Strange Connection between NSA and Ontario Tech firm [Globe]
- Wow after reading this part I realized that it's somehow not safe to use a blackberry because of the back doors out there...
"In BlackBerry?s case, an NIST fact sheet shows the company implemented the algorithm as part of its cryptography toolkit for its BlackBerry 10 Enterprise service, among other products. But BlackBerry?s relationship with Dual_EC is even closer than other companies. In 2009, the company purchased Certicom ? in the process acquiring the patent that forms the basis for the Dual_EC algorithm.
Given the company?s adamant denials in recent years that it offers backdoor access to intelligence agencies, critics argue BlackBerry owes its customers and shareholders an explanation.
?While it is true that many engineers and others were aware of this compromised algorithm, and the engineering security community as a whole is now dealing with this apparent lack of integrity among its members, in the case of BlackBerry?s knowledge of the backdoors the implications are far more serious,? said Ronald Deibert, director of the Citizen Lab at the University of Toronto?s Munk School of Global Affairs. ?Users of BlackBerry the world over ? must now assume without evidence to the contrary that all of their communications are shared with security services, and possibly industry competitors as well.?
BlackBerry did not respond to a request for comment for this story."
Posted Via CB10 Running On Z10STL100-2 Using OS Version 10.2.1.1925
You know, I find fault with some of the statements.
But BlackBerry?s relationship with Dual_EC is even closer than other companies.
I've got a question, apart from interview against 3rd party so called "wizards" and "experts", (to me sounds more like lizards and expireds), what concrete proof does anyone have to say that
a) BlackBerry knew this all along BEFORE purchase (which is the core of the argument is BlackBerry masterminding this? To which I find the possibility is near zero)
b) after buying Certicom, and having all that blame and buck passed to BlackBerry, despite claims of the Dual EC eliptical curve algorithm that's supposedly has a backdoor, has a proven public exploit of the key used against a BlackBerry device? (because if this is true, then there are 2 repecurssions on BlackBerry, that 1, its security is breached, and 2, they did NOTHING to patch over it, to which, I think the answer was they stopped / did not use it, which is also a solution in entirety)
c)Users of BlackBerry the world over ? must now assume without evidence to the contrary that all of their communications are shared with security services
Wow, guilty until proven innocent. Wow.... Just wow.
*clap clap clap clap clap*
All hail the court of jesters, the opionion court of people.
had Edward Snowden wrote that and posted a document about presentation being made, I would be more willingly to buy it since he used to be with the NSA. Now we've got a guy who happens to be a director and suddenly his words are infallible. What happened to "question", "verification"?
at least its not like Google who kept denying they keep farming your data 8 times a day, and Apple farms your data 4 times a day, even when when caught red-handed.01-21-14 03:18 PMLike 3 -
- Superfly_FRRetired ModeratorWow after reading this part I realized that it's somehow not safe to use a blackberry because of the back doors out there...
"In BlackBerry?s case, an NIST fact sheet shows the company implemented the algorithm as part of its cryptography toolkit for its BlackBerry 10 Enterprise service, among other products. But BlackBerry?s relationship with Dual_EC is even closer than other companies. In 2009, the company purchased Certicom ? in the process acquiring the patent that forms the basis for the Dual_EC algorithm.
Given the company?s adamant denials in recent years that it offers backdoor access to intelligence agencies, critics argue BlackBerry owes its customers and shareholders an explanation.
?While it is true that many engineers and others were aware of this compromised algorithm, and the engineering security community as a whole is now dealing with this apparent lack of integrity among its members, in the case of BlackBerry?s knowledge of the backdoors the implications are far more serious,? said Ronald Deibert, director of the Citizen Lab at the University of Toronto?s Munk School of Global Affairs. ?Users of BlackBerry the world over ? must now assume without evidence to the contrary that all of their communications are shared with security services, and possibly industry competitors as well.?
BlackBerry did not respond to a request for comment for this story."
Posted Via CB10 Running On Z10STL100-2 Using OS Version 10.2.1.1925
BlackBerry isn't using this technology. And they answered, later.
