BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 08-19-2010, 04:24 PM   #41 (permalink)
Talking BlackBerry Encyclopedia
 
The Sand's Avatar
 
Join Date: Oct 2008
Location: Los Angeles, CA
Model: 9810
OS: 7.0.1355
PIN: N/A
Carrier: AT&T
Posts: 357
Post Thanks: 4
Thanked 3 Times in 3 Posts
Default

Please Login to Remove!

You are right, you have no idea what the "other party" is doing... there is risk to all of it, and nobody should think email is truly "secure."

But, I should be able to "see" the information to make the best decision for me. And that does not mean the paragraph in terms and conditions. I need to see the what is really gong on with the ports and SSL on the phone. That is shown on other phones. I had to pay to get that inforamtion... that is wrong.

Thanks for your input aiharkness - as always it was worth reading...

Sandy
Offline  
Old 08-19-2010, 07:19 PM   #42 (permalink)
BlackBerryForums.com Super Moderator
 
SteveO86's Avatar
 
Join Date: Sep 2007
Location: Florida
Model: 9650
OS: 6.0.0.280
PIN: I heard it drop!
Carrier: VZW BIS
Posts: 6,534
Post Thanks: 0
Thanked 4 Times in 1 Post
Default

Unless you are going to implement S/MIME or PGP you email is not encrypted. And to my knowledge Yahoo/Hotmail/GMail doesn't do that.

Just because you sign into an SSL web page does not mean all the email you send is encrypted. It just means your sign on information is secure and the login page you are logging into is secure/legit.

And to have fully encrypted email the receiver of your email must have your decryption key... I most common instanced public keys (digital certificates).
__________________
8830 -> 8330 -> 9550 -> 9650
Just think about how far BlackBerries have come from then till now... And what else is coming.

Follow me on Twitter

Last edited by SteveO86 : 08-19-2010 at 07:21 PM.
Offline  
Old 08-19-2010, 07:35 PM   #43 (permalink)
Talking BlackBerry Encyclopedia
 
The Sand's Avatar
 
Join Date: Oct 2008
Location: Los Angeles, CA
Model: 9810
OS: 7.0.1355
PIN: N/A
Carrier: AT&T
Posts: 357
Post Thanks: 4
Thanked 3 Times in 3 Posts
Default

Quote:
Originally Posted by SteveO86 View Post
Unless you are going to implement S/MIME or PGP you email is not encrypted. And to my knowledge Yahoo/Hotmail/GMail doesn't do that.

Just because you sign into an SSL web page does not mean all the email you send is encrypted. It just means your sign on information is secure and the login page you are logging into is secure/legit.

And to have fully encrypted email the receiver of your email must have your decryption key... I most common instanced public keys (digital certificates).
Hotmail gives a "secure sign in" with https: (you have to select it) as you mentioned above. Gmail (if enabled - it is in settings) gives you security while "on" the website... the entire time you are there you are on https: That can also be enabled from their Gmail app on the BB. Hotmail only gives you the sign in - Yahoo gives you nothing. But Gmail is good here... now is it the kind of security/encryption PGP and the like offer - No, but it certainly help.

The https keep peeps from "snooping" while you are looking at your mail...

Actually Yahoo has changed that - I just checked - they now also have SSL for sign in...

Sandy

Last edited by The Sand : 08-19-2010 at 07:40 PM.
Offline  
Old 08-19-2010, 07:57 PM   #44 (permalink)
BlackBerry God
 
penguin3107's Avatar
 
Join Date: Jan 2005
Model: iOS 5
Carrier: VZW
Posts: 11,701
Post Thanks: 1
Thanked 237 Times in 219 Posts
Default

Sandy... even if you guarantee that you have a fully encrypted session between your mail client and you mail server (whether it be a handheld or a computer), it still doesn't matter because you have positively no control over the sender's mail setup.

If the sender is delivering mail to you in clear text, which is going to be the case in an extremely high percentage of instances, then it doesn't make one bit of difference what your end is set up to do. Your end-to-end security has already failed.

Stop acting like RIM's BIS model is unsafe, full of holes, and insecure. You're just spreading FUD which you apparently wasted 4 hours and $50 on.
Give it a rest.
__________________
BCSA
BES 5.0.3 MR4 :-: Exchange 2007 SP3 RU3
http://port3101.org
Offline  
Old 08-19-2010, 08:13 PM   #45 (permalink)
Talking BlackBerry Encyclopedia
 
The Sand's Avatar
 
Join Date: Oct 2008
Location: Los Angeles, CA
Model: 9810
OS: 7.0.1355
PIN: N/A
Carrier: AT&T
Posts: 357
Post Thanks: 4
Thanked 3 Times in 3 Posts
Default

Quote:
Originally Posted by penguin3107 View Post
Sandy... even if you guarantee that you have a fully encrypted session between your mail client and you mail server (whether it be a handheld or a computer), it still doesn't matter because you have positively no control over the sender's mail setup.

