[qbnkelt]

Non detection in these countries has nothing to do with the security and limiting of internet, it has everything to do with where this malware originated.......That's right... China. The worlds most massive communist society. Then there's North Korea... the second most dominant communist society. WOW!!! Do you really think that the cyber security in China and Korea are far and above the other countries or do they have other things in common? The U.S., Britain, Canada, France, Italy, India, Germany.... etc etc etc.... Come on man.... They are all countries that have serious needs for security, and spend billions to ensure it. There is no way that China and Korea are more technically advanced than the rest of the world that they'd have better security. There are simply devices that are inherently less secure.

The only uptake of Android has been by a military channel that has taken the base OS and made it there own. It has ZERO similarity to the commercial or "enterprise" units out there. The locked down BlackBerry statement is the only place I feel you are correct, but, why haven't iPhones in business been locked down? How about WP devices? Aren't they all subject to the same limitations by their IT dept????? Come on man. That's the whole POINT!! BlackBerry units ARE MORE SECURE.

In countries where access to the internet itself is severely restricted, if even present, it can mean that these attacks are less successful. Yes, I do believe that security in highly restrictive societies can be even higher than in more "open" societies. They don't need to have "better" security, by the very nature of being as restrictive and there being less access there is less possibility for infiltration. Do you realise that access to the internet in Cuba was absolutely unavailable to the public until Raul Castro took power after Fidel Castro stepped down? Not available. Nada. Zip. Zilch. Can't have security breaches where there is nothing to breach.

However, these are specific high value targets.

A Blackberry, while being in fact inherently more secure, is not impenetrable and can be made vulnerable through irresponsible or careless use.

[qbnkelt]

Thanks for the link.

[I believe (oops, I must not use this word) think you're not personally concerned, but many will]

Just a question : do you use a different password for all your accounts ?
Scenario (I'm the hacker) :
I'm in your phone and gain access to your mailbox history.
I scan the messages; I'll probably get all the services you use (due to services messages like registration, notifications, etc).
For average user, this is the end. Bank accounts, mail accounts, social accounts ... "ohhh my precious".
Attachment 131388

OK, nothing is ever absolutely proof.
Now....I do not have the same password for all my accounts.
I change my passwords every time I change my passwords at work.
I keep no banking apps on my non BB devices.
All my devices are password locked and the media card is encrypted.
Out of all the devices I have ever owned, I have only lost one, my Skyrocket. There were no banking apps in it and that's the only device that had access to gmail.

Most important of all - I am extremely careful as to how I use my devices. I did have two phishing attacks that were not successful because I recognized them as such.

Did I tell you that I work in IT and manage secure systems behind secure federal firewalls?????? When I said:

"I've got to say....this, alongside clean BB10 phones with no issues like the 99xx bricking incidents, will be great news for RIM *inside the Beltway.* As a consumer, this won't keep me from using my iPhone or my iPad. I do not access any sensitive information on them."

I made a demarcation to what I will believe to be reactions *inside the Beltway* as opposed as my personal, consumer use of my devices. I do not have sensitive, in that context meaning work associated sensitive information, on my personal/consumer devices. Therefore there is no risk of my work device and any sensitive information being compromised. That information is not being vulnerable through my use of Instragram in my personal/consumer devices.....

You'll have to work mighty hard to get at my precious!!!!

[Superfly_FR]

You'll have to work mighty hard to get at my precious!!!!

I read carefully (is "drink" accurate ?) your inputs for over a year thus my "disclaimer"
You manage your devices and security concerns with a high level of consciousness and professionalism, I never doubted !
But I believe average user won't, that was my sole point , your "I do not access any sensitive information on them" may sound like the (in)famous "I've got nothing to hide" to some, and made me react, not targeting at you . Sorry if it was not clear.

[qbnkelt]

I read carefully (is "drink" accurate ?) your inputs for over a year thus my "disclaimer"
You manage your devices and security concerns with a high level of consciousness and professionalism, I never doubted !
But I believe average user won't, that was my sole point , your "I do not access any sensitive information on them" may sound like the (in)famous "I've got nothing to hide" to some, and made me react, not targeting at you . Sorry if it was not clear.

Oh baby I knew!!!!!

