Red October: Security scare has already begun . . .
- Non detection in these countries has nothing to do with the security and limiting of internet, it has everything to do with where this malware originated.......That's right... China. The worlds most massive communist society. Then there's North Korea... the second most dominant communist society. WOW!!! Do you really think that the cyber security in China and Korea are far and above the other countries or do they have other things in common? The U.S., Britain, Canada, France, Italy, India, Germany.... etc etc etc.... Come on man.... They are all countries that have serious needs for security, and spend billions to ensure it. There is no way that China and Korea are more technically advanced than the rest of the world that they'd have better security. There are simply devices that are inherently less secure.
The only uptake of Android has been by a military channel that has taken the base OS and made it there own. It has ZERO similarity to the commercial or "enterprise" units out there. The locked down BlackBerry statement is the only place I feel you are correct, but, why haven't iPhones in business been locked down? How about WP devices? Aren't they all subject to the same limitations by their IT dept????? Come on man. That's the whole POINT!! BlackBerry units ARE MORE SECURE.
However, these are specific high value targets.
A Blackberry, while being in fact inherently more secure, is not impenetrable and can be made vulnerable through irresponsible or careless use.Superfly_FR likes this.01-15-13 03:24 AMLike 1 - Thanks for the link.
[Ibelieve(oops, I must not use this word) think you're not personally concerned, but many will]
Just a question : do you use a different password for all your accounts ?
Scenario (I'm the hacker) :
I'm in your phone and gain access to your mailbox history.
I scan the messages; I'll probably get all the services you use (due to services messages like registration, notifications, etc).
For average user, this is the end. Bank accounts, mail accounts, social accounts ... "ohhh my precious".
Attachment 131388
Now....I do not have the same password for all my accounts.
I change my passwords every time I change my passwords at work.
I keep no banking apps on my non BB devices.
All my devices are password locked and the media card is encrypted.
Out of all the devices I have ever owned, I have only lost one, my Skyrocket. There were no banking apps in it and that's the only device that had access to gmail.
Most important of all - I am extremely careful as to how I use my devices. I did have two phishing attacks that were not successful because I recognized them as such.
Did I tell you that I work in IT and manage secure systems behind secure federal firewalls?????? When I said:
"I've got to say....this, alongside clean BB10 phones with no issues like the 99xx bricking incidents, will be great news for RIM *inside the Beltway.* As a consumer, this won't keep me from using my iPhone or my iPad. I do not access any sensitive information on them."
I made a demarcation to what I will believe to be reactions *inside the Beltway* as opposed as my personal, consumer use of my devices. I do not have sensitive, in that context meaning work associated sensitive information, on my personal/consumer devices. Therefore there is no risk of my work device and any sensitive information being compromised. That information is not being vulnerable through my use of Instragram in my personal/consumer devices.....
You'll have to work mighty hard to get at my precious!!!!Last edited by qbnkelt; 01-15-13 at 03:45 AM.
01-15-13 03:32 AMLike 5 - Superfly_FRRetired ModeratorI read carefully (is "drink" accurate ?) your inputs for over a year thus my "disclaimer"
You manage your devices and security concerns with a high level of consciousness and professionalism, I never doubted !
But I believe average user won't, that was my sole point , your "I do not access any sensitive information on them" may sound like the (in)famous "I've got nothing to hide" to some, and made me react, not targeting at you . Sorry if it was not clear.magutwit likes this.01-15-13 03:50 AMLike 1 - I read carefully (is "drink" accurate ?) your inputs for over a year thus my "disclaimer"
You manage your devices and security concerns with a high level of consciousness and professionalism, I never doubted !
But I believe average user won't, that was my sole point , your "I do not access any sensitive information on them" may sound like the (in)famous "I've got nothing to hide" to some, and made me react, not targeting at you . Sorry if it was not clear.
I just make a clear demarcation line between work sensitive and personal sensitive. NOTHING work sensitive on my personal non BB devices.....
That was the reason for my dismay at federal agencies using iOS.
And by the way you are absolutely correct....most consumers don't care. Until their banks are cleaned out.