If the sender is delivering mail to you in clear text, which is going to be the case in an extremely high percentage of instances, then it doesn't make one bit of difference what your end is set up to do. Your end-to-end security has already failed.

Stop acting like RIM's BIS model is unsafe, full of holes, and insecure. You're just spreading FUD which you apparently wasted 4 hours and $50 on.
Give it a rest.
Theh user has more control than you are giving them credit for...

When the bank/credit card company sends me info I would prefer that coming in on an SSL enabled port. And I don't write the bank back... but that doesn't mean I want someone reading that email...

I believe the BIS is not safe - not compared to other smartphones. Are other parts of the BB OS safer than other smartphones - yes. But the email for the BIS is not.

I am not spreading anything that is not fact based on the ports described in the inital post. And it's not for you to tell me what I wasted my time and money on. If you don't want to read this walk away... Don't tell me when to "Give it a rest." That isn't for you to decide.

Sandy
Offline  
Old 08-19-2010, 09:02 PM   #46 (permalink)
BlackBerryForums.com Super Moderator
 
SteveO86's Avatar
 
Join Date: Sep 2007
Location: Florida
Model: 9650
OS: 6.0.0.280
PIN: I heard it drop!
Carrier: VZW BIS
Posts: 6,534
Post Thanks: 0
Thanked 4 Times in 1 Post
Default

Quote:
Originally Posted by The Sand View Post
Hotmail gives a "secure sign in" with https: (you have to select it) as you mentioned above. Gmail (if enabled - it is in settings) gives you security while "on" the website... the entire time you are there you are on https: That can also be enabled from their Gmail app on the BB. Hotmail only gives you the sign in - Yahoo gives you nothing. But Gmail is good here... now is it the kind of security/encryption PGP and the like offer - No, but it certainly help.
http://www.blackberryforums.com/newr...eply&p=1644031
The https keep peeps from "snooping" while you are looking at your mail...

Actually Yahoo has changed that - I just checked - they now also have SSL for sign in...

Sandy
You can call me ignorant for this.. But I fail to see the point of getting worked up over this, yes it is disappointing. (And believe me I am)

If security is implemented, it should be implemented end to end. SSL is a good start but without the rest really what's the point.

And until I can sniff packets off the CDMA network or a Wi-Fi network and see my BIS information being sent in clear text I will not sweat over this.

(I would also like to keep mind I control what Wi-Fi networks my BlackBerry connects)
__________________
8830 -> 8330 -> 9550 -> 9650
Just think about how far BlackBerries have come from then till now... And what else is coming.

Follow me on Twitter
Offline  
Old 08-19-2010, 09:16 PM   #47 (permalink)
BBF Spam Killer Moderator
 
daphne's Avatar
 
Join Date: May 2007
Location: on a sunny beach
Model: Z
OS: 10.2.1.12
PIN: X1ZPY34K
Carrier: VZW
Posts: 9,165
Post Thanks: 122
Thanked 146 Times in 116 Posts
Default

I would add that if you are really concerned about email security you would not be using any Gmail, Hotmail or Yahoo unless you are using something like PGP. They all have has contextual advertising based on the content of your email, so they are being scanned for the purpose of displaying "relevant" ads. I use Gmail and Yahoo only for things like news alerts and subscriptions - I never use them for personal email.

Using email on BIS is no different than POP or web based email... no more or less secure. If you are using BIS on unsecured Wifi you might as well tell the world because it is easily intercepted.
__________________
Report spam text messages to 7726
#BlackBerry by choice #BlacBerry 10 is here!
Offline  
Old 08-19-2010, 09:32 PM   #48 (permalink)
Talking BlackBerry Encyclopedia
 
The Sand's Avatar
 
Join Date: Oct 2008
Location: Los Angeles, CA
Model: 9810
OS: 7.0.1355
PIN: N/A
Carrier: AT&T
Posts: 357
Post Thanks: 4
Thanked 3 Times in 3 Posts
Default

Quote:
Originally Posted by SteveO86 View Post
You can call me ignorant for this.. But I fail to see the point of getting worked up over this, yes it is disappointing. (And believe me I am)

If security is implemented, it should be implemented end to end. SSL is a good start but without the rest really what's the point.

