BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 01-17-2011, 02:31 PM   #141 (permalink)
Talking BlackBerry Encyclopedia
 
The Sand's Avatar
 
Join Date: Oct 2008
Location: Los Angeles, CA
Model: 9810
OS: 7.0.1355
PIN: N/A
Carrier: AT&T
Posts: 357
Post Thanks: 4
Thanked 3 Times in 3 Posts
Default Re: BIS - No Better Security than Web Based Mail

Please Login to Remove!

Quote:
Originally Posted by montevale View Post
So if I have a hosted excahnge with BES:
1. Would someone who is managing that hosted exchange still be able to see my emails
2. Should I install PGP on my desktop to further secure all outgoing emails... and I'm assuming that then for sure the messages sitting on the exchange server would only be visible to someone with the PGP key only... not to any of the admins snooping around. (Plase no offence to the Admins here, this is simply a security issue as I have no idea who those people may be)
2. if I install PGP on my desktop would I still be able to read my sent emails and replies on the blackbery? (I really do not want to buy a minimum of 10 licenses asked by PGP as a condition, PGP is aksing for over a grand for a min of 10 licenses)
3. If I use outlook for web (instead of the full blown client) would I still be able to see the encrypted messages?
Cheers.
Whoever runs the server can see your email unless it's encrypted. You can use PGP for Outlook as well as the Blackberry... PGP is currently not compatible with Outlook 2010. I have no idea about Outlook on the web...
Offline  
The Following User Says Thank You to The Sand For This Useful Post:
montevale (01-19-2011)
Old 01-17-2011, 02:55 PM   #142 (permalink)
BlackBerry Extraordinaire
 
Join Date: Mar 2006
Model: 9700
Carrier: t-mobile Germany
Posts: 1,362
Post Thanks: 11
Thanked 69 Times in 66 Posts
Default Re: BIS - No Better Security than Web Based Mail

Quote:
Originally Posted by montevale View Post
So if I have a hosted excahnge with BES:
1. Would someone who is managing that hosted exchange still be able to see my emails
Yes

Quote:
Originally Posted by montevale View Post
2. Should I install PGP on my desktop to further secure all outgoing emails... and I'm assuming that then for sure the messages sitting on the exchange server would only be visible to someone with the PGP key only... not to any of the admins snooping around. (Plase no offence to the Admins here, this is simply a security issue as I have no idea who those people may be)
Yes

Quote:
Originally Posted by montevale View Post
2. if I install PGP on my desktop would I still be able to read my sent emails and replies on the blackbery? (I really do not want to buy a minimum of 10 licenses asked by PGP as a condition, PGP is aksing for over a grand for a min of 10 licenses)
No, you will not be able to read PGP encrypted emails unless you have a PGP client on the blackberry

Quote:
Originally Posted by montevale View Post
3. If I use outlook for web (instead of the full blown client) would I still be able to see the encrypted messages?
Cheers.
Yes, you will be able to see the encrypted messages, but you are not able to decipher them until you use PGP.
Offline  
The Following User Says Thank You to nobody7290 For This Useful Post:
montevale (01-19-2011)
Old 01-19-2011, 10:46 AM   #143 (permalink)
New Member
 
Join Date: Nov 2006
Location: Vancouver
Model: 9000
Carrier: rogers.ca
Posts: 8
Post Thanks: 2
Thanked 0 Times in 0 Posts
Default Re: BIS - No Better Security than Web Based Mail

Thanks for the explanation.
Noting that PGP is not supporting Outlook 2010, is there an alternative to PGP? for outlook? and for Blackberry?
__________________
just do it ...now!
Offline  
Old 01-19-2011, 09:54 PM   #144 (permalink)
Talking BlackBerry Encyclopedia
 
The Sand's Avatar
 
Join Date: Oct 2008
Location: Los Angeles, CA
Model: 9810
OS: 7.0.1355
PIN: N/A
Carrier: AT&T
Posts: 357
Post Thanks: 4
Thanked 3 Times in 3 Posts
Default Re: BIS - No Better Security than Web Based Mail

Basically there is SMIME and PGP - PGP is the easiest but they only recently came to the table with Outlook 2007 SP2 so I donít see them releasing 2010 capability soon. I have called/written and they have no idea when Ė they didnít even say they were testing it. When they can give NO time frame itís not a good sign.