Sent from my SEXY HOT RED SGIII using Tapatalk 2Superfly_FR and jakie55 like this.01-15-13 04:04 AMLike 2 - Superfly_FRRetired ModeratorFrom qbnkelt's doc :
Examples of "one-time" tasks [restricted to mobile devices by me]
- Wait for an iPhone or a Nokia phone to be connected. Once connected, retrieve information about the phone, its phone book, contact list, call history, calendar, SMS messages, browsing history
- Wait for a Windows Mobile phone to be connected. Once connected, infect the phone with a mobile version of the Rocra main component
Was the malware limited to only workstations or did it have additional capabilities, such as a mobile malware component?
Several mobile modules exist, which are designed to steal data from several types of devices:
- Windows Mobile
- iPhone
- Nokia
These modules are installed in the system and wait for mobile devices to be connected to the victim's machine. When a connection is detected, the modules start collecting data from the mobile phones.
01-15-13 04:12 AMLike 0 -
-
In general terms though, BB and iPhone can seem to be more secure because they have an entire control over the OS. In general terms once again, BB may be more secure because of a more sophisticated code (that's what I wos told here, I didn't check it yet). In general terms, open source may be more vulnerable (because it's open). In some particularities, BBM is mores secure that any cross-platform (and I bet that it's more secure than text-messaging).
Now, can we say that one particular BB user is really better protected than another particular Android user? I don't think so, I think it depends on whether he is an important person, on his security options, on the use of his phone, etc.
And coming back to huge huge generalizations. The Economist made a nice article this summer (and even put it on the cover) : Who's afraid of Huawei? It's nothing like the doomsday or the comeback of the cold war, the magazine stays very reasonable, but points out a real problem : in a market economy, in the world where markets are open, a liberal country cannot discriminate Huawei for big infrastructure contracts just because it is Chineese. Still there are strong doubts on what Huawei does and how does it do it : in clear, if suspicions that Huawei provides help to the Chineese spies, it can deliver the malware infested products (and it's not only the phones, it can be infrastructure cables) that nobody will ever detect. So far there are no proofs, but can one take this risk? If one doesn't take the risk because of the suspicion, then it's not an open market anymore...
Now, Huawei will be a part of the Tizen team and some say that it's even possible that Samsung equips Galaxy 4 with Tizen (while others say that it will only be marginal). Will I ever buy a phone under Tizen (knowing that Huawei is in?)? Never. But how many people are aware that Samsung's Tizen is linked with Huawei? How many people read the Economist?
Huawei propose the Ansroid phones now? What are the real risks about it for Android users, are these risks simply possible? I don't know, I'd like to know...Cesare21 likes this.01-15-13 04:39 AMLike 1 - Superfly_FRRetired Moderator"Improve underlying security w/ BlackBerry. Still, watch your back".s0be likes this.01-15-13 04:39 AMLike 1
- In countries where access to the internet itself is severely restricted, if even present, it can mean that these attacks are less successful. Yes, I do believe that security in highly restrictive societies can be even higher than in more "open" societies. They don't need to have "better" security, by the very nature of being as restrictive and there being less access there is less possibility for infiltration. Do you realise that access to the internet in Cuba was absolutely unavailable to the public until Raul Castro took power after Fidel Castro stepped down? Not available. Nada. Zip. Zilch. Can't have security breaches where there is nothing to breach.
However, these are specific high value targets.
A Blackberry, while being in fact inherently more secure, is not impenetrable and can be made vulnerable through irresponsible or careless use.
I didn't say it was impenetrable, I said "more secure". You commented that you've never had a banking app on a non BB. Why is that? Hmmmm..... Probably because it's more secure.Bobcat665 likes this.01-15-13 08:04 AMLike 1 -
Can't give any link now and no serious source would state it like this (hence imagine the worldwide panic), so consider it as my personal specualtion01-15-13 11:28 AMLike 0 - Seeing as these attacks were not aimed at the general public, having limited to no access is a moot point.
I didn't say it was impenetrable, I said "more secure". You commented that you've never had a banking app on a non BB. Why is that? Hmmmm..... Probably because it's more secure.
As far as banking apps on non BB....in four years in this forum, I have always stated and always been very straightforward that my banking apps are on my BB. And I have never made the case that iOS or Android are as secure as my BB. I have specifically stated that my sensitive information is on my BB because I know that it is more secure.
Sorry....no gotcha moment, love.
