02-13-14 10:34 PM
106 1234 ...
tools
  1. SmellWhole's Avatar
    ... None of that proves BlackBerry is not as involved as RSA, but owning the patent for a technology that has been subverted doesn't mean the company was involved in the subverting.
    Even if BlackBerry didn't do the subverting, it could be complicit, looking the other way, cooperating with the NSA. BlackBerry always stressed it didn't have the keys to BES. Nice corporate roundabout way to satisfy the curiosity of most people who are not insightful enough to ask a follow-up question: does anybody else (a third party) have the keys or access to a back door?

    ... Yes, the media is out there to make you believe that BlackBerry is the mastermind of NSA's backdoor hacks and whatnot ... Judging from this thread, already people are feigning ignorance and starting to believe that BlackBerry is the evil mastermind ...
    The media may have its own agenda, it's own reason for smearing BlackBerry (e.g. an allegiance to apple, google, etc). Who cares what the media's reasons for smearing Blackberry may be? They're minor compared to the point of this article: governments spying on all the citizens of the world with manufacturer and carrier cooperation. Let's not take away from the real issue by focusing on a "media hates Blackberry" conspiracy, which may very well be true also but not the point of this article.

    And all things being equal and as easy to crack, why is the DOD using BlackBerry?
    Even the mainstream media reported back when Obama was elected that he had a superduper "enhanced" security BlackBerry, not one bought at his carrier's store. DOD and the rest of them could be using enhanced security BlackBerry handsets. Wasn't it recently reported that Merkel's BlackBerry would have security beyond that which comes out of the box?

    It wouldn't surprise me if this "back door" was a requirement for RIM to set up its network in the first place ...
    This. If BlackBerry caves when lesser players like India and Arab governments squawk in order to gain access to their markets, why would anyone think that BlackBerry doesn't cooperate with the the US/Brit world superspy engine? The regulated carriers all cooperate with the spies, why wouldn't FCC approved manufacturers cooperate? They probably must ... or no approval for access to the market!
    01-20-14 10:29 AM
  2. KoreyTM's Avatar
    Unfortunately if you have followed the ongoings with BlackBerry over the last couple years, you will see a trend with bad news and bash articles following any sort of good news. And I'm not saying the Globe and Mail wrote this to undermine the DOD decision (if in fact those rumors are true).
    Many people in great positions of power and influence (many who are short on bb) stand to lose a lot if Blackberry were to make a comeback and market rally. Likely the same people who have influence over what articles and stories are pushed in the media. Call it a conspiracy theory if you want but if you don't believe that stuff happens all the time then you are very naive my friend. Do some research and you will find out that it's a small hand full of people in the US who control over 80% of the media. It's not hard to influence the masses when this is the case.


    Posted via CB10

    I completely agree with you that there are machinations occurring in our society, even at this very moment, that certain individuals would not want the public-at-large to know about. I am definitely not unaware of the world's lack of altruism, especially when it comes to government and corporate entities. However, I still have to disagree with you about The Globe and Mail's intentions here. To say that they published this article in response to the recent DOD decision just seems far-fetched to me. Sorry; just differing opinion, I suppose.
    01-20-14 10:29 AM
  3. SmellWhole's Avatar
    I'd love to hear an official statement from BlackBerry about this. I expect this thread to get really interesting.
    A statement would be nice.

    Count on the statements being incomplete, as they have been in the past, yet enough to satisfy less insightful (most) people:

    "BlackBerry does not have the keys to encryption or access to a back door."

    Okay. Fine. Does anyone else have keys to the encryption or access to a back door? Some "secret court" perhaps?
    KoreyTM and Grumblegrumble like this.
    01-20-14 10:35 AM
  4. ray689's Avatar
    I completely agree with you that there are machinations occurring in our society, even at this very moment, that certain individuals would not want the public-at-large to know about. I am definitely not unaware of the world's lack of altruism, especially when it comes to government and corporate entities. However, I still have to disagree with you about The Globe and Mail's intentions here. To say that they published this article in response to the recent DOD decision just seems far-fetched to me. Sorry; just differing opinion, I suppose.
    I guess I should have clarified what I meant. I see you what you are saying. I didn't question that the article and what it is staying is false, or that it questions anything the DOD did, or that it was in response to the DOD news. I just questioned the timing. Why didn't this information get reported earlier? Why did it only get reported today when the DOD news (again if true) came out. Also when the stock hit a high of 11.80 on the tsx?