I just make a clear demarcation line between work sensitive and personal sensitive. NOTHING work sensitive on my personal non BB devices.....
That was the reason for my dismay at federal agencies using iOS.
And by the way you are absolutely correct....most consumers don't care. Until their banks are cleaned out.
Sent from my SEXY HOT RED SGIII using Tapatalk 2

[Superfly_FR]

From qbnkelt's doc :

Examples of "one-time" tasks [restricted to mobile devices by me]

• Wait for an iPhone or a Nokia phone to be connected. Once connected, retrieve information about the phone, its phone book, contact list, call history, calendar, SMS messages, browsing history
• Wait for a Windows Mobile phone to be connected. Once connected, infect the phone with a mobile version of the Rocra main component

Was the malware limited to only workstations or did it have additional capabilities, such as a mobile malware component?
Several mobile modules exist, which are designed to steal data from several types of devices:

• Windows Mobile
• iPhone
• Nokia

These modules are installed in the system and wait for mobile devices to be connected to the victim's machine. When a connection is detected, the modules start collecting data from the mobile phones.

[study_lady]

Stay secure w/ Blackberry

[qbnkelt]

Stay secure w/ Blackberry

Even a BB can be made insecure through irresponsible use.

NOTHING is impenetrable.

I'm not talking Secteras.

Sent from my SEXY HOT RED SGIII using Tapatalk 2

[magutwit]

. . .interesting to note what systems are vulnerable. . .even though I'm pretty sure Blackberry devices aren't any more immune. . .

I try to figure it out myself. What I understand so far is that there is no one single security, but a multitude of different risks : speaking about the overall security will always be a generalization.
In general terms though, BB and iPhone can seem to be more secure because they have an entire control over the OS. In general terms once again, BB may be more secure because of a more sophisticated code (that's what I wos told here, I didn't check it yet). In general terms, open source may be more vulnerable (because it's open). In some particularities, BBM is mores secure that any cross-platform (and I bet that it's more secure than text-messaging).

Now, can we say that one particular BB user is really better protected than another particular Android user? I don't think so, I think it depends on whether he is an important person, on his security options, on the use of his phone, etc.

And coming back to huge huge generalizations. The Economist made a nice article this summer (and even put it on the cover) : Who's afraid of Huawei? It's nothing like the doomsday or the comeback of the cold war, the magazine stays very reasonable, but points out a real problem : in a market economy, in the world where markets are open, a liberal country cannot discriminate Huawei for big infrastructure contracts just because it is Chineese. Still there are strong doubts on what Huawei does and how does it do it : in clear, if suspicions that Huawei provides help to the Chineese spies, it can deliver the malware infested products (and it's not only the phones, it can be infrastructure cables) that nobody will ever detect. So far there are no proofs, but can one take this risk? If one doesn't take the risk because of the suspicion, then it's not an open market anymore...

Now, Huawei will be a part of the Tizen team and some say that it's even possible that Samsung equips Galaxy 4 with Tizen (while others say that it will only be marginal). Will I ever buy a phone under Tizen (knowing that Huawei is in?)? Never. But how many people are aware that Samsung's Tizen is linked with Huawei? How many people read the Economist?
Huawei propose the Ansroid phones now? What are the real risks about it for Android users, are these risks simply possible? I don't know, I'd like to know...

[Superfly_FR]

Stay secure w/ Blackberry

NOTHING is impenetrable.

"Improve underlying security w/ BlackBerry. Still, watch your back".

[magutwit]

And, when I told my IT guy today that I would be getting the new BB, he actually tried to talk me into getting an Iphone instead, saying it was much more secure.

Did you ask him why? It's interesting.

[cjcampbell]

In countries where access to the internet itself is severely restricted, if even present, it can mean that these attacks are less successful. Yes, I do believe that security in highly restrictive societies can be even higher than in more "open" societies. They don't need to have "better" security, by the very nature of being as restrictive and there being less access there is less possibility for infiltration. Do you realise that access to the internet in Cuba was absolutely unavailable to the public until Raul Castro took power after Fidel Castro stepped down? Not available. Nada. Zip. Zilch. Can't have security breaches where there is nothing to breach.

However, these are specific high value targets.

A Blackberry, while being in fact inherently more secure, is not impenetrable and can be made vulnerable through irresponsible or careless use.

Seeing as these attacks were not aimed at the general public, having limited to no access is a moot point.

I didn't say it was impenetrable, I said "more secure". You commented that you've never had a banking app on a non BB. Why is that? Hmmmm..... Probably because it's more secure.

[magutwit]

Seeing as these attacks were not aimed at the general public, having limited to no access is a moot point.

I believe there are actually : something like general infesting with or without immeadiate start of gathering of large amounts of information which will be then gathered and analysed through filters or formulae. National security offices don't need your bank account, they don't hack it, hence you are not aware...what they want is all of the information they can get just in case. Sometimes they do it almost legally with their citizens, sometimes illegally with everybody they can get.
Can't give any link now and no serious source would state it like this (hence imagine the worldwide panic), so consider it as my personal specualtion

[qbnkelt]

Seeing as these attacks were not aimed at the general public, having limited to no access is a moot point.

