Slashdot Mirror

Maybe this clusterfuck is big enough to point out to users the security risks of the android & iphone platform.

When you have your entire life accessible from your smartphone, you need your smartphone to be audited & certified. Go buy a blackberry:

http://us.blackberry.com/ataglance/security/certifications.jsp

The older blackberry os is completely proprietary, even if you rooted it you'd have nothing to install on it..

WTF? Since when is J2ME proprietary?
AFAIK RIM has never dictated what apps can or cannot be installed. They do however make that power available to BES administrators. One of the biggest mistakes RIM made IMO was their lack of vision creating an "app store". Until I discovered Handango.com around 2004/2005 whenever I needed a particular type of app I would post to a forum and hope someone else knew of an app that would do what I needed.

On my work phone are items that are covered I part by. HIPPA +HITEC Act, PCI-DSS and more. Are these folks cOmplying with those laws? If they get breached I get to notify thousands of people who's data may be compromisd??

Well, then you should get a phone from a company that takes security seriously: blackberry. Certified & audited by NATO, and many others:

http://us.blackberry.com/ataglance/security/certifications.jsp

Blackberry - designed by untrustworthy Canadians

Actually, Blackberries have been tested & certified by the US govt, NATO, et al for many, many years:

http://us.blackberry.com/ataglance/security/certifications.jsp

Android & iphone have been certified by... nobody.

Beyond blackberry there is the sectera edge: http://www.gdc4s.com/content/detail.cfm?item=32640fd9-0213-4330-a742-55106fbaff32

Remember their devices from yesteryear? You know, the business-only, no bullshit phones that would be totally useless for Joe Consumer?

Actually, I remember their devices from yesteryear as one of the first two-way pagers. AFAIK Motorola was the only other company doing two-way paging and they didn't have the back end to allow the kind of messaging that has been the hallmark of Blackberry devices from the start.

I believe the upcoming BBX handsets are going to address the consumer market and Blackberry Balance will be used for convergence. RIM has always understood the needs of large infrastructures to exert a certain level of control and the BES allows enterprises to place as much or as little control as they wish. It's a stark contrast to the Pied Piper strategy Apple employs or the cat herding that Android (or OSS in general) tends to engender.

The linked site states "the new version will not contain the long-awaited BlackBerry Messenger (BBM) application, which would allow Playbook users to access BlackBerry email without hooking up to a BlackBerry phone." That isn't what BlackBerry Messenger does, the linked site is full of crap and has no clue what they're talking about. OS 2.0 will have email, but no BBM. Read the press release. http://blogs.blackberry.com/2011/10/blackberry-playbook-2-update/

RIMs official blog post on their website that is linked to states "bring our...email integration capabilities to the tablet category." Only BBM is being delayed with no view in sight. http://blogs.blackberry.com/2011/10/blackberry-playbook-2-update/

And they provide a link to the official blog, where it clearly states that the delay is for BlackBerry Messenger, *not* the enterprise email app. They simply don't mention anything about enterprise email there at all.

I'm not going to say that picking a good name to brand your products is not a very important thing-nor that one shouldn't invest the proper amount of resources to properly secure it and make sure it's unique in the market you're aiming for. But I really wish some of these articles weren't so slanted against RIM. I know it's all the rage these days to kick them when they are down, especially when they are in this transition period where they are moving towards a new platform and some of the issues they've had-just makes me a little sad.

http://devblog.blackberry.com/2011/10/open-source-playbook-os/?CPID=TWDDevCon

As some people on the CrackBerry forums have said, "I could care less if they called it FROG OS" because it finally looks like RIM is starting to deliver on the promises they've put forward for the new platform. It almost looks to be the most open platform available now, where it offers several different options for developers to use. With both the WebWorks API for both BlackBerry OS and the Playbook OS or the Adobe AIR/Flex/Flash API, and now finally the NDK with a very focused porting of Open Source libraries.