    Posted via CB10
    KoreyTM likes this.
    01-20-14 10:39 AM
  5. sentin709's Avatar
    Official response via my channels from Blackberry -

    “BlackBerry does not use the Dual EC DRBG algorithm in our products. We work closely with certification authorities around the world to validate the security of our products, and remain confident in the superiority of our mobile platform for customers using our device and enterprise server technology. BlackBerry public statements and principles have long underscored that there is no 'back door' to our platform. Our customers can rest assured that BlackBerry mobile security remains the best available solution to protect their mobile communications.”
    ray689 and THBW like this.
    01-20-14 11:15 AM
  6. ray689's Avatar
    Official response via my channels from Blackberry -

    BlackBerry does not use the Dual EC DRBG algorithm in our products. We work closely with certification authorities around the world to validate the security of our products, and remain confident in the superiority of our mobile platform for customers using our device and enterprise server technology. BlackBerry public statements and principles have long underscored that there is no 'back door' to our platform. Our customers can rest assured that BlackBerry mobile security remains the best available solution to protect their mobile communications.
    What channel is this? I don't see this response on the BlackBerry channel. Was it a response today?

    Posted via CB10
    01-20-14 11:17 AM
  7. KoreyTM's Avatar
    Official response via my channels from Blackberry -

    “BlackBerry does not use the Dual EC DRBG algorithm in our products. We work closely with certification authorities around the world to validate the security of our products, and remain confident in the superiority of our mobile platform for customers using our device and enterprise server technology. BlackBerry public statements and principles have long underscored that there is no 'back door' to our platform. Our customers can rest assured that BlackBerry mobile security remains the best available solution to protect their mobile communications.”
    Can you link to a source?

    Edit: I just read the "my channels" part of your post. So there's no way to authenticate what you just wrote here.
    01-20-14 11:18 AM
  8. ray689's Avatar
    Can you link to a source?

    Edit: I just read the "my channels" part of your post. So there's no way to authenticate what you just wrote here.
    Yes just noticed that as well. I also would like a source for this quote.

    Posted via CB10
    KoreyTM likes this.
    01-20-14 11:23 AM
  9. sentin709's Avatar
    Sorry Folks,
    I mean that I received the reply directly from BB to my email address. I have a T support contract with BB and asked my support account manager for an official response today. The article states that BES10 employs the algorithm so I had to find out.
    According to the response I received they do not use the algorithm at all so the article is mostly moot aside from the fact that BB owns the patent on it.

    Below is what I mailed in and follows in the response with names removed Feel free to ask BB yourself if you have a T support code.

    Cheers


    From: xxxxx
    Sent: Monday, January 20, 2014 10:59 AM
    To: xxxxx
    Subject: Globe and Mail

    Quite the bombshell in the paper today – Does BB have an official statement to this?
    The strange connection between the NSA and an Ontario tech firm - The Globe and Mail
    It essentially says BES10 is compromised as it employs Dual_EC_DRBG (Dual Elliptic Curve Deterministic Random Bit Generator).
    Can I get a technical statement if possible to let me know what part of BES10 employs DEC?

    Thanks,
    xxxx

    From: xxx [mailto:xxx@blackberry.com]
    Sent: Monday, January 20, 2014 xxxxx PM
    To: xxxxx
    Subject: RE: Globe and Mail

    Hey sentin709 (changed),
    Here is the official reply from our Security team:

    “BlackBerry does not use the Dual EC DRBG algorithm in our products. We work closely with certification authorities around the world to validate the security of our products, and remain confident in the superiority of our mobile platform for customers using our device and enterprise server technology. BlackBerry public statements and principles have long underscored that there is no 'back door' to our platform. Our customers can rest assured that BlackBerry mobile security remains the best available solution to protect their mobile communications.”
    01-20-14 11:31 AM
  10. KoreyTM's Avatar
    Sorry Folks,
    I mean that I received the reply directly from BB to my email address. I have a T support contract with BB and asked my support account manager for an official response today. The article states that BES10 employs the algorithm so I had to find out.
    According to the response I received they do not use the algorithm at all so the article is mostly moot aside from the fact that BB owns the patent on it.

