|
|
|
09-17-2007, 09:47 PM
|
#41
|
BlackBerry Extraordinaire
Join Date: Feb 2005
Location: Lincoln, Ne
Model: 9550
OS: 5.0
Carrier: Verizon
Posts: 1,232
|
Please Login to Remove!
Not to pile on, but snatching packets and adding data would be an amazing (impossible?)thing.
But until any specifics are presented, those here wont buy it.
__________________
Blackberry Storm2 (Verizon)
7280-7780-7290-7100g-7250-8703-8830-8330-9530-9550
|
Offline
|
|
09-17-2007, 10:06 PM
|
#42
|
BlackBerry God
Join Date: Oct 2004
Location: Jibi's Secret Place
Model: 8900
OS: 4.6.1.174
Carrier: AT&T
Posts: 11,310
|
Quote:
Originally Posted by coastuser
I am not savvy technically so do not know what a third party application actually means. If you explain it in lay terms, I can respond.
|
An application that was downloaded and installed by the end-user or pushed to the end-user from a trusted source (carrier via BIS, BES, etc). The particulars of the exploit that is known would be a downloaded application that was knowingly installed by an end user via an email link or directly through the browser while browsing. In other words, it REQUIRED end-user interaction to install the application.
Quote:
Originally Posted by coastuser
PS Most people do not know how to encrypt their email.
|
The entire transport for BIS and BES emails is already encrypted, although there are extra layers (SMIME, PGP, etc) that you can add to AES and 3DES. Take it for what it's worth, but without a third party application allowing the manipulation of unencrypted messages on the device or the possibility of a compromised messaging server, then it would be practically impossible to manipulate the data while in transport in the exact time frame you had to crack it (unless we can pinhole time and space and all that jazz to fit a few years worth of cracking on high-dollar server farms into a single pre-defined time frame at-will).
__________________
In the beginning the Universe was created. This has made a lot of people very angry and is widely regarded as a bad move.
|
Offline
|
|
09-17-2007, 10:29 PM
|
#43
|
Talking BlackBerry Encyclopedia
Join Date: Apr 2007
Location: Brisbane, Australia.
Model: 8300
PIN: N/A
Carrier: Optus
Posts: 340
|
Well...
As has already been mentioned, there is one way this can happen...
In fact, I know a certain third-party application that when installed on the BlackBerry will automatically append a few sentences to any emails sent from the device and never tell the user about it (*Cough*, *Cough*)...
__________________
View HTML email today with the Best Selling BlackBerry application: BBSmart Email Viewer
|
Offline
|
|
09-17-2007, 10:32 PM
|
#44
|
BBF Moderator
Join Date: Jun 2005
Model: Z30
OS: 10.2.1.x
PIN: s & needles
Carrier: AT&T
Posts: 34,720
|
Quote:
Originally Posted by eZainny
In fact, I know a certain third-party application that when installed on the BlackBerry will automatically append a few sentences to any emails sent from the device and never tell the user about it (*Cough*, *Cough*)...
|
Touche! Now, that's funny!
|
Offline
|
|
09-17-2007, 10:36 PM
|
#45
|
BlackBerry Master
Join Date: Jul 2007
Model: 9780
PIN: N/A
Carrier: T-Mobile
Posts: 4,659
|
Wirelessly posted (BlackBerry8830/4.2.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/104)
Good!
|
Offline
|
|
09-17-2007, 10:45 PM
|
#46
|
Crimson Tide Moderator
Join Date: Oct 2004
Location: North of the moss line
Model: Z30
OS: 7.0sumtin
PIN: t low
Carrier: Verizon
Posts: 41,921
|
Quote:
Originally Posted by coastuser
One last thought. This has been the most hostile and least helpful of any attempt to research an issue I have ever had.
|
Oh, I am betting that is just not totally true. The most hostile you have ever had? You must not put yourself out in the public very often or you might learn what a real hostile crowd is like!
I am really wondering why this is so very important to your for your friend, that you would take it this far, in your research. You discount all these reasonable people who know much much more about this technology than you.
And how are you so very certain that RIM is investigating this? They have told you so? Hmmm,.. then why your need to come here? Something in the details sounds very fishy here, almost like you are not telling all you know.
Nevertheless, RIM will get to the bottom of it.
|
Offline
|
|
09-17-2007, 10:56 PM
|
#47
|
Talking BlackBerry Encyclopedia
Join Date: Apr 2007
Location: Brisbane, Australia.
Model: 8300
PIN: N/A
Carrier: Optus
Posts: 340
|
To add something useful to this conversation...