Reactive Media Statement
"BlackBerry does not use the Dual EC DRBG algorithm in our products. We work closely with certification authorities around the world to validate the security of our products, and remain confident in the superiority of our mobile platform for customers using our device and enterprise server technology. BlackBerry public statements and principles have long underscored that there is no 'back door' to our platform. Our customers can rest assured that BlackBerry mobile security remains the best available solution to protect their mobile communications."01-22-14 03:28 AMLike 0 - Huge hedge fund managers have influence over media outlets. Keep that stuff in mind. Anyways regarding the article itself and a actual statement to the public. You'll likely see it addressed or dispelled further sometime soon.
Superfly_FR likes this.01-22-14 05:23 AMLike 1 - It's not so much that Blackberry is directly subverting cryptography standards, but rather I feel the problem here is two-fold:
1) They purchased Certicom after Dual_EC_DRNG had already been found to be compromised, and Blackberry, to this day, hasn't done anything about it. I'd even go so far as to say that they'd rather simply turn a blind eye to the issue instead of addressing it.
2) The backdoor has knowingly been introduced into Blackberry's BES services, which are supposed to exist at the top echelon of security-based communication.
So the problem isn't so much BBRY creating the subversion themselves, but rather knowingly allowing the problem to perpetuate itself, insofar as to compromise their own BES services.
Disappointing. But then that's BlackBerry.
CB10 via Verizon Z10. 10.2.1.192501-22-14 07:30 AMLike 0 - Superfly_FRRetired Moderator1) They purchased Certicom after Dual_EC_DRNG had already been found to be compromised, and Blackberry, to this day, hasn't done anything about it. I'd even go so far as to say that they'd rather simply turn a blind eye to the issue instead of addressing it.
2) The backdoor has knowingly been introduced into Blackberry's BES services, which are supposed to exist at the top echelon of security-based communication.
2) I'm nowhere sure neither your claim than the blog/globe one are legit. BlackBerry statement clearly denies this. Do you have any factual check about his ?rthonpm likes this.01-22-14 09:08 AMLike 1 - 1) Certicom is not a single patent company. The Dual_EC_DRNG in one of many and there's probably interactions between them in a IR protection sense, aka the ECC as a whole.
2) I'm nowhere sure neither your claim than the blog/globe one are legit. BlackBerry statement clearly denies this. Do you have any factual check about his ?
Encryption and security is a complex issue and setting a password on a wifi network doesn't give someone the knowledge to properly comment on anything in this article. I'd rather hear from two experts in the security field than any of the Chicken Littles bouncing around terms they don't completely understand.
The bulk of the people on these forums should be more concerned with the data they're freely giving away to Google, Facebook, foursquare, and all of the other social apps rather than worrying about a bunch of mathematical equations that they don't understand.
Posted via CB1001-24-14 04:49 AMLike 0 - Anyone who does not thing that the NSA does not have COMPLETE access to their Blackberry is in DENIAL!qwerty4ever and milo53 like this.01-24-14 07:16 AMLike 2
- Don't be silly. Are you saying that without physical access to the handset the NSA can remotely access pics, password keeper, and files from a locked and encrypted BBOS BlackBerry? Even with physical access, the NSA (or anyone) would need to remove the BlackBerry's memory chip, successfully extract its data, and decrypt the data in order to get to those things.01-24-14 07:30 AMLike 0
- Don't be silly. Are you saying that without physical access to the handset the NSA can remotely access pics, password keeper, and files from a locked and encrypted BBOS BlackBerry? Even with physical access, the NSA (or anyone) would need to remove the BlackBerry's memory chip, successfully extract its data, and decrypt the data in order to get to those things.01-24-14 06:39 PMLike 0
- There is a turning point where a nations citizens say enough is enough. We (here in Canada at least), are not at that point. That's not to say it won't happen or can't happen. The middle east is a perfect example of where it has happened. As long as the government never crosses that line, and switches from protecting us to controlling us, that's good enough for me. Mind you, if I were a criminal.... then forget that.
Sent from the future on my ? Z1001-24-14 09:13 PMLike 0 - In this day and age not using electronic communication of some type makes you a suspicious person to the government.
