View Single Post
Old 08-18-2010, 06:51 PM   #1 (permalink)
The Sand
Talking BlackBerry Encyclopedia
 
The Sand's Avatar
 
Join Date: Oct 2008
Location: Los Angeles, CA
Model: 9810
OS: 7.0.1355
PIN: N/A
Carrier: AT&T
Posts: 357
Post Thanks: 4
Thanked 3 Times in 3 Posts
Exclamation BIS - No Better Security than Web Based Mail

Please Login to Remove!

It took 4 hours of talking to RIM to get to the bottom of, xxx8220;What protection does the BIS offerxxx8221;xxx8230; Please keep in mind I was told this from RIM xxx8211; thus donxxx8217;t xxx8220;shootxxx8221; the messengerxxx8230;

As for RIMS part in BIS emailxxx8230; When you type a message on the BB it goes to RIMxxx8217;s server or onto the BIS. From the point of writing the message to the server itxxx8217;s encrypted. When it hits the BIS for processing that stopsxxx8230; there is no encryption for BIS like there is for BES - which is why you want SSL enabled for emailxxx8230;

The following is the breakdown:

For incoming email the Yahoo port is 143 no SSL xxx8211; that cannot be changedxxx8230; that is the xxx8220;dealxxx8221; they have with Yahoo and you canxxx8217;t change it to the typical SSL port for Yahoo which is 995. For outgoingxxx8230; the BIS basically logs into your Yahoo account and the xxx8220;sendxxx8221; is like you sent it from Yahoo on the web. People like email clients so they can select enable SSL (or encryption). Typically, that is why people use the email clients on their smartphones. If the outgoing is the equivalent of xxx8220;web basedxxx8221; you are offered no advantage of going through the BIS. Yahoo incoming/outgoing has no SSL enablement xxx8211; again, you might as well be accessing Yahoo from the web.

Gmail can be on port 143 (which mine was) with no SSL or port 995 with SSL xxx8211; the outgoing is the same as Yahooxxx8217;s scenario. RIM/BIS log into Gmail and it goes out as if you were on the webxxx8230; Now Gmail uses xxx8220;httpsxxx8221; by default (they recently changed that whereas before you had to enable that feature.) xxx8220;Httpsxxx8221; is securexxx8230; So Gmail looks better with encryption for outgoing, but you would need to check to make sure you are not on the incoming port 143 like I was, unknowingly. Gmailxxx8217;s incoming/outgoing is the equivalent of other smartphones xxx8211; you can get Gmail secure. Heck, Gmail is secure on the webxxx8230; but Keep in mind that depends on what you think of Google themselves xxx8211; I think they know more than they should in regard to my personal business and limit their use.

Hotmail can be on port 110 no SSL or port 995 with SSL. The outgoing is the same xxx8211; like you were on the web, and Hotmail like Yahoo offers no xxx8220;httpsxxx8221; so you have no SSL for outgoing. Hotmail xxx8220;canxxx8221; (depending on the incoming port you have set up) deliver incoming secure - but not outgoing.

The carrier specific addresses like (carrier)blackberry.net is port 110 incoming no SSL and port 25 outgoing no SSL. So, this is like Yahoo xxx8211; justxxx8230; nothing.

In regard to security the BIS offers nothing over web based mailxxx8230;

Based on the above I will be deleting my AT&T account as well as Yahoo through the BIS... If you arenxxx8217;t a Google fan, you really have no xxx8220;good xxx8220;option here for email through the BIS.

At this time they have no intention of changing this. They also said this information is all readily available through xxx8220;Terms and Conditionxxx8221; when you set up your email through the BIS. I havenxxx8217;t checked but so what if itxxx8217;s there xxx8211; itxxx8217;s bad. They can wave it like a banner but it still sucks. The iPhone, HTCxxx8217;s, Nokia ALL have the ability to encrypt or enable SSL for the incoming/outgoing ports for their email clients. That is just the norm right now. Again, thatxxx8217;s a big reason people use smartphonesxxx8230;

At least disclosing the above (not buried in terms and conditions) letxxx8217;s the user decide how to protect themselves. Especially since credit card statements and banking can be done online now.

I wanted to know what was behind the BIS wallxxx8230;

Now we know - there is no wall.

Sandy

p.s. I had to submit a support ticket and pay RIM $49.99 to get this information - to get specifics about the ports, which is not disclosed in the Terms and Conditions...

Last edited by The Sand : 08-18-2010 at 06:56 PM.
Offline   Reply With Quote