And until I can sniff packets off the CDMA network or a Wi-Fi network and see my BIS information being sent in clear text I will not sweat over this.

(I would also like to keep mind I control what Wi-Fi networks my BlackBerry connects)
I read your signature...

"Just think about how far BlackBerries have come from then till now... And what else is coming"

And that is so true... In the email BIS area I am hoping to get BB to the "what else is coming" - because right now they are behind. And this is more shocking because it's email security they are behind in (for the consumer.)

I have only posted this in one thread - I am just one user stating the facts delivered by RIM.

Everybody has to make a choice on whether this bothers them or not. If it doesn't bother you that's fine...

I live in Los Angeles and all the windows are barred - pretty much the norm in this area... but really, it doesn't prevent the clever thief from simply picking the lock on the door. Do I think about that, yes - but does it make me take the bars off the windows - no. I'll use all I can get... it's the same here. And I am certainly not going to go over to someone elses house and tell them what to use for security on their windows/doors.

It's a choice - and I would like the added security features of SSL

Sandy
Offline  
Old 08-19-2010, 09:38 PM   #49 (permalink)
Talking BlackBerry Encyclopedia
 
The Sand's Avatar
 
Join Date: Oct 2008
Location: Los Angeles, CA
Model: 9810
OS: 7.0.1355
PIN: N/A
Carrier: AT&T
Posts: 357
Post Thanks: 4
Thanked 3 Times in 3 Posts
Default

Quote:
Originally Posted by daphne View Post
I would add that if you are really concerned about email security you would not be using any Gmail, Hotmail or Yahoo unless you are using something like PGP. They all have has contextual advertising based on the content of your email, so they are being scanned for the purpose of displaying "relevant" ads. I use Gmail and Yahoo only for things like news alerts and subscriptions - I never use them for personal email.

Using email on BIS is no different than POP or web based email... no more or less secure. If you are using BIS on unsecured Wifi you might as well tell the world because it is easily intercepted.
You can block the ads if you purchase Yahoo mail and Hotmail - both are like 20 bucks a year. But you are right - these companies are hardly "secure." But you can do things to "help" even on an unsecured network.

My sister uses Gmail and told me today her back hurt - literally within 1 minute there was an ad for back pain relief. Hysterical.... but yet tragic at the same time!

Sandy
Offline  
Old 08-19-2010, 10:49 PM   #50 (permalink)
Crimson Tide Moderator
 
JSanders's Avatar
 
Join Date: Oct 2004
Location: North of the moss line
Model: 9xx0
OS: 7.0sumtin
PIN: t low
Carrier: Verizon
Posts: 41,907
Post Thanks: 60
Thanked 244 Times in 182 Posts
Default

Quote:
Originally Posted by The Sand View Post
And it's not for you to tell me what I wasted my time and money on. If you don't want to read this walk away... Don't tell me when to "Give it a rest." That isn't for you to decide.
Sure, he can advise you to give it a rest.
Yea, he can decide that.

Sandy, you're posting in a public forum. We all get to state our opinions, no different than you are posting yours.

So, if you don't like the expert user feedback here you're getting, don't post. Move on and take your crusade to RIM direct. What your doing here is akin to screaming at a BlockBuster rental pod how bad your rental was.

So take it or leave it, people here have opinions (and a few of them might just know more than you).
Offline  
Old 08-19-2010, 11:07 PM   #51 (permalink)
Talking BlackBerry Encyclopedia
 
The Sand's Avatar
 
Join Date: Oct 2008
Location: Los Angeles, CA
Model: 9810
OS: 7.0.1355
PIN: N/A
Carrier: AT&T
Posts: 357
Post Thanks: 4
Thanked 3 Times in 3 Posts
Default

It goes both ways... he has a right to say it, and I have a right to respond. It appears you didn't like my response... well take your own advice and deal with it.

I have not cried "foul" in any way. There would be no reason for me to "move on"...

And I only wish this issue was equivalent to a bad movie rental.

Sandy
Offline  
Old 08-20-2010, 05:24 AM   #52 (permalink)
BlackBerry Extraordinaire
 
CanuckBB's Avatar
 
Join Date: Feb 2006
Location: YYZ
Model: 9900
Carrier: Rogers
Posts: 1,183
Post Thanks: 0
Thanked 2 Times in 2 Posts
Default

Quote:
Originally Posted by The Sand View Post
Reading email from the web sucks. You either get the app that does that (only certain smartphones - and only certain apps) or you use the email client.

There are quie a few slams regarding the consumer here... why?

Not everybody that is under the consumer banner is stupid. I am a consumer... and I can safely say I have never emailed regarding "recipes" which has been referred to twice in this thread.