Outlook supports SMIME natively you just have to get a certificateÖ. but so does the other person. Which isnít bad if you are only dealing with a few people you want to do this with. VeriSign is the number 1 company for certificates, itís 19.99 a year. Comodo is the number 2 company and they do it for free... but there are many companies that do this.

I can send/recieve encrypted SMIME from Outlook now to the people I have set up certificates for - but I cannot get the cert installed on the Blackberry. It may be you have to have BES for that to work on a Blackberry, which I don't have.

Sandy
Offline  
Old 01-29-2011, 11:13 PM   #145 (permalink)
New Member
 
Join Date: Jan 2011
Model: 8530
PIN: N/A
Carrier: sprint att verizon
Posts: 2
Post Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: BIS - No Better Security than Web Based Mail

I was searching the net for this very issue because I was not sure. Not because I didn't care but, RIM is often referred as "most secure" but I know now that applies more for BES. My job doesn't subscribe to BES, but I still want security now what?

What does a regular person do?
Purchase a whole list of other products, lotus, exchange, CALs and BES if they want to secure their personal email accounts? Uh, it doesn't work like that

What would a small business do? I doubt all small businesses can afford BES but I am sure they all would want it


I think this was a very good post to share. To assume someone does not care just because they may lack the knowledge to inquire about it, is the reason society is messed up!
If it is common knowledge then this post should be a sticky, right....because everything that is all over the net is ALWAYS asked over and over again

I think it is better to say consumers are unaware about Internet security,SSL, ports, wifi, hot spots, routers etc.. Most people don't know these things!!
Some opt to never use a PC, smartphone because they assume it is all unsafe... well these types of post HELP, you've cleared the air!



Realistically if given the option, both services freely available, Who would really choose to have no SSL? No security? I think that is what the original poster was trying to express and I appreciate it!!
Still love BB though, better than them others! <IMO>
Offline  
Old 01-29-2011, 11:43 PM   #146 (permalink)
Talking BlackBerry Encyclopedia
 
The Sand's Avatar
 
Join Date: Oct 2008
Location: Los Angeles, CA
Model: 9810
OS: 7.0.1355
PIN: N/A
Carrier: AT&T
Posts: 357
Post Thanks: 4
Thanked 3 Times in 3 Posts
Default Re: BIS - No Better Security than Web Based Mail

I just wish RIM would change this... making Gmail/Yahoo/Hotmail through the BIS as secure as it is through Apple, Droid and WP7's email clients, where you get SSL (or encryption) from device to server. They told me they do not plan on doing so... sad.

I tried AstraSync and NotifySync - to get the SSL for the Blackberry, but they both sucked compared to Blackberry's native email client. They are also quite hard on the battery life.

I have now set up hosted exchange, because Blackbrerry is a very good device with a very good OS and in order to keep it... BES was the only way. My other smartphones will carry the Yahoo/Hotmail accounts.

Sandy

Last edited by The Sand : 01-29-2011 at 11:56 PM.
Offline  
Old 01-30-2011, 12:42 AM   #147 (permalink)
Talking BlackBerry Encyclopedia
 
The Sand's Avatar
 
Join Date: Oct 2008
Location: Los Angeles, CA
Model: 9810
OS: 7.0.1355
PIN: N/A
Carrier: AT&T
Posts: 357
Post Thanks: 4
Thanked 3 Times in 3 Posts
Default Re: BIS - No Better Security than Web Based Mail

Just to add... when I put the hosted exchange account through all my devices, once again the Blackberry was the only device to show me NOTHING. So really, I have no idea what they do. I am not able to "see anything" in regard to the settings like I was for Outlook or my WP7 and my Nokia N900, I would assume it's "all good"... but I don't' know for sure.

I have attached 2 print screens of the screens you see in Outlook where you can select SSL, etc. On both WP7 and N900 I was able to select SSL (actually see it.) I was surprised that again, I was able to determine nothing on the Blackberry.

I am going to call RIM on Monday...