Non detection in these countries has nothing to do with the security and limiting of internet, it has everything to do with where this malware originated.......That's right... China. The worlds most massive communist society. Then there's North Korea... the second most dominant communist society. WOW!!! Do you really think that the cyber security in China and Korea are far and above the other countries or do they have other things in common? The U.S., Britain, Canada, France, Italy, India, Germany.... etc etc etc.... Come on man.... They are all countries that have serious needs for security, and spend billions to ensure it. There is no way that China and Korea are more technically advanced than the rest of the world that they'd have better security. There are simply devices that are inherently less secure.The only uptake of Android has been by a military channel that has taken the base OS and made it there own. It has ZERO similarity to the commercial or "enterprise" units out there. The locked down BlackBerry statement is the only place I feel you are correct, but, why haven't iPhones in business been locked down? How about WP devices? Aren't they all subject to the same limitations by their IT dept????? Come on man. That's the whole POINT!! BlackBerry units ARE MORE SECURE.01-15-13 11:36 AMLike 0 - BrantaRetired Network ModNon detection in these countries has nothing to do with the security and limiting of internet, it has everything to do with where this malware originated.......That's right... China. The worlds most massive communist society. Then there's North Korea... the second most dominant communist society. WOW!!! Do you really think that the cyber security in China and Korea are far and above the other countries or do they have other things in common? The U.S., Britain, Canada, France, Italy, India, Germany.... etc etc etc.... Come on man.... They are all countries that have serious needs for security, and spend billions to ensure it. There is no way that China and Korea are more technically advanced than the rest of the world that they'd have better security. There are simply devices that are inherently less secure.
My point about China and Korea being non-detected countries is that these are generally regarded as high risk for spying, and a potential target (embassy) there probably takes additional precautions both to prevent incoming exploits and to detect outbound exploit traffic. Particularly with China the Great Firewall could also impede egress of traffic to be detected by western observers in the study. However, if the exploit is controlled by China as you think I would expect at least a few diplomatic targets would have surfaced there simply because the activity of foreign embassies is high priority for any home intelligence service. OTOH, if China is running this it is also plausible that there is no reason to route traffic from compromised embassies via servers outside China where it could be detected.01-15-13 01:21 PMLike 0 -
- Thanks for asking. He said that BB doesn't encrypt (right word?) data as well as the Iphone and the Android. I work for a very small company and we don't have a BES. Our work email can be obtained on our private smartphones either by forwarding the email to our private email address or logging on directly into the exchange. He felt both processes were more secure with the aforementioned phones than the BBs.01-15-13 07:46 PMLike 0
- If you read your own link you would see in fact it was some banks in in germany/italy/spain with using sms for for security updates, not hard for a criminal to go phishing there. As such those handful of banks there would be held liable for weak security. Interesting to see if they changed their ways after being called out on it.01-15-13 11:44 PMLike 0
- Superfly_FRRetired ModeratorThanks for asking. He said that BB doesn't encrypt (right word?) data as well as the Iphone and the Android. I work for a very small company and we don't have a BES. Our work email can be obtained on our private smartphones either by forwarding the email to our private email address or logging on directly into the exchange. He felt both processes were more secure with the aforementioned phones than the BBs.
If your exchange server is SSL secured, then I don't understand his point ... qbnkelt, can you pls confirm/explain ?01-16-13 01:14 AMLike 0 -
I vaguely remember some discussion as to how iOS encrypts data, and that discussion seemed to say that in fact it does encrypt data better than BB, but that is a vague memory of a discussion here. I'll have to find it, it was a long time ago.
Edit - I believe this is it.
http://www.technologyreview.com/news...ity-threshold/
The main thing to remember about the benefit of BES is not what people think of.....most people thinks main attribute is seamless syncing with Outlook. But for secure communities, the main benefit of BES is complete control and shut down of certain aspects of the device and monitoring and retrieval of communication, if needed for e-discovery.
I have knowledge of a case where there was a person involved in illegal activity. The e-discovery effort retrieved all required evidence to land that person in prison for fifteen years. BES was instrumental.
The other prized feature of BES is control as to what a person loads into the device. I cannot even load The Weather Channel on my device. I can't back up my device to my personal computer. I can't even attempt to back up my device to my work computer even if I tried. Nothing.
