[notafanboy]

And all things being equal and as easy to crack, why is the DOD using BlackBerry?

http://blackberryempire.com/blackber...l-blackberrys/

Posted via CB10

The haters can continue to spin or make up all the fictional stories they like but governments and the DoD know BlackBerry is the only way to go. Why else would they have Obama Only use BlackBerry? Why else after the Germans found out NSA was spying on them did they get BlackBerry? Haters going to hate. G@M no wonder they continue to lose money and jobs

Posted via CB10

[xchange]

Wait a minute....

So the one of the BIGGEST things Blackberry users have used the most often as a bragging right over Android and iPhone users...

hasn't been true for nearly a decade?

oh my!

The haters can continue to spin or make up all the fictional stories they like but governments and the DoD know BlackBerry is the only way to go. Why else would they have Obama Only use BlackBerry? Why else after the Germans found out NSA was spying on them did they get BlackBerry? Haters going to hate. G@M no wonder they continue to lose money and jobs

Posted via CB10

Yeahhh... except that the sources of this information make it pretty clear. There's no "spinning" going on here, just willful denial.

Very few people are aware of the Communication Service Establishment Canada. Of those few of you who even knew it exists, even less of you are aware that its security clearance level is even higher than Canada's spy agency CSIS. Canada is well known for it's liberal leaning tendencies when it comes to lifestyle of their citizens, but I can assure you Canadian federal agencies are far less democratic and more regimented in nature than their US counterparts. If you think for one minute Ottawa EVER entertained the notion of Blackberry encryption being immune to their scrutiny, you're the one doing the spinning here my friend.

[The Aficionado]

Will blackberry 's response really be that illuminating? I believe the company would legally be required to lie in this situation

Posted from my 9900, z10, z30 or PlayBook

[xchange]

Will blackberry 's response really be that illuminating? I believe the company would legally be required to lie in this situation

Posted from my 9900, z10, z30 or PlayBook

The fact that they don't already have a response prepared leads me to speculate a couple of possibilities. Either they're unaware that the cryptology Ottawa required them to use had this capability, or they're in the process of waiting for permission from Ottawa to respond, as well as what they're allowed to put in that response. Given the contents of the article that was linked in the OP, I don't think a 3rd possibility - of denying it - will hold any truth.

[THBW]

The fact that they don't already have a response prepared leads me to speculate a couple of possibilities. Either they're unaware that the cryptology Ottawa required them to use had this capability, or they're in the process of waiting for permission from Ottawa to respond, as well as what they're allowed to put in that response. Given the contents of the article that was linked in the OP, I don't think a 3rd possibility - of denying it - will hold any truth.

This story died before it even started. Haters have to hate.

[xchange]

Wow. It's a news story on one of the most business like newspapers around and your response is to look at it like it was in the user comments section of a Verge article?

amazing.

[Superfly_FR]

I would not hang anyone so I didn't went through all pages. Please excuse me if it has been posted already.

This is BlackBerry official answer.

Reactive Media Statement
"BlackBerry does not use the Dual EC DRBG algorithm in our products. We work closely with certification authorities around the world to validate the security of our products, and remain confident in the superiority of our mobile platform for customers using our device and enterprise server technology. BlackBerry public statements and principles have long underscored that there is no 'back door' to our platform. Our customers can rest assured that BlackBerry mobile security remains the best available solution to protect their mobile communications."

Thank you.
Good nite.

P.s: can we close this?

Posted via CB10

[GreenCopperz]

It's a secure platform for the DOD - because only they have the key to the backdoor. And the halo effect of the DOD endorsement is huge - 'if it is good enough for the DOD, then its good enough for me', which means may other countries and companies adopt the same technology, assuming it must be the most secure, but not realizing that the technology has been compromised from the very start.

Which makes it easy for the NSA and others to spy on the supposedly secure information of anyone who has adopted the same technology with impunity.

I bet those keys are stored in someplace to ultra-secure. Just wonder what encryption technology has been used to encrypt that data? :-)

Probably the lowest tech way possible. You'd be surprised what low tech can do. It's called a simple vault with hardcopy inside, along with minimal knowledge of the combination. Only one or two people share part of the combo.

Posted via CB10

[Superfly_FR]

Funny how we can sometimes elaborate on smoke...

Posted via CB10

[xchange]

I would not hang anyone so I didn't went through all pages. Please excuse me if it has been posted already.

This is BlackBerry official answer.


Thank you.
Good nite.

P.s: can we close this?

Posted via CB10

Read the article again. It already said that algorithm is no longer used. The researchers are now questioning what's in the new algorithms. Furthermore, the way NSA now operates if Snoden and official statements from tech giants are to be believed, is that they no longer consult the companies that they're compromising. Blackberry can easily respond that they have no backdoor,.yet this is precisely what Google and MS also stated just prior to their recent statements deriding the US government after discovering they got in anyway without their consent.

[ArmedHitman]

Let me outline something

I am going to give you a hypothetical on how to break into a BlackBerry with the power of NSA.

If you've read a article about the potential backdoor in the RSA which the NSA obviously deny having. The BlackBerry BOOTROM is secure with a RSA public key.