I'd say what the OP is talking about could be true. Do I think he saw a case of this exploitation with his friend? No.
Whenever anybody thinks something is 100% bulletproof - it always turns out not to be. Especially in the field of computer science. Large complex systems like RIMs architecture are vulnerable on many fronts to exploitation I'm sure. Read any intelligent book on "social hacking" and you'll quickly learn how much information an interested individual can glean just by pretending to be somebody else on the phone, over emails, etc. This is probably the most susceptible front for "unbreakable" systems.
For example, what good is a password lock on a computer if the user has a sticky note attached the monitor with the password written on it? Or is willing to give out their password to anyone who calls on the phone and identifies themself as the "Computer Admin"?
Aside: For any one interested in some of the internal mechanisms of the BlackBerry, in particular pertaining to security, I recommend you download and have a leaf through the following presentation written from the perspective of a "hacker":
http://www.blackhat.com/presentation...H-US-06-FX.pdf
(DL Warning: 18.6MB).
__________________
View HTML email today with the Best Selling BlackBerry application: BBSmart Email Viewer
|
Offline
|
|
09-17-2007, 11:00 PM
|
#48
|
BlackBerry God
Join Date: Jan 2005
Location: Cardboard box
Model: 850
OS: 0.0.00001
PIN: kie swear
Carrier: USPS Priority
Posts: 11,203
|
I agree nothing is 100% and anything is possible (1 in a billion is still a possible)
The mothership could land tonight and we could see invasion of the body snatchers... RIM could say "hey we love our BB users and are going to give them all a free device...
Even a better example of the impossible happening is that I could get a date!!!
|
Offline
|
|
09-17-2007, 11:06 PM
|
#49
|
Talking BlackBerry Encyclopedia
Join Date: Apr 2007
Location: Brisbane, Australia.
Model: 8300
PIN: N/A
Carrier: Optus
Posts: 340
|
Quote:
Originally Posted by LunkHead
Even a better example of the impossible happening is that I could get a date!!!
|
Impossible! BSD users are meant to be single - it would be paradoxical for one not to be
__________________
View HTML email today with the Best Selling BlackBerry application: BBSmart Email Viewer
|
Offline
|
|
09-18-2007, 06:19 AM
|
#50
|
BlackBerry God
Join Date: Jan 2005
Location: Cardboard box
Model: 850
OS: 0.0.00001
PIN: kie swear
Carrier: USPS Priority
Posts: 11,203
|
Quote:
Originally Posted by eZainny
Impossible! BSD users are meant to be single - it would be paradoxical for one not to be
|
Hahahaha
|
Offline
|
|
09-18-2007, 06:38 AM
|
#51
|
Talking BlackBerry Encyclopedia
Join Date: May 2005
Location: Levallois-Perret FRANCE
Model: 9700
Carrier: Orange FR
Posts: 274
|
Quote:
Originally Posted by LunkHead
He'd post them if he could but it's a safety issue...
|
I could tell you...
...but then I'd have to kill you.
I know one person who could crack the encryption on a Blackberry.
Just by looking it at.
__________________
MUST - the independent Manchester United supporters' trust - www.joinMUST.org
|
Offline
|
|
09-18-2007, 11:38 AM
|
#52
|
CrackBerry Addict
Join Date: Oct 2004
Location: Toronto
Model: Z10
Carrier: Lord Rogers - 107
Posts: 862
|
Quote:
Originally Posted by coastuser
Thank you for this reasoned response. I know it is being investigated by RIM and not being dismissed out of hand for which we are very grateful. They are handling it in a very responsible manner so far. They are still working through the particulars and the potential paths. I am not savvy technically so do not know what a third party application actually means. If you explain it in lay terms, I can respond. I only know what happened and am trying to figure out how. I always use my BB and have felt entirely secure. But now have to deal with this.
|
I'm just VERY curious that RIM wasn't notified or have they been? Also if this expert - FINANCIALLY secured - would have particularly potent information that Microsoft would LOVE to have in order to fight against RIM's market domination ... I'm surprised that if this is such a security issue that it isn't posted on the national news - this would help National security identify and have high exposure to this and have RIM put such a high focus on a resolution to this.
Curious ... was this user on a BIS account or on a BES account? if the latter what version?
Surprised nobody asked this before chopping his head off ?? Also what device & firmware revision is on it?
