[CanuckBB]

But you still end up with no encryption between BIS and HH. That's the one to truly complain about.

[SteveO86]

But the login will be secure...!!!!!!!!!!!

(I am sorry but I have been preaching that for quite a few posts now)

[John Clark]

Sandy,
You need to get a little thicker skin. This is the internet. If I were you, I'd be quite proud of yourself here. You dug up interesting enough information that most of the BBF moderators have posted in your thread--multiple times. You seem intelligent enough to carry on a technical conversation with this highly knowledgeable group. Your input is valuable to the forum and to everyone here.

However, you need to back off just a little and quit getting so defensive. We get that you are not happy with the security for BIS email. Options have been provided and anyone reading the thread gets what you are saying. The jokes about tin foil hats, etc. are just banter and you have to admit that while all of this is technically correct, for some it's just a little "chicken little-ish." It's a big deal to you and there is nothing wrong with that. It doesn't matter to most and there is nothing wrong with that either.

This is a lively group but they are good people who spend a lot of time helping people around here. So, lighten up, continue to post valuable information for people to read, accept some jabs when they are thrown your way. Every one of us here has taken plenty of jabs from other forum members. Unless someone is getting vulgar or abusive, just have fun with it. Before you know it you'll realize you somehow became part of this great group of forum members and made some friends.

[nobody7290]

BES & Security:
BES is only secure regarding the communication from the Handheld to the (own) BES server and to other Handhelds connected to the same BES.

If you send an email from BB in company A, to a Guy which also has a BB but, connected to a BES server owned by company B, your email is most likely not secure, because most of the times the smtp transfer between the two servers will be done unencrypted when the mail travels through the internet.
Company A and B could decide to transmit smtp traffic only over SSL, but, then, some mail to company C will never arrive, because not all mailservers support SSL encrypted smtp, so a fallback to unencrypted smtp must be possible.

As you see, the difference between BES an BIS ist not that much, BES guarantees security only bewtween the handhelds and the single company the handhelds are married to.

If you want secure email you must use either PGP or S/Mime.

[Kamau]

Do you mean to tell me that my BIS security is not as secure as BES?
This is nothing more than a lie, because I teach my children that telling a half truth is just as good as a lie. When I first bought my first BB, I was not told of the difference, and security WAS one of the main reasons I chose BB. I was only told that BES was business and BIS was personal. And I'm sorry, but I did not read the fine print. I figured that RIM reputation was solid enough for me, and I chose BB because I thought I was getting a level of security I had heard about. I am a normal consumer. I do a little research, and go from there. I did not know I had to go extremes to get the truth, like spending $50 for a report. And I'm sorry, but something like this should be advertised like they would do any phone feature. I'm sorry, but I feel lied to.
I am going to do some research to find out a few things now. To be honest with you, I have lost a little trust in RIM now if this all pans out to be true. And when it comes to my money, there are very few times for a second chance.

[penguin3107]

Quote:

Originally Posted by Kamau

Do you mean to tell me that my BIS security is not as secure blah blah blah blah.

I sure hope you're not serious.

[Kamau]

I believe that everyone else is.
Why would I not be?

[juwaack68]

I'm not. I'm almost never serious.

[penguin3107]

Quote:

Originally Posted by Kamau

I believe that everyone else is.
Why would I not be?

Because if you're serious, then you seem to have ignored the first 64 posts in this thread.
That's just pathetic.

[nobody7290]

I tried to explain that it is not not much difference between BES and BIS.
A BES server is a smaller scale BIS server.
Security ends where the mails travels into the internet, or, when someone has access to the server backend which handles the email.

[The Sand]

Just to help consumers looking for answers - here is some information I have received from RIM during our "discussions" about this...

http://www.blackberry.com/legal/pdfs...nt_English.pdf

Page 13 from the above link says the following:

“email message encryption for integrated email accounts:

The BlackBerry Internet Service encrypts email messages that it sends and receives using SSL
if the external messaging server (POP over SSL, IMAP over SSL, or Microsoft® Outlook® Web
Access) supports SSL encryption. External messaging servers use a standard TCP connection if
an SSL connection is not supported.”

The following was already posted here - but worth saying again. It is from the RIM knowledge base:

“The Blackberry Internet Services uses the security of the wireless network that it connects to. Email messages that are sent between the Blackberry Internet Service and your Blackberry device are not encrypted. However, email messages that are sent between the Blackberry Internet Service and your messaging server can be encrypted using SSL.”