Not sure about how the cryptographic nature of the OS works but I last read it was elliptic curve 521. I'm not sure if NSA have gotten through it but seeing as they've actually created backdoors through the companies behind these cryptographys I would be surprised if they were compromised.

But hey that's all hypothetical. If your a cryptographer you can shed more light on my attack but yeah. Comment away on it.

Posted via CB10

[katiepea]

Ah this topic again. If you don't think the NSA can get into your consumer BlackBerry, you're living in a land of illusion. If you're using Obama or Merkel as examples of why BlackBerry is "safe" you're living in a land of illusion. They aren't using the same BlackBerry as you. They're using devices with a ****load of extra certificates that you don't have, and even that is likely compromised by the NSA. If you're worried about security from almost everything, that's fine, if you're worried about the NSA you really should move to the 3rd world and disappear, it's the only way to avoid it.

[Lumute]

Very interesting read indeed, somehow though, it seems very suspicious to me that this article (which is based on information long known by the security community) came out a day after the news of the DOD 98% BlackBerry deployment which spiked the stock... seems to me like someone is trying to counter and do damage control...

[belfastdispatcher]

Never mind that, I have a bigger problem with them owning the software that the army drones run on and also the targeting software aka QNX.

[Superfly_FR]

Read the article again. It already said that algorithm is no longer used. The researchers are now questioning what's in the new algorithms. Furthermore, the way NSA now operates if Snoden and official statements from tech giants are to be believed, is that they no longer consult the companies that they're compromising. Blackberry can easily respond that they have no backdoor,.yet this is precisely what Google and MS also stated just prior to their recent statements deriding the US government after discovering they got in anyway without their consent.

When I read this :

In BlackBerry’s case, an NIST fact sheet shows the company implemented the algorithm as part of its cryptography toolkit for its BlackBerry 10 Enterprise service, among other products. But BlackBerry’s relationship with Dual_EC is even closer than other companies. In 2009, the company purchased Certicom – in the process acquiring the patent that forms the basis for the Dual_EC algorithm.

Given the company’s adamant denials in recent years that it offers backdoor access to intelligence agencies, critics argue BlackBerry owes its customers and shareholders an explanation.

which is essentially what the article is based on.
An this

"BlackBerry does not use the Dual EC DRBG algorithm in our products."

which is the answer of BlackBerry

You just have to make a choice between an article inspired by a 3 days old blog post (I won't link) and BlackBerry statement.
Now, if the game is to throw suspiciousness against BES and BlackBerry and suggest they might have done so, even if they never did ...
It's a media game in which some will find delight and self promotion, until they get (and they will) be proven false.

Most of the (U.S.A) big names mentioned in this article/thread are suspected of active collaboration, under high NSA pressure.
Certainly some are enjoying the smoke curtain that it raises ...
Make your own opinion, mine is set and trustful, unless someone seriously demonstrate this has been implemented in production and exploited.

P.S: I've been relaying the NIST and several other sources on my social feeds (and here) about TLS/SSL flaws for months ...
(abstract 08-16-2013, 12:38 PM - click the arrows for full post, mostly O.T in this discussion)

b/ The patents. I should even limit to one : Elliptic Curve Cryptography. SSL/TLS (search for "BEAST TLS SSL" in your fav search engine) is under fire now and once there's a breach ... we know the story.

[badiyee]

and what water does it hold if business tabloids are posting about it, and essentially getting it wrong, twisting it to make it sound like BlackBerry is the culprit behind the implementation and usage of the elipitical curve algorithm?

If others use the algorithm, it is THEIR business. They are answerable to their customers, not BlackBerry. If BlackBerry uses that algorithm, they are answerable to their customers and the shareholders.

And they just declared they aren't using that. So what's the issue again? Something that was designed OUTSIDE of BlackBerry, used by non BlackBerry companies, that was later bought by BlackBerry, (back then called RIM), and BlackBerry suddenly gets the flak, for supposedly "masterminding" NSA's spying tactics on people's phones.

Holy crap, that's shooting the hound and blaming the fox indeed!

[xchange]

When I read this :

which is essentially what the article is based on.
An this

which is the answer of BlackBerry

You just have to make a choice between an article inspired by a 3 days old blog post (I won't link) and BlackBerry statement.
Now, if the game is to throw suspiciousness against BES and BlackBerry and suggest they might have done so, even if they never did ...
It's a media game in which some will find delight and self promotion, until they get (and they will) be proven false.

Most of the (U.S.A) big names mentioned in this article/thread are suspected of active collaboration, under high NSA pressure.
Certainly some are enjoying the smoke curtain that it raises ...
Make your own opinion, mine is set and trustful, unless someone seriously demonstrate this has been implemented in production and exploited.

P.S: I've been relaying the NIST and several other sources on my social feeds (and here) about TLS/SSL flaws for months ...
(abstract 08-16-2013, 12:38 PM - click the arrows for full post, mostly O.T in this discussion)

Let's back up a bit here. You took quotes out of context. You chose not to quote the section of the article I was referring to, that the EC algorithm isn't being used anymore so saying BB isn't using it is redundant and irrelevant.

