How to ruin your company in (Blackberry) 10 steps

Subject: General Tech | September 12, 2013 - 03:09 PM |
Tagged: blackberry, flash, blackberry q10, blackberry z10, playbook, security

Oh RIM, is this what happens when you change your name, celebrity spokesperson and infrastructure?  First you gave up on what we thought was an incredibly secure way to communicate and moved to the same ActiveSync environment of Android and iOS and then we find out that we were fooling ourselves and even the old BES encryption was broken.  Then we find out that our data plans might or might not work if we roam outside of our home carriers network, regardless of what travel plan we might have requested.  A patch Tuesday cycle could be the last straw for many; announcing two ancient Adobe vulnerabilities on the new BB10 OS which will need to be patched might assure some that you still have a passing acquaintance with security but for most it is just one too many flaws.  The Inquirer links to the BB security threads in this article.

View Full Size

"The Z10, Q10 and PlayBook all need patching for Adobe Flash vulnerabilities. If a user were led to a page containing crafted Flash content, an attacker could execute arbitrary code on an affected device. BSRT-2013-007 notes that an alternative attack would be to trick users into downloading an Adobe AIR application."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

September 13, 2013 | 10:40 AM - Posted by Someone who can actually read (not verified)

Learn to read, dude. Look closely at the statements.

The issues/vulnerabilities listed only apply to versions that stopped shipping *three months ago*.

Blackberry had no reason to disclose this fact, as it doesn't actually apply to anyone anymore. As a simple matter of fact, it shows that they actually want to keep their customers informed.

Apparently, no other company will admit there ever was a vulnerability unless it is an active current issue. If they solved it three patches ago, then they would keep it quiet, never letting anyone know that they were vulnerable.

Try again some other time.

September 13, 2013 | 12:40 PM - Posted by Jeremy Hellstrom

On what planet have BB10 devices been shipping for 3 months and who do you work with that actually does updates to their phones?

September 13, 2013 | 01:35 PM - Posted by Uhhh... (not verified)

The z10 launched in March, so 5+ months on the market...Also, I work in the enterprise mobility field, and I actually have to regularly request that users hold of on updates until we can support them. Users LOVE updates.

September 13, 2013 | 01:52 PM - Posted by Jeremy Hellstrom

I'm jelaous, most of the ones I work with absolutely refuse to do updates unless IT stands over them poking them in the back of the head.  Mind you, in some ways that is because on the old BES 5 we use allowed us to completely lock down the phones so they couldn't update and they got used to that. Then again they couldn't easily get infected either on the legacy Curves and Bolds whereas even the new Q10 that arrived yesterday needed these updates and I don't release them to users until they are applied.  I miss the old RIM.

Which provider forked it out so early, or do you mean pre-orders?  I wasn't until towards the end of June that we could actually order them from our providers.

September 13, 2013 | 03:44 PM - Posted by ChrisKABA (not verified)

When was it released?! I got my Z10 from T-Mobile the end of March...

In hand, not some pre-order where they promise to ship it to you by Q4 2013.

Granted, companies like Sprint and Verizon seem he'll bent against BB, so if you only talk to their sales people, I can see how you'd be ignorant of when BB 10 was released. (not to mention BB's crappy sales force... a tiny bit of marketing that practically no one in the US has seen. Good thing they fired a bunch of those clowns recently. That's good news, not bad.)

September 16, 2013 | 10:39 AM - Posted by kab (not verified)

Z10 has been shipping since like February or March. I got mine in May and that was after waiting a couple months to see long term reviews.

The 10.1 update has been out for something like 4-5 months. Verizon and others are abominably slow about getting it out, but even they have long since updated. It's also automatic by default, you have to go out of your way to stop it.

If you have no clue what you're writing about perhaps you shouldn't be publishing it.

September 16, 2013 | 02:37 PM - Posted by Jeremy Hellstrom

I don't remember mentioning the release date in the news post and frankly when I look up the release date of Rogers I see May 1 ... so in essence it was out by only a few months in the response I made to the polite gentleman that put in the comment.  On the other hand, we first started ordering them in my company in July, so while consumers could get their hands on them before then, corporate users tended not to.  The post was about Enterprise usage of Blackberry devices on a BES and not consumer users on a BIS.  It is nice that you bought a device for personal usage and can update it whenever you feel like, I on the other hand need to have about a dozen phones shipped back to me so that I can update them while the user has an old loaner sent to them.  We have gone out of the way to stop the updates from happening, as well as not allowing the user to install apps.

Nothing I said was incorrect for corporate users, in the future I will put THIS IS ABOUT ENTERPRISE in the post so that you do not get confused about the usage scenarios I am talking about.  Obviously if you own your phone then you really don't care about what is happening to the BES or ActiveSync infrastructure.

September 13, 2013 | 01:13 PM - Posted by someone that recognizes a shill (not verified)

How much did you get paid to write this tripe?

You are an idiot. Get used to being ignored.

September 14, 2013 | 02:24 AM - Posted by praack

the NSA vulnerability we are all finding distasteful in almost anything that is hitting the streets. RIM did not help the NSA, did not know of it either from the article.

the fact that the US government is taking spying on innocents to such a degree will not have a happy ending, power at that magnitude never does.

I am more concerned when we ignore the obvious- and decide to buy phones with fingerprint tech that track us, and give the keys to our lives to the government

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.