It's not so much that iOS and Android are insecure, it's that the very thing that makes iOS and Android appealing to consumers, the availability of apps, is what introduces the possibility of malware, Trojans, worms, and remote control of these devices. I have nothing on my iPhone and my Android from questionable sources now; I compromised my Atrix through the use of live wallpapers which I LOVED. I was new and excited and loaded a wallpaper that resulted in mass emailings and which I believe resulted in two spear phishing incidents. Since then, I have not downloaded any live wallpapers or apps from sources that I don't know or from unofficial sources. Because it is so easy to download apps from questionable sources on Android (and to a lesser extent iOS) there is greater possibility of vulnerabilities to be exploited.
The majority of exploits require action from the user. Downloading an app, clicking on a site. So, because of that, companies that value security and secure agencies go to BES and lock it down to where any such action is impossible. Now, it is possible to go for the most critical target in a secure environment, and that would the BES admin himself. At that point, you're in.
And there are also now drive by, browser based exploits which are particularly problematic with the *currently* more advanced browsers in Android devices.
***must add.....there have been vulnerabilities found in the Blackberry app store....BB is not immune to disreputable vendors....****Last edited by qbnkelt; 01-16-13 at 04:29 AM.
Superfly_FR and ctuffy like this.01-16-13 04:15 AMLike 2 - Further write-up from the Kaspersky security site with better diagrams and explanation. "Red October" Diplomatic Cyber Attacks Investigation - Securelistctuffy likes this.01-16-13 04:37 AMLike 1
- Or the Canadian gov doesn't use Kaspersky since the findings were done with Kaspersky KSN statistics which would be gathered from Kaspersky software.01-16-13 04:57 AMLike 0
- Let�s not get into a political debate. On the report you can read the following:
"The Rocra malware modules have been created by Russian-speaking operatives."
and right below:
"Currently, there is no evidence linking this with a nation-state sponsored attack."
As you know there is such a thing as corporate espionage and this looks to be an example of it. I would think there is a lot of money to be made from the type of information gathered here be it of geopolitical or corporate nature.01-16-13 06:34 AMLike 0 - BlackBerry has historically been the leader in mobile / corporate security. BlackBerry 10 will be no different, as they wish to remain the global leader in mobile computing security. A lot of agencies and institutions count on BlackBerry security to do their business. Something the "BYOD" firms clearly did not consider when allowing employees to use their 'fun phones' for business. Enter, "BlackBerry Balance" and "BlackBerry Fusion". Anyways, BlackBerry owners don't have to worry now or going forward to "the 10", lol.01-16-13 11:01 AMLike 0
- same cycle as always, the most popular and vulnerable platforms become targeted by 'hackers' - bound to happen. i remember when people would say things like, "i use a mac, i get no virus / malware" - now, they (mac users) have similar security concerns as windows users have always had when it (windows) was the predominent consumer platform, therefore was under attack the most, now it's more equal.
same thing with mobile computing - get more devices in consumers hands, hackers will want to harm as many of the most popular devices as possible, that's the game. sad really, tech should just be for the betterment of mankind01-16-13 11:06 AMLike 0
- Forum
- Popular at CrackBerry
- General BlackBerry News, Discussion & Rumors
Red October: Security scare has already begun . . .
« Incorrect IP Address or password
|
[FR - Le journal du net] BlackBerry 10 is not ashamed to face competition »
Similar Threads
-
phone tells me that my BB has already been registered to another email!
By xkRoWx in forum BlackBerry 88xx SeriesReplies: 2Last Post: 07-07-09, 10:09 AM -
i dont know if anyone has already posted this error
By demonbluedays in forum BlackBerry Curve SeriesReplies: 10Last Post: 04-16-09, 05:05 PM -
Sorry if this question has already been asked to death!
By MattyVigilante in forum BlackBerry Bold SeriesReplies: 8Last Post: 02-22-09, 10:16 AM -
GPS - Sorry if this has already been addressed
By warrior062 in forum BlackBerry Storm SeriesReplies: 7Last Post: 11-20-08, 09:17 PM -
The new has already almost ran off for me. What a corp store manager told me.
By Mattsworld in forum BlackBerry Storm SeriesReplies: 68Last Post: 11-03-08, 05:47 PM
LINK TO POST COPIED TO CLIPBOARD