
Copy / Paste
They forgot:
Our customers data is the most important thing, blah,, blah, blah.....
BlackBerry BB10 OS uses dated protocols that leave users at risk of cryptographic attacks, according to a security researcher. The latest version of the smartphone maker's operating system, BlackBerry 10, uses TLS 1.0, while competitors use TLS 1.2. The post on the CrackBerry forum contains a screenshot from the howsmyssl.com …
kills off one of the main arguments why people still bought Blackberry. Disappointing - they started so well with QNX, but it was a sign on the wall they were not all THAT bothered about their perceived edge in security when they announced they would support Android apps on the platform.
What's left is the keyboard, I think.
And this is why Blackberry are getting such negative press.
Idiots posting as facts total rubbish. If you had half a brain you would check what you are going to post and find that the "Android" apps are "sandboxed" and so are no problem to run unless you enter data directly.
And don't forget that BB10 also seperates work from peronal so Android can be restricted to the personal side only leaving a safe phone for work purposes.
Now go away and read data to correct your "opinion" so you can start to post facts instead.
This post has been deleted by its author
Great! Someone who knows what they are talking about who can explain security to us.
So, we all know the 'BEAST' attack leverages client side web-browser right( correct me whenever you can)?
And BB10 uses webkit based browser similar to Apple, OS X, Google, and Nokia, which was presumably patched 3 years ago by client side browser update.
So, how is it vulnerable to the attack? Just tested my browser and it seemed ok.
One must remember that RIM takes an extremely conservative approach to crypto--by design. Their primary customers are now governments that require this. For example FIPS is dated and some of the ciphers compromised, but the overall FIPS approach and framework is highly secure and that's what the customer demands.
BEAST is for the most-part mitigated on the server side by all significant web sites. The case against RC4 is far from convincing, as the very-pointy-headed folks at Google have discerned--Google continues to prefer it.
http://googleonlinesecurity.blogspot.com/2013/11/a-roster-of-tls-cipher-suites-weaknesses.html
"Better the devil you know than the one you don't" as the saying goes. No doubt the latest EC crypto is great stuff, but it's still relatively young and not enough rocks have been thrown yet for utter confidence.