And the kicker? The one thing that everyone has been saying that RIM can't pull off? You can take an Android .apk and repackage it as an PlayBook .bar file all without looking at the code just need to run a couple of commands and then side load it onto a PlayBook and then use that application right now with the OS 2.0 Developers Beta.

So... maybe they are going to have issues with BBX name.. If they have to change it? So what, it's not like it matters, because they are finally giving people what they wanted. A real development environment to target for their current and upcoming devices and platforms. They didn't seem to think so: http://crackberry.com/official-staement-rim-regarding-basis-claim-bbx-trademark

Keep in mind this is all based upon QNX which has an amazing history and is used in a lot more things then people realize. I cannot wait to see what will come of this, even if they take a massive beating on the way down. We've seen giants fall and return again. It's like karma after all.

No; you need to set up a secure tunnel to a non-verizon proxy and do your browsing that way.

So, you would want this to be stronly encrypted with AES, and integrated into the phone.

Wait a minute, RIM came up with that about A DECADE AGO with their blackberry enterprise server (BES) platform. And you can get a BES for free:

http://us.blackberry.com/apps-software/business/server/express/

I continue to be dumbfounded why RIM doesn't emphasize security & privacy, and the risks consumers face with other mobile platforms.

Apparently everyone missed that RIM is already doing this: http://us.blackberry.com/apps-software/business/server/full/balance.jsp

They're taking a bit of a beating right now but I have to say, if I want to actually type quickly and accurately I won't be using my Android, I'd rather do it on a BB. I can type about twice as fast when there's a real, well designed, keyboard.

RIM has the momentum against them though. Businesses have a desire to move away from RIM, but have no options with similar security. This feature will provide similar security and be one of the last hurdles for the switch.

Apparently everyone missed that RIM is already doing this: http://us.blackberry.com/apps-software/business/server/full/balance.jsp They're taking a bit of a beating right now but I have to say, if I want to actually type quickly and accurately I won't be using my Android, I'd rather do it on a BB. I can type about twice as fast when there's a real, well designed, keyboard.

Blind hatred much? Public statements have been out since October 10th: http://uk.blackberry.com/serviceupdate/ If you work for one of those call centers, blame your management for not communicating with you, not RIM.

Personally, I'd prefer a single device that can do just about everything I'd want it to, andthe Fire approaches, but not quite attains that.

That being said, The Fire comes in at $199, and by the reviews I have read is an extremely easy device to use, and has a consumer friendly interface, similar to the Blackberry Play Book (the 16GB version of which sells for $499, somewhat more than the $199 Fire), runs on Android (even if it's heavily overlaid by Amazon's interface).

To Paraphrase Monty Burns: Release the Hackers !

It's from General Dynamics:

http://www.gdc4s.com/content/detail.cfm?item=32640fd9-0213-4330-a742-55106fbaff32

Blackberry is very good, it currently holds many certifications (but not top secret):

http://us.blackberry.com/ataglance/security/certifications.jsp

Fundamentally, there is a problem with mobile access for top secret communications - you don't know who is looking over the shoulder of the authorized user. Or if someone is pointing a gun at the head of an authorized user. These problems are reduced when you make the user come in to the office.

That's just one problem and possibly the main problem. But you also don't know for sure the person reading it is the person authorized. Looking over their shoulder isn't the only problem, as most authentication schemes can be faked.

When an individual has access to classified information it's best to monitor their every move. This is why it's best if they access it from an environment where their every move is seen. This would have to be a completely secured location.

Mobile phones create insecurity because now there is no way to guarantee the location is a secure location or that the individual is the authorized individual.

It's from General Dynamics:

http://www.gdc4s.com/content/detail.cfm?item=32640fd9-0213-4330-a742-55106fbaff32

Blackberry is very good, it currently holds many certifications (but not top secret):

http://us.blackberry.com/ataglance/security/certifications.jsp

Fundamentally, there is a problem with mobile access for top secret communications - you don't know who is looking over the shoulder of the authorized user. Or if someone is pointing a gun at the head of an authorized user. These problems are reduced when you make the user come in to the office.