Sandy
Attached Thumbnails
BIS - No Better Security than Web Based Mail-bb-copy.jpg  BIS - No Better Security than Web Based Mail-bb1-copy.jpg  

Last edited by The Sand : 01-30-2011 at 12:56 AM.
Offline  
Old 01-31-2011, 11:41 PM   #148 (permalink)
Talking BlackBerry Encyclopedia
 
The Sand's Avatar
 
Join Date: Oct 2008
Location: Los Angeles, CA
Model: 9810
OS: 7.0.1355
PIN: N/A
Carrier: AT&T
Posts: 357
Post Thanks: 4
Thanked 3 Times in 3 Posts
Default Re: BIS - No Better Security than Web Based Mail

Since I am now on the xxx8220;BESxxx8221; plan itxxx8217;s $250 dollars to ask RIM a question. Only for personal BIS accounts is the fee $49. So the person who answered the phone put me on hold and tried to find out what he could. In the end he didnxxx8217;t have an answer, he just kept repeating, xxx8220;the BES has encryptionxxx8221; which I already knew. I know itxxx8217;s up to the device (more specifically the user of the device) to select the use of SSL, I selected it personally for everything I have put the hosted exchange account through so far. I hope BB, when prompted for that question, answered it the way I wanted them to.

To get the BES cost me $15 more monthly from AT&T and about $5 more as an add-on for hosted exchange ($20. Monthly) If you have a household of Blackberryxxx8217;s this could add up quick. To put hosted exchange through my other smartphones cost me - nothing. Add to this the ability to now use Hotmail and Google as exchange accounts through some of these other smartphones giving the consumer a full sync for contacts/calendar and push email xxx8211; all with a protected SSL connection. RIM will have to think about this, itxxx8217;s hard to compete with xxx8220;free.xxx8221; Why should I have to pay and use the BES just to get basic SSL and contact/calendar sync??? Which is all I am really after, I donxxx8217;t need some xxx8220;governmentxxx8221; level lock down that the BES provides.

But if you like BB that is what you will have to doxxx8230; and I will do it because I am a fan, I have an established relationship with BB xxx8211; that is why I am willing to pay that. If RIM wants new users, they are going to have to do something to change this.
Offline  
Old 02-03-2011, 01:56 PM   #149 (permalink)
Talking BlackBerry Encyclopedia
 
OVERKILL's Avatar
 
Join Date: Mar 2006
Location: Ontario, Canada
Model: 9900
OS: 7.1.0.391
Carrier: Rogers
Posts: 205
Post Thanks: 6
Thanked 7 Times in 5 Posts
Default Re: BIS - No Better Security than Web Based Mail

The point that has been mentioned (but not really hashed out here) is that SMTP isn't secure anyways.

You can encrypt the living hell out of your connection between the handheld and the provider. Be it Yahoo, Microsoft, Google.... Whomever. But the instant that mail message leaves their server for its destination... It is in clear text. Bouncing from router to router until it gets to the destination SMTP server for the domain the e-mail was intended for.

The only way to guarantee security here is with the (cumbersome) method of using PGP or S/MIME. Neither of which you can do with any of the free mail services being discussed in this thread; obsessed upon actually.

Does it REALLY matter if your connection from your handheld, over your providers network, to RIM is encrypted or not, if the connection from your Hotmail account to wherever your outgoing mail is destined for is not?

No, it doesn't. If anything, it instills a false sense of security; makes people think their mail is "protected". Same goes for receiving mail. When the mail is pushed from RIM's server to your handheld, even if the last link between your provider and your handheld (lets say Rogers and my Blackberry if I were using BIS) was unencrypted, if the e-mail message came from a domain other than the one I'm sending through, how many networks has it passed through in clear text already?

I think the other point here (and what Penguin appeared to be getting at) is that RIM isn't using HTTP, HTTPS or SMTP on the bloody handheld anyway. You aren't configuring your DEVICE to use the providers mail servers. You are configuring a system on RIM's servers to USE those credentials to login to your providers servers. And RIM clearly states that the connection between their server and your provider is encrypted! So what is the issue? The mail isn't being delivered to your handheld through POP, HTTP or any conventional mechanism. So the point about HTTPS/SSL here is irrelevant. The mail is being PUSHED to your handheld using proprietary RIM technology, from THEIR server; the server which your account is configured on. And when mail is SENT from the handheld, it is handled the same way.

