What's the ramifications for us BlackBerry users? How compromised are we?
Posted via CB10 on an awesome Z10!
Printable View
What's the ramifications for us BlackBerry users? How compromised are we?
Posted via CB10 on an awesome Z10!
to those who don't know Heartbleed Bug have a read... but I think we should be safe... I could be wrong....
http://supportforums.blackberry.com/...ty/m-p/2850642 keep an eye on this too
Updated and moving threads around, I think this belongs to the main BlackBerry discussion...
If it does have OPENSSL then it's affected. for those of you who don't know heartbleed it's a bug in openssl that is considered dangerous and could lead you bankrupt :)
A flaw in the popular OpenSSL software has left millions of people vulnerable to having their banking information, tax files, emails, and other online data exposed. And there's no way to know if someone has accessed your information.
Nicknamed "Heartbleed," the "bug" is actually a weakness in OpenSSL's cryptographic software that makes SSL/TLS encryption backfire on computer users. The "https" protocol that is supposed to identify a secure website is actually a signal to hackers that the site is vulnerable to cyber attack. The hackers can then trick a computer's server into sending data stored in its memory.
Google security researcher Neel Mehta was the first to discover Heartbleed, and the weakness was confirmed by internet security firm Codenomicon. Alarmingly, researchers found that the Heartbleed flaw has been in OpenSSL for two years. It is unknown if attacks have been carried out, because exploiting the software loophole leaves no trace.
Well what I got from that support forum of BB someone claims
expect BBLink to be updated in the near future... lolYES, We need to know if Blackberry Link is affected as it installs the NGINX web-server on your local PC. That web-server is AFFECTED by the HEARTBLEED bug.
Wonder if the Android runtime is affected. Android version 4.1(.0) and 4.1.1 are affected by Heartbeat as it shipped with OpenSSL 1.0.1, but I don't know what if BB uses OpenSSL for the runtime and if so what version it uses.
Everything that goes in and out of the runtime passes through the BB QNX mainframe, so I would assume that it isn't affected.
There's this site where one can get some info on the security of "SSL-affected" (my quotes) services: www.sllabs.com
It looks like this:
Attachment 262099
After input of "blackberry.com" these are the results:
Attachment 262100
Don't Know exactly how to interpret it as I'm not that tech savvy. Anyone cares to decipher?
More here...
Attachment 262101
Attachment 262103
Attachment 262104
Also, I've found this somewhere else, about other services (BlackBerry' not there):
Attachment 262105
Attachment 262106
[QUOTE=SubmarinerOne;10229162]There's this site where one can get some info on the security of "SSL-affected" (my quotes) services: www.sllabs.com
It looks like this:
Attachment 262099
After input of "blackberry.com" these are the results:
/QUOTE]
Attachments do not open on my PC and do not even appear on the Z30.
Who is ssllab??
? Slicing using my ?
SubmarinerOne: Link should be S S L L a b s, not the random I-don't-know-what-I've-just-clicked thing. o.O
The attack happens only open when you log into a ssl1.0 server encryption. It isn't something to fix on the browser because while you are connected to a encryption website your traffic between the server and you is visible and therefore vulnerable to having all data going through to being copied and used to gain access for illicit purposes
Posted via CB10
Has BlackBerry made a comment concerning Heartbleed on their devices and BlackBerry Link ?
Z30 : posted via CB10 app
is this a true statement from BlackBerry :
Update; BlackBerry customers can rest assured that while BlackBerry continues to investigate, we have determined that BlackBerry smartphones, BlackBerry Enterprise Server 5 and BlackBerry Enterprise Service 10 are not affected and are fully protected from the OpenSSL issue.
Z30 : posted via CB10 app
KB35882-BlackBerry response to OpenSSL “Heartbleed” vulnerability
Affected Software
�BBM for iOS and Android
�Secure Work Space for iOS and Android
�BlackBerry Link for Windows
�BlackBerry Link for Mac OS
I pulled this from their blog about this:
Affected Software
BBM for iOS and Android
Secure Work Space for iOS and Android
BlackBerry Link for Windows
BlackBerry Link for Mac OS
Non-Affected Software
Are BlackBerry smartphones affected?
No.
So those on BB10 and BBOS devices should be ok.
Powered by my BlackBerry (Z10). Join my #BBM Channels C001227CF, C00476C37, C003829C9, C002454C9,C002190AC, C00120CE3
Correct BlackBerry phone are secured buy are getting s' patch for BBM ios and Droid and SWS ios and Droid
Z30 : posted via CB10 app
The browser is affected
https://revoked.grc.com/
Posted via CB10
Has BlackBerry put out a statement
Z30 : posted via CB10 app
An awful lot of Apps must be also.
Posted via CB10 on a Z10
In this day and age of supercomputers, hackers and open networks, NOTHING is 100% safe, period.
Anyone who thinks otherwise, remember an old saying that still holds true today! A fool and his/her money is soon parted.
Sent from z30 on T Mobile USA 10.2.1.2160
BlackBerry is now aware of this. I sent it to Michael Clewley and he has forwarded to the rights team.
Posted via CB10
I can't see the link can you post the contents here?
Posted via CB10
What would you like posted? The link to test just says if you see this your browser is vulnerable.
Posted via CB10
OK, I can't access the link, I was curious as to the contents. Thanks.
Posted via CB10
Recent update : BlackBerry Users protected by Heartbleed but will patch BBM iOS and Android but BBM on iOS & Android remains a small risk.
https://research.tdwaterhouse.ca/res...14-L2N0N50G9-1
Z30 : posted via CB10 app