None of the above is true.

Sandy

[devnull]

How can you say it's not true?

[Kamau]

Quote:

Originally Posted by penguin3107

Because if you're serious, then you seem to have ignored the first 64 posts in this thread.
That's just pathetic.

I take no ones word as gospel. The above posts have given me an idea to follow up on. That's why I still have the good sense that was given me at birth.
If you don't........That's what is really pathetic.

[The Sand]

Quote:

Originally Posted by nobody7290

I tried to explain that it is not not much difference between BES and BIS.
A BES server is a smaller scale BIS server.
Security ends where the mails travels into the internet, or, when someone has access to the server backend which handles the email.

You are encrypted while on the BES server and not on BIS. This didn't bother me but I did think there was "some" advantage to being on RIM's server for BIS. But there isn't...

Enabled SSL for smtp is not full proof but it's not bad either. It's better than 25 out the door with nothing.

I never leave anything on servers anyway... Yahoo is just a "shell" for me - I use a POP3 setting and spin the mail around to all my devices. The devices hold the content - mail, contacts, calendar - not the server. I don't trust "servers" I have no control over.

Sandy

[The Sand]

Quote:

Originally Posted by devnull

How can you say it's not true?

Because yahoo supports SSL and they didn't give it to me... I pay Yahoo for that - the tech still wouldn't give it to me. I TOLD them to change it and do it - they wouldn't. Gmail was well - when I asked my Gmail was on the port with NO SSL.

I am talking about "incoming" right now...

Sandy

[devnull]

Quote:

Originally Posted by The Sand

The BlackBerry Internet Service encrypts email messages that it sends and receives using SSL
if the external messaging server (POP over SSL, IMAP over SSL, or Microsoft® Outlook® Web
Access) supports SSL encryption. External messaging servers use a standard TCP connection if
an SSL connection is not supported.”Sandy

Sounds to me like RIM has the infrastructure to handle the encryption. It's the other half (yahoo, gmail, ...) of which RIM cannot control, where the problem lies.

[The Sand]

Just so people have a little better understanding why I am so upset...

There are 3 of us here and 1 has had their identity stolen twice. 1 has had their pay pal stolen and used and I have had my Discover card taken just a couple of months ago and used for a bunch of online purchases. And NONE of us lost our wallet. It's all internet theft. And it's very scary - you wonder what else this thief knows about you... so I try very hard to make sure we do the best we can so it doesn't happen again. And that certainly means making sure these bank and credit card emails come in secure and when they are forwarded to me by someone in the home to tell me what to do and what to pay with what account... I want that email secure.

It has NOTHING to do with government - I hope the government reads ever email I write... I never want to see towers fall again and am willing to lose privacy to ensure it never happens again.

It is stricly about money.

Sandy

[The Sand]

Quote:

Originally Posted by devnull

Sounds to me like RIM has the infrastructure to handle the encryption. It's the other half (yahoo, gmail, ...) of which RIM cannot control, where the problem lies.

Yahoo, Gmail, Hotmail and AOL have SSL for email clients for incoming and outgoing .. that is why it's so weird... why won't RIM use it???

That is why I never checked - I just couldn't believe they wouldn't use it... everybody does.

Sandy

[Kamau]

Quote:

Originally Posted by The Sand

Just so people have a little better understanding why I am so upset...

There are 3 of us here and 1 has had their identity stolen twice. 1 has had their pay pal stolen and used and I have had my Discover card taken just a couple of months ago and used for a bunch of online purchases. And NONE of us lost our wallet. It's all internet theft. And it's very scary - you wonder what else this thief knows about you... so I try very hard to make sure we do the best we can so it doesn't happen again. And that certainly means making sure these bank and credit card emails come in secure and when they are forwarded to me by someone in the home to tell me what to do and what to pay with what account... I want that email secure.

It has NOTHING to do with government - I hope the government reads ever email I write... I never want to see towers fall again and am willing to lose privacy to ensure it never happens again.

It is stricly about money.

Sandy

I've got 1 time. Took me almost 2 years to straighten out the mess. I won't even mention the credit confusion that was caused.

[The Sand]

I hear ya... It took us a long time to get it squared away as well... and we don't do "stupid" things via email, but you could learn quite a bit from email... put a financial picture together of someone.

If you have been hit before you want to do and use ALL that is available to you as a consumer to ensure you and your loved ones are safe. To me - that means using SSL for email...

Sandy