And whether the BB is right for me or not - is not up to you.

Sandy
Yet, the overwhelming majority of users of those email services will read their email through the web interface on their computer.

Do you realize how much email traffic is 'recipes', mundane and inane trivialities? Do you realize how much Joe Public doesn't care?

And as other have mentioned, if you're concerned about security, you don't use a public server to host your emails.
Offline  
Old 08-20-2010, 06:13 AM   #53 (permalink)
BlackBerry God
 
aiharkness's Avatar
 
Join Date: Jul 2005
Location: Florida Panhandle
Model: Z10
OS: 10.2.1
Carrier: T-Mobile USA
Posts: 13,697
Post Thanks: 15
Thanked 498 Times in 485 Posts
Default

For what it's worth, banks, etc. still do not send official correspondence through email, at least nothing containing sensitive personal information. They do the official stuff via USPS snail mail. The email is marketing and very innocuous notices and alerts, with the most "official" being the purchase acknowledgments and shipping alerts, which still are not sensitive. I personally don't see the need to do more than what is being done now, and as already pointed out, I only have control over my little part of the data path to my machine, and my machine. At least that is the way it is in my case. But as I say, the way the email is works for me.

What I really worry about is the security of information on my machine, and the security of those databases out there that hold sensitive information. Email, not so much.

I appreciate the "what could be" argument. Maybe it will come, things will change, and I'll say, "Wow, this is cool. Why didn't we do this a long time ago?"

But right now I'm not getting all worked up about it. Besides, email is dying, except for us old folks keeping it on life support sending all those inane messages back and forth.
Posted via BlackBerryForums.com Mobile
Online  
Old 08-20-2010, 07:16 AM   #54 (permalink)
BlackBerryForums.com Super Moderator
 
SteveO86's Avatar
 
Join Date: Sep 2007
Location: Florida
Model: 9650
OS: 6.0.0.280
PIN: I heard it drop!
Carrier: VZW BIS
Posts: 6,534
Post Thanks: 0
Thanked 4 Times in 1 Post
Default

Just to backup Aiharkness, not many companies even bother for full encrypted email, unless it truly is deemed classified or business critical.

A vast majority of companies are implementing (Banks/Sallie Mae/etc) a system, where you get notified you have a message to read and link to sign in and read the message off the companies website.

So not as much information is going through email that you would really think.
__________________
8830 -> 8330 -> 9550 -> 9650
Just think about how far BlackBerries have come from then till now... And what else is coming.

Follow me on Twitter
Offline  
Old 08-20-2010, 07:39 AM   #55 (permalink)
BlackBerryForums.com Super Moderator
 
SteveO86's Avatar
 
Join Date: Sep 2007
Location: Florida
Model: 9650
OS: 6.0.0.280
PIN: I heard it drop!
Carrier: VZW BIS
Posts: 6,534
Post Thanks: 0
Thanked 4 Times in 1 Post
Default

Quote:
Originally Posted by The Sand View Post
I read your signature...

"Just think about how far BlackBerries have come from then till now... And what else is coming"

And that is so true... In the email BIS area I am hoping to get BB to the "what else is coming" - because right now they are behind. And this is more shocking because it's email security they are behind in (for the consumer.)

I have only posted this in one thread - I am just one user stating the facts delivered by RIM.

Everybody has to make a choice on whether this bothers them or not. If it doesn't bother you that's fine...

I live in Los Angeles and all the windows are barred - pretty much the norm in this area... but really, it doesn't prevent the clever thief from simply picking the lock on the door. Do I think about that, yes - but does it make me take the bars off the windows - no. I'll use all I can get... it's the same here. And I am certainly not going to go over to someone elses house and tell them what to use for security on their windows/doors.

It's a choice - and I would like the added security features of SSL

Sandy
I'm really not trying to sound like I do not care or this does not bother me.. I did state I was slightly disappointed with the revelation.

I'm just stating 2 things.

1. Even if SSL is implemented their many points of failure.

a. Email is sent in clear text.
b. Email is stored in clear text.
c. The recipient, even if you encrypt headers/MIMEs/etc if the recipient is infected with a virus they got your email. (and the same is true for the sender)
d. If you are backing up the email or use Outlook with PST files, those PST are typically not encrypted.
e. It's going on the internet.. Their is nothing

So real security will not be gained.

2. Until I can see that physical proof is captured that my information has been sniffed off the network and I can see it in clear text. I will not be losing any sleep. No sense getting upset about something that does not pose a threat.
__________________
8830 -> 8330 -> 9550 -> 9650
Just think about how far BlackBerries have come from then till now... And what else is coming.