I didn't say it was impenetrable, I said "more secure". You commented that you've never had a banking app on a non BB. Why is that? Hmmmm..... Probably because it's more secure.

Ah....well....I was addressing the bolded, in which you described societies and not the targeted diplomatic assets.

As far as banking apps on non BB....in four years in this forum, I have always stated and always been very straightforward that my banking apps are on my BB. And I have never made the case that iOS or Android are as secure as my BB. I have specifically stated that my sensitive information is on my BB because I know that it is more secure.

Sorry....no gotcha moment, love.

Non detection in these countries has nothing to do with the security and limiting of internet, it has everything to do with where this malware originated.......That's right... China. The worlds most massive communist society. Then there's North Korea... the second most dominant communist society. WOW!!! Do you really think that the cyber security in China and Korea are far and above the other countries or do they have other things in common? The U.S., Britain, Canada, France, Italy, India, Germany.... etc etc etc.... Come on man.... They are all countries that have serious needs for security, and spend billions to ensure it. There is no way that China and Korea are more technically advanced than the rest of the world that they'd have better security. There are simply devices that are inherently less secure.The only uptake of Android has been by a military channel that has taken the base OS and made it there own. It has ZERO similarity to the commercial or "enterprise" units out there. The locked down BlackBerry statement is the only place I feel you are correct, but, why haven't iPhones in business been locked down? How about WP devices? Aren't they all subject to the same limitations by their IT dept????? Come on man. That's the whole POINT!! BlackBerry units ARE MORE SECURE.

[Branta]

Non detection in these countries has nothing to do with the security and limiting of internet, it has everything to do with where this malware originated.......That's right... China. The worlds most massive communist society. Then there's North Korea... the second most dominant communist society. WOW!!! Do you really think that the cyber security in China and Korea are far and above the other countries or do they have other things in common? The U.S., Britain, Canada, France, Italy, India, Germany.... etc etc etc.... Come on man.... They are all countries that have serious needs for security, and spend billions to ensure it. There is no way that China and Korea are more technically advanced than the rest of the world that they'd have better security. There are simply devices that are inherently less secure.

I don't think it matters where the exploits were developed, it is more important who sponsors and controls it. Maybe I didn't explain my thought process enough for you to understand how I reached my conclusions. The published papers reveal that the listed attack targets were discovered by watching network traffic generated by victims. It appears (from a quick look at the map and the table in "Red October" Diplomatic Cyber Attacks Investigation - Securelist) that the most prevalent group are "diplomatic" which from their distribution suggests probably overseas embassies (etc) representing states on the primary target list - but they would be tagged by IP tracing as the state in which they are located, not the state they represent. Eliminating the embassies from the list the other target types show a remarkably high frequency of "muslim" and "former soviet" places. That might point to a few prime suspects for the origin of this exploit - it's not what you see, but what is missing from the picture that could give the answers.

My point about China and Korea being non-detected countries is that these are generally regarded as high risk for spying, and a potential target (embassy) there probably takes additional precautions both to prevent incoming exploits and to detect outbound exploit traffic. Particularly with China the Great Firewall could also impede egress of traffic to be detected by western observers in the study. However, if the exploit is controlled by China as you think I would expect at least a few diplomatic targets would have surfaced there simply because the activity of foreign embassies is high priority for any home intelligence service. OTOH, if China is running this it is also plausible that there is no reason to route traffic from compromised embassies via servers outside China where it could be detected.

[jsmall999]

No system is immune.


Zeus banking malware found targeting BlackBerry devices - Software - News - HEXUS.net

[pooger]

I usually open up sketchy looking emails on my phone first and confirm them before opening them up on my laptop even though I'm sitting in front of both of them.

[ctuffy]

Did you ask him why? It's interesting.

Thanks for asking. He said that BB doesn't encrypt (right word?) data as well as the Iphone and the Android. I work for a very small company and we don't have a BES. Our work email can be obtained on our private smartphones either by forwarding the email to our private email address or logging on directly into the exchange. He felt both processes were more secure with the aforementioned phones than the BBs.

[TomJasper]

If you read your own link you would see in fact it was some banks in in germany/italy/spain with using sms for for security updates, not hard for a criminal to go phishing there. As such those handful of banks there would be held liable for weak security. Interesting to see if they changed their ways after being called out on it.

No system is immune.


Zeus banking malware found targeting BlackBerry devices - Software - News - HEXUS.net

[Superfly_FR]

Thanks for asking. He said that BB doesn't encrypt (right word?) data as well as the Iphone and the Android. I work for a very small company and we don't have a BES. Our work email can be obtained on our private smartphones either by forwarding the email to our private email address or logging on directly into the exchange. He felt both processes were more secure with the aforementioned phones than the BBs.