Secondly, choosing not to link this "blog post" you refer to leads me to say I very much doubt the veracity of your claim that the G&M wrote this article based on a blog, and then proceeded not to source it themselves. So the Globe is actively plagiarizing?

As for your final statement, I don't think you know very much at all about the Harper government or about how closely Canadian federal military and intelligence services work with the USA if that's what you're basing your trust on. I'm also unsure what possessed you to accuse people of some kind of tin foil hat conspiracy to 'get Blackberry!'. Saying people are taking delight in some kind of media smear campaign is the biggest load of bunk I see conspiracy theorists toss around CB. I'm glad you're confident that these imaginary anti BB conspiracy people will be proven wrong, but I'm more skeptical than you, because it takes more than an official statement from the company that's being scrutinized for me to go,

"oh OK! That's the end of that then, I guess everything is OK because they say so!"

I'll take more care to see what independent researchers say.

[Tatwi]

Yup. Can we go ahead and believe that one or several of the media moguls have a financial interest in seeing BlackBerry fail now? Which one is it? Where does the trail of influence ($$$) lead back to?

And for the record, observing and contemplating possible malicious intent is not the same as a "conspiracy theory". If you don't ask questions, you won't get answers.

So... find the point where media company investment crosses with android or apple investment and you'll be staring at the culprit. I doubt it would someone who has money on Microsoft, simply because they don't really stand much of a chance in mobile no matter what they do (says nearly two decades of mobile mediocrity).

Posted via CB10 on BlackBerry Z10

[Superfly_FR]

Secondly, choosing not to link this "blog post" you refer to leads me to say I very much doubt the veracity of your claim that the G&M wrote this article based on a blog, and then proceeded not to source it themselves. So the Globe is actively plagiarizing?

You may try to search the forums better. Hint : look at my posts. But if you really need help, I can PM it to you.
I've read pretty much everything since this blog post - where and when all started - 4 days ago.

For the quotes, etc, see badiyee post above.

[xchange]

You may try to search the forums better. Hint : look at my posts. But if you really need help, I can PM it to you.
I've read pretty much everything since this blog post - where and when all started - 4 days ago.

For the quotes, etc, see badiyee post above.

Sure, just for curiousity's sake, I'll take a look at it if you want to PM it to me. FWIW I apologize for the confrontational tone of my last post, I've had my morning coffee, am less grumpy now and I'm out of my morning bear-like surly mood :P

I am genuinely curious to see what independent researchers are able to find out about this though, but unfortunately there is such a massive cloak of secrecy around these tech giants and their dealings with government that I don't think we're ever going to have any hope of getting a definitive answer. I guess at the end of the day the best we can hope for is entertaining ourselves with some "tech talk over coffee" conversation material

[Superfly_FR]

@ xchange, no problem, coffee accepted
You've got the link in your box.
Cheers
SF

[xchange]

@ xchange, no problem, coffee accepted
You've got the link in your box.
Cheers
SF

Geezus are you kidding me? The Globe article at least to me, appears to be outright plagiarism of the blog post. Are they even legally allowed to do that without linking the source? I was under the impression that reporters get in really deep doo-doo for doing that.

[anon3969612]

... not at the G&M, it's accepted practice by the editors, it seems:

http://mediaculpapost.blogspot.ca/20...lagiarism.html

Margaret Wente plagiarism scandal a test of accountability | Toronto Star

[ArmedHitman]

Geezus are you kidding me? The Globe article at least to me, appears to be outright plagiarism of the blog post. Are they even legally allowed to do that without linking the source? I was under the impression that reporters get in really deep doo-doo for doing that.

I don't think many people care... it's the same content going out... not like they can tamper with the news :/ they're reporting one event the same way don't think it hurts anyone.

Posted via CB10

[UnlimitedEra]

Wow after reading this part I realized that it's somehow not safe to use a blackberry because of the back doors out there...

"In BlackBerry?s case, an NIST fact sheet shows the company implemented the algorithm as part of its cryptography toolkit for its BlackBerry 10 Enterprise service, among other products. But BlackBerry?s relationship with Dual_EC is even closer than other companies. In 2009, the company purchased Certicom ? in the process acquiring the patent that forms the basis for the Dual_EC algorithm.

Given the company?s adamant denials in recent years that it offers backdoor access to intelligence agencies, critics argue BlackBerry owes its customers and shareholders an explanation.

?While it is true that many engineers and others were aware of this compromised algorithm, and the engineering security community as a whole is now dealing with this apparent lack of integrity among its members, in the case of BlackBerry?s knowledge of the backdoors the implications are far more serious,? said Ronald Deibert, director of the Citizen Lab at the University of Toronto?s Munk School of Global Affairs. ?Users of BlackBerry the world over ? must now assume without evidence to the contrary that all of their communications are shared with security services, and possibly industry competitors as well.?

BlackBerry did not respond to a request for comment for this story."

Posted Via CB10 Running On Z10STL100-2 Using OS Version 10.2.1.1925