Follow me on Twitter
Offline  
Old 08-20-2010, 08:04 AM   #56 (permalink)
Crimson Tide Moderator
 
JSanders's Avatar
 
Join Date: Oct 2004
Location: North of the moss line
Model: 9xx0
OS: 7.0sumtin
PIN: t low
Carrier: Verizon
Posts: 41,907
Post Thanks: 60
Thanked 244 Times in 182 Posts
Default

Quote:
Originally Posted by The Sand View Post
It goes both ways... he has a right to say it, and I have a right to respond. It appears you didn't like my response... well take your own advice and deal with it.

I have not cried "foul" in any way. There would be no reason for me to "move on"...

Sandy
Quote:
Originally Posted by The Sand View Post
And it's not for you to tell me what I wasted my time and money on. If you don't want to read this walk away...

Sandy
Heh, your posts here seem to pretty much contradict the other.

Your coming off sounding like a sniveling, whining, unreasonable craphead.
I don't think you are, of course... it's the appearance your posts here represent of you.

So, you've stated your point now many times. You've been heard here.
Users disagree. Yep, time to move on.

Quote:
Originally Posted by The Sand View Post
Don't tell me when to "Give it a rest." That isn't for you to decide.
Want to find out?
Offline  
Old 08-20-2010, 08:09 AM   #57 (permalink)
Grumpy Moderator
 
NJBlackBerry's Avatar
 
Join Date: Aug 2004
Location: Somewhere in the swamps of Jersey
Model: i5s
Carrier: AT&T
Posts: 27,770
Post Thanks: 32
Thanked 439 Times in 379 Posts
Default

Actually, they sound like they are overly passionate and firm in their beliefs that they know what is right and everyone who disagrees with them is wrong. It must e Miserable to feel that you are always right and the world is against you. Miserable.

You know, like Apple fans.

If you don't want to read this, walk away.
Offline  
Old 08-20-2010, 08:17 AM   #58 (permalink)
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,875
Post Thanks: 3
Thanked 72 Times in 55 Posts
Default

How interesting. I was reading this thread on my BlackBerry and received an email advertisement for a tinfoil hat.... irony...
__________________
No longer a BES Admin, but it was fun while it lasted!
Offline  
Old 08-20-2010, 01:56 PM   #59 (permalink)
Talking BlackBerry Encyclopedia
 
The Sand's Avatar
 
Join Date: Oct 2008
Location: Los Angeles, CA
Model: 9810
OS: 7.0.1355
PIN: N/A
Carrier: AT&T
Posts: 357
Post Thanks: 4
Thanked 3 Times in 3 Posts
Default

As for how people access web based mail from their computer... that is an entirely different argument. This thread was about the BB BIS. But just to touch on it… Google has enabled https: by default… they saw the need. Hotmail and Yahoo now have SSL sign in. People have been at Hotmail and Yahoo for awhile now to get full https and I think they will.

Smartphones have already addressed this security concern and taken care of your basic Yahoo/Gmail/Hotmail, i.e., pop and imap and the like through the phones. They all have SSL… this will become even more important because we are all losing “unlimited data.” How you manage your data will be different. There are now categories and caps - which means more and more people will be accessing WiFi in other areas besides their home… where it won’t be safe.

If the argument is “You don’t care” or “the user doesn’t care” or “the bank has no details” or email is dated – or more “recipe” references (look to the left… I am chick from L.A. – I don’t eat) or you simply don’t like how I have presented myself..??... while I have no problem with people expressing that – it really isn’t really a “defense” against the facts.

It’s a little interesting that the people the most adamant are BES users with the security that affords them…they aren’t suffering this problem – they can afford exchange.

Maybe the BIS user can’t, and they should be afforded the same security standard that is the norm in the industry at this time.

I have stated the facts and the people I was trying to get to (no, not moderators running BES) can do the research... Look up SSL and what it means and how to make your email secure through email clients.

And by the way, “No” I am not wearing a tin hat

Good luck!!
Sandy
Offline  
Old 08-20-2010, 02:07 PM   #60 (permalink)
Grumpy Moderator
 
NJBlackBerry's Avatar
 
Join Date: Aug 2004
Location: Somewhere in the swamps of Jersey
Model: i5s
Carrier: AT&T
Posts: 27,770
Post Thanks: 32
Thanked 439 Times in 379 Posts
Default

You could get hosted Exchange and BES... Limits the cost.
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright © 2004-2014 BlackBerryForums.com.
The names RIM © and BlackBerry © are registered Trademarks of BlackBerry Inc.