I'm not going to store my financials on a phone that doesn't have an encrypted data store. These guys are making great progress towards it, but Google needs to 'send beer' and take the patches.

If only there was a mobile phone that was designed from the ground up with strong encryption, that had been tested, audited & certified.

Maybe I could call it blackberry: http://us.blackberry.com/ataglance/security/certifications.jsp

However, everyone tells me that blackberry is dying:
http://news.slashdot.org/story/11/09/18/0542230/The-Big-Problem-With-RIM

Blackberry really needs to point out the flaws with its competitors. When you have your entire digital life, with accounts & passwords for banking, social networking & communications all on one device, strong security is vital.

And is the security on any of those phones implemented such that the data can't be simply read off the flash chips

No, you cant't just read the data off the device with physical access - If you use the built in encryption.

http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB16088

Apple encryption
http://support.apple.com/kb/HT4175

At least for the iPhone, and I am almost sure it works the same way for the BlackBerry, data is encrypted using a hardware key stored on the device. Wiping the device remotely involves erasing the key.

No he's not. Any communications network operator in the UK or US will honour a lawful intercept request from the authorities.

If you're doing something illegal or even if you are being investigated for doing something illegal you should assume the police can listen to every phone call and read every single email or instant message.

In fact Blackberry specifically say

http://us.blackberry.com/legal/pdfs/BBSLA_UnitedKingdom_English_UK.pdf

You hereby authorise RIM to cooperate with: (i) law enforcement authorities in the investigation of suspected criminal violations; (ii) third parties in investigating acts in violation of this Agreement; and (iii) system administrators at Internet service providers, networks or computing facilities in order to enforce this Agreement. Such cooperation may include RIM disclosing Your or Your Authorised Users' username, IP address, or other personal information

http://docs.blackberry.com/en/admin/deliverables/7325/How_BESolution_uses_AES_to_encrypt_data_834424_11.jsp

Well documented as to exactly what the security offered is, and how it works. Not exactly "trust us" style security. Not to mention that the security has been certified independently by world governments. So, actually it's "Trust 256 bit AES by CBC at transport level, and trust all of the people who certify this."

One would hope that something for government agencies would avoid the usual security problems (like Flash issues), but that doesn't seem to be the case unless they're getting a special configuration.

http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB27365

I could go on but the point is... most of this stuff isn't even available on the RIM offering

Multiple yet separate email accounts? Check.
GPS + Mapping? Tons of options, pick the one you like best.
LocalEats? That specific app? Here you go
Barcodes & QR ? Work great. Take your pick of apps.

So ... when you say "most of this stuff" isn't available, you mean the exact opposite? Interesting.

According to this page, to create a debug token, one must first sign up for signing keys. According to this page, signing keys are without charge, but "Company" is marked as a required field in the form, which appears to imply that all developers must request keys on behalf of a company. Did RIM intend this to exclude individual hobbyists?

I'll give you an example where they are years ahead.
http://us.blackberry.com/apps-software/business/blackberry_mvs/blackberrymvs5.jsp

Now lets be clear, this is an enterprise only product. The enterprise must have:
an in house high end feature rich PBX
BES

But no one else offers the ability to integrate enterprise PBX features into employee handsets. Avaya, Mitel... have an Avaya only product that does a fraction of this work but I can't manipulate that via. BES in particular I can push the installs, and auto configure I have to have each employee individually configure which is a nightmare i.e. no advanced features. And MVS is cheaper than most PBX vendor solutions (about $15-20k flat vs. $25-100 / head) .

There is an example. I could give a few more. But I think those are the sorts of things you aren't seeing. I'm not sure how large your company is.

Blackberry phones aren't anymore secure than an Android of iPhone with the proper corporate sync apps installed.

You gotta be kidding.

The blackberry platform has been tested, audited & certified from end-to-end by many government & non-governmental agencies:

http://us.blackberry.com/ataglance/security/certifications.jsp

Iphone & android have been certified by... nobody.