Posted with CB10 running on BlackBerry Q501-24-14 10:01 PMLike 0 - To a government that sucks. I don't really care if my **** government is suspicious of me. I'm suspicious of it!qwerty4ever likes this.01-24-14 10:13 PMLike 1
-
- depending on your answer, i would like to request your burden of proof. On either argument. BIS or without BIS, BES or without BES.01-25-14 09:05 PMLike 0
-
Posted via the BlackBerry Q5 using CB10.02-04-14 04:56 AMLike 0 - BIS uses a common public-private key-pair for all subscribers and BlackBerry holds the master key. BES uses an unique public-private key-pair but the organisation can be legally compelled to turn over the keypair to law enforcement. I doubt any business is prepared to issue a self-destruct command to their BES server(s) and tell law enforcement to go play in the slop trough.
Posted via the BlackBerry Q5 using CB10.02-04-14 05:38 AMLike 0 -
Posted via the BlackBerry Q5 using CB10.02-07-14 06:29 PMLike 0 - Given that EEC has been compromised by the US NSA your claim is no guarantee of security against unwarranted snooping. The only sure way to protect your BlackBerry smartphone activated on a BlackBerry Server is a kill switch which remotely wipes every smartphone before wiping the BES instance itself. Naturally, the mailstores on Microsoft Exchange Server must be wiped and all backups stored in encrypted form off-site. Your government, in any country, does not exist to serve your interests, only their own.
Posted via the BlackBerry Q5 using CB10.
http://arstechnica.com/security/2014...lion-nsa-deal/
Posted via CB10Last edited by Richard Buckley; 02-07-14 at 09:04 PM. Reason: Add link to Bruce Schneier Nov 15, 2007 article.
02-07-14 08:30 PMLike 0 -
Posted via the BlackBerry Q5 using CB10.02-08-14 06:22 AMLike 0 -
We do know the cost of RSA's trustworthiness though. I suppose it depends on the set of your tinfoil hat.
Edit: And open source software is not necessarily more secure. Even though people can look at the source code, it doesn't always happen, or people don't always spot problems. Sometimes it can allow security issues to be introduced:
In order to keep a warning from being issued by the Valgrind analysis tool, a maintainer of the Debian distribution applied a patch to the Debian implementation of the OpenSSL suite, which inadvertently broke its random number generator in the process. The broken version was included in the Debian release of September 17, 2006 (version 0.9.8c-1). Any key generated with the broken random number generator, as well as data encrypted with such a key, was compromised. The error was reported by Debian on May 13, 2008.
http://www.debian.org/security/2008/dsa-1571Last edited by Richard Buckley; 02-08-14 at 09:24 AM.
02-08-14 08:45 AMLike 0 - It's extremely unlikely that BlackBerry would lie about this because it would irreparably destroy its reputation if the truth ever came out.Richard Buckley likes this.02-08-14 09:58 AMLike 1
- Forum
- Popular at CrackBerry
- General BlackBerry News, Discussion & Rumors
Strange Connection between NSA and Ontario Tech firm [Globe]
Similar Threads
-
Need a Bluetooth headset capable of pairing to two phones. (Z10 and iPhone 4S)
By danjv1 in forum BlackBerry Z10Replies: 19Last Post: 07-16-14, 12:23 PM -
Can't open links or even Browser on my Bold 9900
By ummusabbar in forum BlackBerry Bold SeriesReplies: 3Last Post: 01-21-14, 12:23 PM -
BB 10 and Corporate contact details
By smguy7 in forum BlackBerry 10 OSReplies: 2Last Post: 01-20-14, 05:02 PM -
Vector 27: Top tech trends of 2014!
By CrackBerry News in forum CrackBerry.com News Discussion & ContestsReplies: 0Last Post: 01-20-14, 04:30 PM -
[VIDEO] SIM Card Adapter HOW-TO for multiple devices and tips to avoid Kevin's costly mistake
By edyb in forum General BlackBerry News, Discussion & RumorsReplies: 6Last Post: 01-20-14, 02:04 PM
LINK TO POST COPIED TO CLIPBOARD