__________________
Senior help desk administrator (rim_db_admin_sr_helpdesk)
Serious Mobile
|
Offline
|
|
09-18-2007, 01:14 PM
|
#53
|
BlackBerry Extraordinaire
Join Date: Nov 2005
Location: Colorado Foothills
Model: 8330
PIN: S AND NEEDLES
Carrier: VZW
Posts: 1,098
|
Coast,
Although you feel your experience here might have been rougher than usual, I don't think you will find a more highly committed, knowledgeable, passionate (about BB) group of people than the folks you are talking to. If there is anything that I have learned here is that they are here to help, and I don't think they are asking you for anything that they wouldn't ask anybody else. For the most part, this is a fact-based, scientific group. They thirst for the knowledge too, if presented with a reasonable set of data. To date, you have not offered anything tangible.
For folks to help you, they need data...as many facts as possible. Explain the situation more fully.
Model, Operating system, explanation of the situation, copy of the email (sanitized of course) all would be helpful. Also, your or your friend's course of action (did you contact RIM? TMO? A computer security expert?) and the response.
Hearsay, rumor, and innuendo cannot help you resolve this. Post the computer expert's name (if he is indeed an expert, he would have to be publicly recognized as one), or his companies bio's. Post links to your research. If you do, you will gain respect from this group, for advancing the cause of BB knowledge. Hell, Lunk might even devote a FAQ to you if you have some credible information.
__________________
"out of chaos comes opportunity"
|
Offline
|
|
09-18-2007, 01:23 PM
|
#54
|
Crimson Tide Moderator
Join Date: Oct 2004
Location: North of the moss line
Model: Z30
OS: 7.0sumtin
PIN: t low
Carrier: Verizon
Posts: 41,921
|
Jagga, the OP states he/she is "certain" RIM is investigating, and honestly, it doesn't truly matter whether BIS or BES, etc., if the OP does not cooperate. They are already certain and convinced it happened, and will not be talked down from the position that it could not have happened.
Again, there is much more here than meets the eye.
|
Offline
|
|
09-18-2007, 01:50 PM
|
#55
|
BlackBerry Extraordinaire
Join Date: Dec 2006
Location: Ottawa
Model: 8900
OS: 4.6.1.114
Carrier: Rogers
Posts: 2,467
|
The rumour is (no idea if it's actually true) that the CIA dismantled every aspect of the BlackBerry solution (hardware software and every communication point in between) in an attempt to crack the security. They were unable to do so and thus okayed the US Government adoption of the device.
Whether it's true or not, to date there has been only one released way that I know of to compromise BlackBerry and that has been through stupidly installed 3rd party apps. The fact is that this is the security hole in every system for which there is no true way to avoid.
As many have pointed out already, give some evidence for people to go on. Maybe it's true, but no one will believe you if you just have some BS opinions to throw out. Security "experts" are not always so knowledgeable. When it comes to BlackBerries, you'll find that many of the people here are.
|
Offline
|
|
09-18-2007, 03:14 PM
|
#56
|
BlackBerry Extraordinaire
Join Date: Feb 2006
Model: Charm
OS: 2.1
Carrier: T-Mobile
Posts: 1,071
|
I think you guys are all looking into this a little too hard.
Here's my guess. did this altered message say "Sent from my Blackberry Wireless Handheld via T-Mobile"?
|
Offline
|
|
09-18-2007, 03:18 PM
|
#57
|
BlackBerry Master
Join Date: Jul 2007
Model: 9780
PIN: N/A
Carrier: T-Mobile
Posts: 4,659
|
Quote:
Originally Posted by rjw3000
I think you guys are all looking into this a little too hard.
Here's my guess. did this altered message say "Sent from my Blackberry Wireless Handheld via T-Mobile"?
|
That would be a hoot!
|
Offline
|
|
09-18-2007, 03:21 PM
|
#58
|
Crimson Tide Moderator
Join Date: Oct 2004
Location: North of the moss line
Model: Z30
OS: 7.0sumtin
PIN: t low
Carrier: Verizon
Posts: 41,921
|
haha, it would be a hoot if she were flipping out over only that.
|
Offline
|
|
09-18-2007, 03:50 PM
|
#59
|
BlackBerry Extraordinaire
Join Date: Feb 2006
Model: Charm
OS: 2.1
Carrier: T-Mobile
Posts: 1,071
|
Well, you know when it comes to troubleshooting with zero information, you might as well start with the most basic thing. =P
|
Offline
|
|
09-18-2007, 04:35 PM
|
#60
|
Talking BlackBerry Encyclopedia
Join Date: May 2005
Location: Levallois-Perret FRANCE
Model: 9700
Carrier: Orange FR
Posts: 274
|
I'm still betting on Chuck.
__________________
MUST - the independent Manchester United supporters' trust - www.joinMUST.org
|
Offline
|
|
|
|