    Below is what I mailed in and follows in the response with names removed Feel free to ask BB yourself if you have a T support code.

    Cheers


    From: xxxxx
    Sent: Monday, January 20, 2014 10:59 AM
    To: xxxxx
    Subject: Globe and Mail

    Quite the bombshell in the paper today – Does BB have an official statement to this?
    The strange connection between the NSA and an Ontario tech firm - The Globe and Mail
    It essentially says BES10 is compromised as it employs Dual_EC_DRBG (Dual Elliptic Curve Deterministic Random Bit Generator).
    Can I get a technical statement if possible to let me know what part of BES10 employs DEC?

    Thanks,
    xxxx

    From: xxx [mailto:xxx@blackberry.com]
    Sent: Monday, January 20, 2014 xxxxx PM
    To: xxxxx
    Subject: RE: Globe and Mail

    Hey sentin709 (changed),
    Here is the official reply from our Security team:

    “BlackBerry does not use the Dual EC DRBG algorithm in our products. We work closely with certification authorities around the world to validate the security of our products, and remain confident in the superiority of our mobile platform for customers using our device and enterprise server technology. BlackBerry public statements and principles have long underscored that there is no 'back door' to our platform. Our customers can rest assured that BlackBerry mobile security remains the best available solution to protect their mobile communications.”
    While that's helpful, I've dealt with many account managers in my time, some better than others. I just can't, in good conscience, take the word of one man as gospel without the company itself (or maybe a Blackberry white paper?) backing up his claims. I'd rather get a definitive response from Blackberry in regards to The Globe and Mail's article.
    01-20-14 11:46 AM
  11. SmellWhole's Avatar
    I'd love to hear an official statement from BlackBerry about this. I expect this thread to get really interesting.
    A statement would be nice.
    While that's helpful, I've dealt with many account managers in my time, some better than others. I just can't, in good conscience, take the word of one man as gospel without the company itself (or maybe a Blackberry white paper?) backing up his claims. I'd rather get a definitive response from Blackberry in regards to The Globe and Mail's article.
    Make it so. We need more transparency. BlackBerry should come clean, make this 100% clear. It's too important to have half-assed answers and obfuscation. Come out with it, officially, clearly, 100%, no Clintonesque answers. Without coming clean 100% there will always be doubt.
    01-20-14 12:06 PM
  12. anon(5624621)'s Avatar
    Let's face it the Dod/nsa has plenty of commercial leverage over blackberry if it chose to use it...

    Posted via the Android CrackBerry App!
    That's true, but BlackBerry could also decline to license ECC to them.

    Posted via CB10. Join C001A8DC6 for bento-inspired lunch ideas
    01-20-14 12:14 PM
  13. THBW's Avatar
    Official response via my channels from Blackberry -

    “BlackBerry does not use the Dual EC DRBG algorithm in our products. We work closely with certification authorities around the world to validate the security of our products, and remain confident in the superiority of our mobile platform for customers using our device and enterprise server technology. BlackBerry public statements and principles have long underscored that there is no 'back door' to our platform. Our customers can rest assured that BlackBerry mobile security remains the best available solution to protect their mobile communications.”
    Thanks for killing a thread comprised of if, maybe, might be, possibly, etc. Can we all take our tin foil hats off now? BTW, love the channel response. All the pretend reporters at the G&M that flogged this story will now have to sign up for BBM to quote the response. Classy and a real kick in the arse. This Chen guy is smart.
    CerveloJohn likes this.
    01-20-14 12:35 PM
  14. Grumblegrumble's Avatar
    "BlackBerry does not have the keys to encryption or access to a back door."