The only way HTTP or HTTPS are relevant are if we are discussing accessing your mail through a web browser, and not RIM's BIS "client". Which is just an interface to make configuration changes at THEIR end.

I think there is a severe fundamental misunderstanding of the underlying technology here; somebody knows just enough to be dangerous.

I give Penguin props for trying to explain this earlier in the thread. Though it appears to have fallen on deaf ears. I think the rep from RIM did a poor job explaining the technology to Sandy. And that is likely why this thread ended up the way it did.
__________________
950->5810->6280->7280->7290->8700->8310->9000->9800->9780->9900
BES Admin
Network Engineer
Blackberry user since 2001.

Last edited by OVERKILL : 02-03-2011 at 01:57 PM.
Offline  
Old 02-05-2011, 01:04 AM   #150 (permalink)
Talking BlackBerry Encyclopedia
 
The Sand's Avatar
 
Join Date: Oct 2008
Location: Los Angeles, CA
Model: 9810
OS: 7.0.1355
PIN: N/A
Carrier: AT&T
Posts: 357
Post Thanks: 4
Thanked 3 Times in 3 Posts
Default Re: BIS - No Better Security than Web Based Mail

Quote:
Originally Posted by OVERKILL View Post
Does it REALLY matter if your connection from your handheld, over your providers network, to RIM is encrypted or not, if the connection from your Hotmail account to wherever your outgoing mail is destined for is not?
.
Yes, it does matter. The part of the email transaction that is most vulnerable to sniffers is from device to server... making SSL very important. After server to its destination, YES it can go from to server to server with SSL intact as long as the server supports SSL/TLS. As technology makes progress in this area we will only see more and more support. Try reading the headers of a sent message using SSL/TLS... do your own research on this. Step one to take advantage of all this is to enable SSL.

Of course, keep in mind it's an encrypted "tunnel"... it does not encrypt the body of the message itself. For that you need PGP/SMIME or WinZip with encryption. But it does enough that it is now standard practice on smartphones.

And I use SMIME with "free email services" in this thread. I encrypt Yahoo and Hotmail everyday from Outlook to the people I have set this up with - and you can get certificates for free... so POP3 and IMAP have the capability as well as exchange.

RIM stated to me that the connection from their server to my provider (Yahoo/Gmail/Hotmail) was not encrypted. They also stated they push the email to the device with nothing. Which is why I did two things... switched to BES and put Yahoo/Hotmail through another smartphone with SSL. Now all my accounts are going from device to/from server protected.

Sandy
Offline  
Old 02-08-2011, 10:35 AM   #151 (permalink)
Talking BlackBerry Encyclopedia
 
OVERKILL's Avatar
 
Join Date: Mar 2006
Location: Ontario, Canada
Model: 9900
OS: 7.1.0.391
Carrier: Rogers
Posts: 205
Post Thanks: 6
Thanked 7 Times in 5 Posts
Default Re: BIS - No Better Security than Web Based Mail

Quote:
Originally Posted by The Sand View Post
Yes, it does matter. The part of the email transaction that is most vulnerable to sniffers is from device to server... making SSL very important. After server to its destination, YES it can go from to server to server with SSL intact as long as the server supports SSL/TLS. As technology makes progress in this area we will only see more and more support. Try reading the headers of a sent message using SSL/TLS... do your own research on this. Step one to take advantage of all this is to enable SSL.
You are missing my point. For it to be secure, this would have to be the case on BOTH ENDS. If the mail message you are sending from your handheld is being delivered to a PC, who is more likely to have their mail sniffed? The person using the device that doesn't actually have an IP address and is having their connection proxied through RIM's server, or the person sitting at home connected to a cable modem?

And yes, you are correct on the philosophy about SSL adoption on mail servers making this less and less of an issue at the end-user level, but it is still an issue as it stands now.

Quote:
Originally Posted by The Sand View Post
Of course, keep in mind it's an encrypted "tunnel"... it does not encrypt the body of the message itself. For that you need PGP/SMIME or WinZip with encryption. But it does enough that it is now standard practice on smartphones.
Yes, smartphones that actually talk to the mail servers themselves. That is not the case with a Blackberry. The Blackberry talks to the BIS server. The BIS servers talks to your mail servers. This appears to be where the confusion lies.

