
    Jerale
    Originally Posted by jic999
    Has BlackBerry made a comment concerning Heartbleed on their devices and BlackBerry Link ?

    Z30 : posted via CB10 app
    I pulled this from their blog about this:

    Affected Software
    BBM for iOS and Android
    Secure Work Space for iOS and Android
    BlackBerry Link for Windows
    BlackBerry Link for Mac OS

    Non-Affected Software
    Are BlackBerry smartphones affected?
    No.

    So those on BB10 and BBOS devices should be ok.

    Powered by my BlackBerry (Z10). Join my #BBM Channels C001227CF, C00476C37, C003829C9, C002454C9,C002190AC, C00120CE3
    04-10-14 07:20 PM
  16. jic999's Avatar
    jic999
    Correct BlackBerry phone are secured buy are getting s' patch for BBM ios and Droid and SWS ios and Droid

    Z30 : posted via CB10 app
    04-10-14 07:33 PM
  17. Guyzer's Avatar
    Guyzer
    The browser is affected

    https://revoked.grc.com/

    Posted via CB10
    bennelong likes this.
    04-12-14 11:33 PM
  18. jic999's Avatar
    jic999
    Has BlackBerry put out a statement

    Z30 : posted via CB10 app
    04-13-14 02:10 AM
  19. bennelong's Avatar
    bennelong
    Originally Posted by Guyzer
    The browser is affected

    https://revoked.grc.com/

    Posted via CB10
    An awful lot of Apps must be also.

    Posted via CB10 on a Z10
    04-13-14 05:46 AM
  20. bakron1's Avatar
    bakron1
    Ambassador
    In this day and age of supercomputers, hackers and open networks, NOTHING is 100% safe, period.

    Anyone who thinks otherwise, remember an old saying that still holds true today! A fool and his/her money is soon parted.

    Sent from z30 on T Mobile USA 10.2.1.2160
    04-13-14 06:18 AM
  21. peter0328's Avatar
    peter0328
    Originally Posted by Guyzer
    The browser is affected

    https://revoked.grc.com/

    Posted via CB10
    BlackBerry is now aware of this. I sent it to Michael Clewley and he has forwarded to the rights team.

    Posted via CB10
    Guyzer likes this.
    04-13-14 11:07 AM
  22. crackbrry fan's Avatar
    crackbrry fan
    Originally Posted by peter0328
    BlackBerry is now aware of this. I sent it to Michael Clewley and he has forwarded to the rights team.

    Posted via CB10
    I can't see the link can you post the contents here?

    Posted via CB10
    04-13-14 02:30 PM
  23. peter0328's Avatar
    peter0328
    Originally Posted by crackbrry fan
    I can't see the link can you post the contents here?

    Posted via CB10
    What would you like posted? The link to test just says if you see this your browser is vulnerable.

    Posted via CB10
    04-13-14 02:35 PM
  24. crackbrry fan's Avatar
    crackbrry fan
    Originally Posted by peter0328
    What would you like posted? The link to test just says if you see this your browser is vulnerable.

    Posted via CB10
    OK, I can't access the link, I was curious as to the contents. Thanks.

    Posted via CB10
    04-13-14 02:43 PM
  25. jic999's Avatar
    jic999
    Recent update : BlackBerry Users protected by Heartbleed but will patch BBM iOS and Android but BBM on iOS & Android remains a small risk.�
    https://research.tdwaterhouse.ca/res...14-L2N0N50G9-1


    Z30 : posted via CB10 app
    04-13-14 02:50 PM
26 12
« T-Mobile and Samsung offer you $200 to switch from a BlackBerry to a Samsung phone | QNX in healthcare? »

Similar Threads

  1. Is this really OEM housing??
    By dikku11 in forum BlackBerry Z10
    Replies: 4
    Last Post: 05-01-14, 09:25 PM
  2. People at BlackBerry need to be more hot blooded...
    By Ahmed Ragab in forum General BlackBerry News, Discussion & Rumors
    Replies: 13
    Last Post: 04-18-14, 01:48 AM
  3. A Thank You to all the app developers out there who support BlackBerry 10 natively!
    By CrackBerry News in forum CrackBerry.com News Discussion & Contests
    Replies: 1
    Last Post: 04-15-14, 05:35 PM
  4. WP having the fastest keyboard in the world? No, BlackBerry is faster :)
    By igor10000 in forum General BlackBerry News, Discussion & Rumors
    Replies: 66
    Last Post: 04-15-14, 05:11 AM
  5. Still trying to get big names in BlackBerry World?
    By adamtheshaw in forum Armchair CEO
    Replies: 5
    Last Post: 04-11-14, 12:35 AM
LINK TO POST COPIED TO CLIPBOARD