[blackberry-unlocking710]

I stay with Blackberry !

[qbnkelt]

LOL. are you implying that the posts in this thread are from real security experts. um yeah right. If so, I'd like to hear from them maybe they could post their background in infosec.

*No one* deeply involved in the security community or with a high clearance who abides by the community's security regulations will give background information about their jobs other than in the most vague manner, and would not disclose the agency on a public forum.

And anyone who does needs to have his position and clearance revoked.

[collide.six]

*No one* deeply involved in the security community or with a high clearance who abides by the community's security regulations will give background information about their jobs other than in the most vague manner, and would not disclose the agency on a public forum.

And anyone who does needs to have his position and clearance revoked.

I guess we'll never know...

[collide.six]

I've been in network design, implementation and support for 15 years, 12 of which contracting to Federal government which I'm still currently doing. Do both data and voice, and the secure transport of both.

Well I suppose I stand corrected then.. somebody who should know what he's talking about.

[collide.six]

Has anyone considered that since the US Government is wanting to deploy smartphones and other devices in the field were life and limb are at risk that they would want to be in total control of that technology from end to end. Suppose we have troops in the field with blackberries and RIM has a "core switch failure" and their shoddy backup fails just like what supposedly happened last week. Should the lives of US soldiers be put at risk because of that? I think not. We all like RIM but I surely wouldn't put human lives in the hands of a corporation in the US let alone in another country. Corporations are known to make stupid decisions to save a buck.
One also has to consider espionage, spies, bribery etc. It's feasible that the Blackberry encryption could be bypassed or compromised by internal RIM employees providing access or information to enemies of the United States. Just a thought.

[qbnkelt]

One also has to consider espionage, spies, bribery etc. It's feasible that the Blackberry encryption could be bypassed or compromised by internal RIM employees providing access or information to enemies of the United States. Just a thought.

On this....you are referring right now to social engineering risks, which would be there regardless of the platform used. Whether you speak of manipulations within an agency to gain secure data or information, or whether you speak of actual man on the ground type of penetration, these are risks that are independent of any type of mobile platform.
The greatest single loss to U.S. intelligence was as a result of a disgruntled high level employee who felt unappreciated and who felt superior to his leadership. Robert Hanssen was not part of a foreign government. Espionage and briberies don't need RIM. They happened before and they will happen again. And they will happen with iOS, Android and BB.

The point is to keep the platform used from providing or leaking that information through the course of its own functionalities. Frankly, there exist enough vulnerabilities in iOS and Android that they have not been FIPS certified in spite of trying for years, particularly in the case of iOS.

It will happen one day, but in a flavour very different from what people have come to expect out of iOS or Android.

[collide.six]

I'd argue that it'd be much easier to bribe some schlub that works in RIMs IT dept to install a backdoor trojan, root kit, sniffer or whatever is needed in their datacenter then it would be to do the same in a high level locked down Government facility. Or to wait for some disgruntled Government employee to turn. Also during a time of war what's to stop enemies of the US from just um "taking out" RIMs data center. The architecture used by RIM is not well suited for geographical redundancy.

Has it really been a priority for Apple to get their iOS FIPS certified? They certainly have the resources and cash to make it happen if they really wanted to. I suspect that it's not a primary focus for them.

[Tre Lawrence]

I'd argue that it'd be much easier to bribe some schlub that works in RIMs IT dept to install a backdoor trojan, root kit, sniffer or whatever is needed in their datacenter then it would be to do the same in a high level locked down Government facility. Or to wait for some disgruntled Government employee to turn. Also during a time of war what's to stop enemies of the US from just um "taking out" RIMs data center. The architecture used by RIM is not well suited for geographical redundancy.

Has it really been a priority for Apple to get their iOS FIPS certified? They certainly have the resources and cash to make it happen if they really wanted to. I suspect that it's not a primary focus for them.

ITA... I don't think it is a major focus for Apple or Google.

[qbnkelt]

I'd argue that it'd be much easier to bribe some schlub that works in RIMs IT dept to install a backdoor trojan, root kit, sniffer or whatever is needed in their datacenter then it would be to do the same in a high level locked down Government facility. Or to wait for some disgruntled Government employee to turn. Also during a time of war what's to stop enemies of the US from just um "taking out" RIMs data center. The architecture used by RIM is not well suited for geographical redundancy.

Has it really been a priority for Apple to get their iOS FIPS certified? They certainly have the resources and cash to make it happen if they really wanted to. I suspect that it's not a primary focus for them.

At first glance, it would appear that it is easier to get a low paid person at RIM to do it. But intelligence operations would tell you that homegrown sources are not that difficult to come by. They do turn rather more frequently than is commonly known. As far as hitting U.S. interests, RIM's infrastructure would not be as high priority as other assets abroad, which would in fact be true American assets rather than Canadian. While RIM's data centers would be soft targets, the effects would not be as catastrophic as other possible hits. Therefore the risk would not be as high. IMO.

Apple has been seeking FIPS certification for quite a while now. As to whether it's a priority or not I would not guess. Apple is actively courting and has had great success in entering the corporate world. They have gained entry into certain sandboxed projects of high visibility. FIPS certification is not a easy project to undertake, so engaging in its pursuit is hardly casual.

[lnichols]

Has anyone considered that since the US Government is wanting to deploy smartphones and other devices in the field were life and limb are at risk that they would want to be in total control of that technology from end to end. Suppose we have troops in the field with blackberries and RIM has a "core switch failure" and their shoddy backup fails just like what supposedly happened last week. Should the lives of US soldiers be put at risk because of that? I think not. We all like RIM but I surely wouldn't put human lives in the hands of a corporation in the US let alone in another country. Corporations are known to make stupid decisions to save a buck.
One also has to consider espionage, spies, bribery etc. It's feasible that the Blackberry encryption could be bypassed or compromised by internal RIM employees providing access or information to enemies of the United States. Just a thought.

The outage was on BIS. Military and Government would use BES for sensitive information, and they can prevent data from going to and through the BIS via policies. BES service is up to the organization that owns the BES to engineer and keep working and operational and handle what data flows. The only issue I know about during the outage for BES was bringing up new Blackberry devices, but existing ones worked without issue.

The only way to guarantee data is 100% secure is to not have data. Everything else is mitigation.

[collide.six]

The outage was on BIS. Military and Government would use BES for sensitive information, and they can prevent data from going to and through the BIS via policies. BES service is up to the organization that owns the BES to engineer and keep working and operational and handle what data flows. The only issue I know about during the outage for BES was bringing up new Blackberry devices, but existing ones worked without issue.

The only way to guarantee data is 100% secure is to not have data. Everything else is mitigation.

All data go through the mighty RIM. BIS and BES. Not everybody was effected by the latest outage. We had some people at my place of work not getting data services while others could. All on BES.

[qbnkelt]

I'm on BES at work and I was not affected. I do know some people in another agency who were. It seemed to have been sporadic.

[hornlovah]

All data go through the mighty RIM. BIS and BES. Not everybody was effected by the latest outage. We had some people at my place of work not getting data services while others could. All on BES.

No. A mil-spec, secure device will connect to a secured military network using the exact protocol they specify. Your assertions that troops could somehow be at risk due to a core switch failure at RIM or corrupt RIM employees simply have no basis in reality.

[belfastdispatcher]

It was reported in the uk media that bes devices were not affected, they might go trough the same server location but maybe they have separate servers just for BES and it would make sense.

A BES device can access BIS services as well, BBM is BIS for example so BES devices couldn't bbm troughout the outage but BES services were not affected.

Posted from my CrackBerry at wapforums.crackberry.com