A Blackberry requires a certificate to talk to the BIS server. That is why the device has to be REGISTERED with the BIS.

Quote:
Originally Posted by The Sand View Post
And I use SMIME with "free email services" in this thread. I encrypt Yahoo and Hotmail everyday from Outlook to the people I have set this up with - and you can get certificates for free... so POP3 and IMAP have the capability as well as exchange.
Yes, from Outlook... a paid piece of software. My reference was to web-based mail services used in that manner.

But then again, you are talking about POP and IMAP. Neither of which are used by your Blackberry to talk to the BIS server. You are talking about traditional mail transport mechanisms. Those are not what are in play here.

Quote:
Originally Posted by The Sand View Post
RIM stated to me that the connection from their server to my provider (Yahoo/Gmail/Hotmail) was not encrypted. They also stated they push the email to the device with nothing. Which is why I did two things... switched to BES and put Yahoo/Hotmail through another smartphone with SSL. Now all my accounts are going from device to/from server protected.

Sandy
Well, the RIM FAQ clearly states that the link between their server and the mail provider CAN be encrypted. I would take that as "the word" on this topic. It would of course be up to that provider to support an encrypted relationship with RIM's servers or not however. Which, from your own experience, seems to vary.

And yes, the mail is being pushed to the device unencrypted. But it also isn't being delivered via a conventional mail transport mechanism. You need to take that into consideration. This isn't a device polling a mail server using POP or IMAP, not sending mail out using SMTP. This is a client/server relationship between the handheld and the BIS server.

BTW, I'm not arguing against your point that encryption is better. Of course it is!

Here is some more reading for you:

BIS Connections - BlackBerry Support Community Forums

Gives a good run-down on how BIS communication is tunneled from the handheld through RIM's servers.
__________________
950->5810->6280->7280->7290->8700->8310->9000->9800->9780->9900
BES Admin
Network Engineer
Blackberry user since 2001.
Offline  
Old 02-09-2011, 03:46 PM   #152 (permalink)
Talking BlackBerry Encyclopedia
 
The Sand's Avatar
 
Join Date: Oct 2008
Location: Los Angeles, CA
Model: 9810
OS: 7.0.1355
PIN: N/A
Carrier: AT&T
Posts: 357
Post Thanks: 4
Thanked 3 Times in 3 Posts
Default Re: BIS - No Better Security than Web Based Mail

Thanks for the link I will check it out.

But I am done with the BIS until RIM changes this. I just prefer my accounts having an encrypted tunnel from device (or Outlook with a WPA2-psk router) to server and "possibly" beyond to recipient - as possibly is still better than not possible, because you didn't bother.

I spent 4 hours with RIM tech level 2 Sunday night and am on my 2nd hosted exchange trial to get SMIME through the BES. I may be able to use DM 5.0 and redirect yahoo through the BES. It's a work in progress right now...

Sandy
Offline  
Old 02-13-2011, 02:33 PM   #153 (permalink)
Talking BlackBerry Encyclopedia
 
The Sand's Avatar
 
Join Date: Oct 2008
Location: Los Angeles, CA
Model: 9810
OS: 7.0.1355
PIN: N/A
Carrier: AT&T
Posts: 357
Post Thanks: 4
Thanked 3 Times in 3 Posts
Default Re: BIS - No Better Security than Web Based Mail

I got the SMIME through... if you want to do this - the company that hosts your exchange needs to "enable" it. It took several companies before I found one that would (which surprised me as the directions for doing so are not hard.) Most don't even know what you are talking about. Even after getting that part out of the way - this was not easy.

As far as using SMIME for free accounts from your computer, like Yahoo/Hotmail - you can do this by putting them through Outlook (which you pay for,) but it also works through Windows Mail. Windows Mail is a free download, and actually, it's a very good program.

I found that Redirect on DM 5.0 only works with exchange folders... you can't redirect your Yahoo account inbox through the BES. I actually see why now, but it was a cool "thought."
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright © 2004-2014 BlackBerryForums.com.
The names RIM © and BlackBerry © are registered Trademarks of BlackBerry Inc.