Mail forwarding between your pro and personal address is - by nature - a security flaw.
If your exchange server is SSL secured, then I don't understand his point ... qbnkelt, can you pls confirm/explain ?

[qbnkelt]

Mail forwarding between your pro and personal address is - by nature - a security flaw.
If your exchange server is SSL secured, then I don't understand his point ... qbnkelt, can you pls confirm/explain ?

I don't understand it either, I'm sorry. I know that we are not authorised to send our work email to our personal email and vice versa. I know people do it, but it considered a security risk and extremely frowned upon. I'm not getting the reasoning behind the post you are asking about.

I vaguely remember some discussion as to how iOS encrypts data, and that discussion seemed to say that in fact it does encrypt data better than BB, but that is a vague memory of a discussion here. I'll have to find it, it was a long time ago.

Edit - I believe this is it.

http://www.technologyreview.com/news...ity-threshold/

The main thing to remember about the benefit of BES is not what people think of.....most people thinks main attribute is seamless syncing with Outlook. But for secure communities, the main benefit of BES is complete control and shut down of certain aspects of the device and monitoring and retrieval of communication, if needed for e-discovery.

I have knowledge of a case where there was a person involved in illegal activity. The e-discovery effort retrieved all required evidence to land that person in prison for fifteen years. BES was instrumental.

The other prized feature of BES is control as to what a person loads into the device. I cannot even load The Weather Channel on my device. I can't back up my device to my personal computer. I can't even attempt to back up my device to my work computer even if I tried. Nothing.

It's not so much that iOS and Android are insecure, it's that the very thing that makes iOS and Android appealing to consumers, the availability of apps, is what introduces the possibility of malware, Trojans, worms, and remote control of these devices. I have nothing on my iPhone and my Android from questionable sources now; I compromised my Atrix through the use of live wallpapers which I LOVED. I was new and excited and loaded a wallpaper that resulted in mass emailings and which I believe resulted in two spear phishing incidents. Since then, I have not downloaded any live wallpapers or apps from sources that I don't know or from unofficial sources. Because it is so easy to download apps from questionable sources on Android (and to a lesser extent iOS) there is greater possibility of vulnerabilities to be exploited.

The majority of exploits require action from the user. Downloading an app, clicking on a site. So, because of that, companies that value security and secure agencies go to BES and lock it down to where any such action is impossible. Now, it is possible to go for the most critical target in a secure environment, and that would the BES admin himself. At that point, you're in.

And there are also now drive by, browser based exploits which are particularly problematic with the *currently* more advanced browsers in Android devices.

***must add.....there have been vulnerabilities found in the Blackberry app store....BB is not immune to disreputable vendors....****

[sectionsix]

Further write-up from the Kaspersky security site with better diagrams and explanation. "Red October" Diplomatic Cyber Attacks Investigation - Securelist

[sectionsix]

notice how the canada was unaffected by the attack as i am sure the canadian government uses nothing but blackberries unlike the US which in some cases dropped blackberry in favour of ios and android and suffered a wide open attack. IMO

Or the Canadian gov doesn't use Kaspersky since the findings were done with Kaspersky KSN statistics which would be gathered from Kaspersky software.

[xicoxicao]

where this malware originated.......That's right... China.

Let�s not get into a political debate. On the report you can read the following:

"The Rocra malware modules have been created by Russian-speaking operatives."

and right below:

"Currently, there is no evidence linking this with a nation-state sponsored attack."

As you know there is such a thing as corporate espionage and this looks to be an example of it. I would think there is a lot of money to be made from the type of information gathered here be it of geopolitical or corporate nature.

[anon(2325196)]

BlackBerry has historically been the leader in mobile / corporate security. BlackBerry 10 will be no different, as they wish to remain the global leader in mobile computing security. A lot of agencies and institutions count on BlackBerry security to do their business. Something the "BYOD" firms clearly did not consider when allowing employees to use their 'fun phones' for business. Enter, "BlackBerry Balance" and "BlackBerry Fusion". Anyways, BlackBerry owners don't have to worry now or going forward to "the 10", lol.

[anon(2325196)]

same cycle as always, the most popular and vulnerable platforms become targeted by 'hackers' - bound to happen. i remember when people would say things like, "i use a mac, i get no virus / malware" - now, they (mac users) have similar security concerns as windows users have always had when it (windows) was the predominent consumer platform, therefore was under attack the most, now it's more equal.

same thing with mobile computing - get more devices in consumers hands, hackers will want to harm as many of the most popular devices as possible, that's the game. sad really, tech should just be for the betterment of mankind