    Okay. Fine. Does anyone else have keys to the encryption or access to a back door? Some "secret court" perhaps?
    This^

    and I agree with the previous statements of what would make you think BB does not work with the US/Brit gov. Not for spying, but to even be allowed to sell in the US. If you dig around the net you can find past articles of BB almost- to being banned in some countries for failing to give up the keys to their system.

    The problem does still lay at hand: The fact that BB knew of this flaw before the purchase and continued to implement it anyway. (was/is this part of a gov. requirement?)

    A statement will be nice to hear indeed.

    edit:cleanup
    Last edited by Grumblegrumble; 01-20-14 at 01:35 PM.
    01-20-14 12:37 PM
  15. SmellWhole's Avatar
    ... but to even be allowed to sell in the US. If you dig around the net you can find past articles of BB almost to being banned in some countries for failing to give up the keys to their system.
    And for those whose heads are completely buried in the sand who think we in the US are protected against spying by our courts which are vigilantly upholding our Constitution, from the Guardian/Snowden revelations it's clear that the Anglo-American/NSA spying is exponentially more Orwellian than any spying by the small-time governments considered "less free" by the West that were demanding access to the big kids' table.
    savvy_cowgirl likes this.
    01-20-14 01:21 PM
  16. Gerii's Avatar
    That's true, but BlackBerry could also decline to license ECC to them.

    Posted via CB10. Join C001A8DC6 for bento-inspired lunch ideas
    Their patent would be void before they could say 1 2 3.
    http://www.theguardian.com/business/...nessofresearch

    Posted via CB10
    01-20-14 01:31 PM
  17. whatsever's Avatar
    Blackberrry is using the same stuff but they using different keys and they have another algorithm witch is not breakable with some keys which seems to be the sum for all information.
    01-20-14 01:32 PM
  18. KoreyTM's Avatar
    Blackberrry is using the same stuff but they using different keys and they have another algorithm witch is not breakable with some keys which seems to be the sum for all information.
    I'm sorry, but I do not understand your post at all.

    But in light of that, if you're making a claim here that Blackberry is using an "algorithm witch [sic] is not breakable", then I'd like to see your source for this information.
    01-20-14 01:45 PM
  19. austinjeep's Avatar
    01-20-14 03:14 PM
  20. KemKev's Avatar
    Make it so. We need more transparency. BlackBerry should come clean, make this 100% clear. It's too important to have half-assed answers and obfuscation. Come out with it, officially, clearly, 100%, no Clintonesque answers. Without coming clean 100% there will always be doubt.
    Would even that suffice? Wouldn't some people oozing with cynicism accuse BlackBerry of not being truthful?
    01-20-14 03:31 PM
  21. wincyUt's Avatar
    SMH!! These stupid media will never give up until they destroy BlackBerry. What a timing and coincidence for Globe & Mail to write this article as soon as BBRY stocks has began going up.
    The onus is not on BlackBerry to prove or disprove this purported allegation. Globe should prove it beyond any shadow of doubts.
    CerveloJohn likes this.
    01-20-14 03:34 PM
  22. Tre Lawrence's Avatar
    Would even that suffice? Wouldn't some people oozing with cynicism accuse BlackBerry of not being truthful?
    I can understand folks being upset if it were actually true that BBRY knew of a backdoor
    01-20-14 03:35 PM
  23. badiyee's Avatar
    You are right about the purchase being made after the patent for the flawed encryption was already established. However:

    "In 2007, two Microsoft researchers showed that the algorithm contained a set of constants that, when combined with a secret key, could essentially break the encryption generated by Dual_EC. In effect, Dual_EC implemented in the real world a version of the backdoor described in the Certicom patent.

    Nobody could say for certain who had the secret key. But the very existence of such a backdoor caused security researchers to strongly urge a boycott of Dual_EC.

    While we were saying dont use it, dont use it, government contractors were demanding it, security researcher Bruce Schneier said."


    If you noticed, before BBRY's purchase of Certicom in 2009, the cryptography community already knew the backdoor existed since 2007 and was actively trying to fight against the use of the compromised encryption. So while Blackberry did buy Certicom after Certicom had already created the compromised encryption, Blackberry purchased the company and the patent knowing that the problem existed. Not only that, but Blackberry exacerbated the problem by also knowingly including a compromised form of encryption into their BES services. This is the actual issue, and it's quite a problem.
    here's the problem with the reply:
    1. You are making assumption that BlackBerry ought not to buy Certicom just because of one perceived faulty encryption method. This, I challenge because I find such a notion flawed. It is not within BlackBerry's interest to purchase an entire company just for the intention for one spesific flawed algorithym.

    2a. You are making assumptions that BlackBerry used the Certicom's BES certificates on the level with the intention of allowing NSA to break into BES encryption. Even BlackBerry had publicly admitted that it does not have backdoors into its own BES, and it would risk a lot to allow itself to have one.

    2b *update*: another poster went all out and clarified that BlackBerry has not publicly stated whether they are or not using the dual_eg encryption in question, but reiterated the "no backdoors on our own product" stance.

    3. Another reports made earlier stating that the entire dual_eg was designed somewhere in the 2000. Filed in 2005, granted in 2013. Are you saying that BlackBerry is now responsible for allowing NSA to snoop in on every other devices? BlackBerry did not promote dual_eg algorithym. Guess who did? However, BlackBerry *now* owned the company that hired the guys that co-owned the patterns that were co-holders of the patent, and therefore all the blame falls squarely on BlackBerry's shoulders, and BlackBerry is actively helping NSA to snoop upon others for *insert whatever unicorn reasons*. I find that thought ridiculous. What does it benefit BlackBerry to do so?
    01-20-14 03:58 PM
  24. Tatwi's Avatar
    The very real chance for glaring misinterpreted data to falsely be used to ruin a person's life aside, I prefer data to be collected by the government than by corporations and small "companies" (aka app makets). The government I'd less likely to sell the data to people who will use it to annoy or discriminate against people. That said, as we have seen with recent leaks, governments aren't doing a particularly wonderful job of safe guarding the data they collect, so I really don't support data collection by any entity. It is only a matter of time before it is used against "normal people" to extort even more money than we already are expected to hand over for goods services, fees, and taxes.

    Remember that movie where the guy couldn't go to space and had to be a janitor, because his genes indicated he might be a liability? Sadly, all of that and more is on its way if folks let it happen. I feel for my kids, because this world has lost its sense and I really don't know if it will be recovered.
    01-20-14 04:05 PM
  25. ray689's Avatar
    The very real chance for glaring misinterpreted data to falsely be used to ruin a person's life aside, I prefer data to be collected by the government than by corporations and small "companies" (aka app makets). The government I'd less likely to sell the data to people who will use it to annoy or discriminate against people. That said, as we have seen with recent leaks, governments aren't doing a particularly wonderful job of safe guarding the data they collect, so I really don't support data collection by any entity. It is only a matter of time before it is used against "normal people" to extort even more money than we already are expected to hand over for goods services, fees, and taxes.

    Remember that movie where the guy couldn't go to space and had to be a janitor, because his genes indicated he might be a liability? Sadly, all of that and more is on its way if folks let it happen. I feel for my kids, because this world has lost its sense and I really don't know if it will be recovered.
    Unfortunately government has now become a puppet of the corporations. Who do you think pumps in those billions of dollars in campaign dollar donations at election time?

    Posted via CB10
    01-20-14 04:08 PM
106 1234 ...

Similar Threads

  1. Replies: 19
    Last Post: 07-16-14, 12:23 PM
  2. Can't open links or even Browser on my Bold 9900
    By ummusabbar in forum BlackBerry Bold 9930/9900
    Replies: 3
    Last Post: 01-21-14, 12:23 PM
  3. BB 10 and Corporate contact details
    By smguy7 in forum BlackBerry 10 OS
    Replies: 2
    Last Post: 01-20-14, 05:02 PM
  4. Vector 27: Top tech trends of 2014!
    By CrackBerry News in forum CrackBerry.com News Discussion
    Replies: 0
    Last Post: 01-20-14, 04:30 PM
  5. Replies: 6
    Last Post: 01-20-14, 02:04 PM
LINK TO POST COPIED TO CLIPBOARD