Ever find it odd that no government talks about banning iphone & android? If you want real security (and not everyone is interested in security), there is only one choice.

Very nice for multinational corporations who want to protect their trade secrets and monitor employee communications and can afford a BES. Not so nice for an individual who wants a personal device that respects their security and privacy. How does a private BB user enforce server-side permissions exactly? I don't recall seeing a free BES offered with my Blackberry mobile plan.

Want a free BES? Click right here. You don't get the full suite of auditing (for example, you can't keep track of all your users' SMS), but you get all the important features. No licensing or additional costs from RIM. No additional costs from your mobile carrier aside from the basic blackberry data plan. But the BES is only used to apply application permissions to the device (and make them mandatory if desired).

Even without a BES, individual users can go to Options - Advanced Options, Applications, scroll to find the application, and Edit Permissions. You can also edit the Default Permissions.

Your arguments are irrelevant to the current discussion and obsolete since RIM made concessions to allow monitoring of communications in repressive countries.

Not really. You're asking about application security: what third-party applications can do to YOUR phone. Protection from government (benevolent or otherwise) is a different question. As seen in recent months, repressive dictatorships are more than happy to beat their citizens, jail them, or just plain shoot them. http://xkcd.com/538/

Come back and discuss this again when private citizens can realistically and securely benefit from the advantages you espouse. Until then, you're entirely missing the point.

Once again, you asked about third-party application controls, which blackberry does very well.

The "concessions" made by RIM require a long explanation since there are many services provided under the blackberry name.

1. It's a cell phone. All the existing vulnerabilities/govt controls for tapping phone calls still exist.

2. It sends SMS. All the existing vulnerabilities/govt controls still exist.

3. Blackberry messenger. BBM is encrypted, but only with 3DES. The reason BBM works with all blackberries is that by default they all share the same 3DES key, and it is well known in the security community. Even without the key, brute-forcing 3DES isn't that hard for a government. Even RIM's own documentation refers to BBM as scrambled and not encrypted. This information could be tapped by RIM and handed over to governments, but a government could easily do this without RIM's cooperation.

4. Web browsing through the mobile carrier. This is the "WAP browser" on your blackberry. All the existing vulnerabilities/govt controls still exist.

5. Web browsing through RIM. This is the "internet browser" on your blackberry. The data is encrypted with AES to/from RIM (RIM has a copy of the encryption keys), and then goes from RIM to the internet at large. This information could be tapped by RIM and handed over to governments.

6. BIS (blackberry internet service) email. This is what you use for email if you don't have a BES. The data is encrypted with AES to/from RIM (RIM has a copy of the encryption keys), and then goes to the internet at large. This information could be tapped by RIM and handed over to governments.

And now, the crown jewels:

7. Web browsing through the BES. This is the "blackberry browser" on your blackberry. The data is encrypted with AES to/from the BES. RIM does NOT have the encryption keys, and couldn't hand over the plaintext even if they wanted to.

8. BES (blackberry enterprise server) email. The data is encrypted with AES to/from the BES. RIM does NOT have the encryption keys, and couldn't hand over the plaintext even if they wanted to.

Now, here's what RIM probably did: assist governments by handing over plaintext for #3, #5, and #6.

RIM is not able to provide #7 or #8.

A free BES: http://us.blackberry.com/apps-software/business/server/express/

Apparently you missed this memo... Blackberry Enterprise Server Express is now free, but yes, still only supports Exchange and Domino. Not my cup of tea, but yeah, it is free now:

http://us.blackberry.com/apps-software/business/server/express/

You know, I hate it when I'm wrong. But..... Through the Blackberry Diagnostic Report, voila, a public IP. I also have ICMP enabled (it's the 6th line of the report), but this IP isn't pingable either. So they give us a public IP, and then push our web browsing through a proxy? I wonder how many middle-managements a day it takes to come up with some of these ideas.

    [sarcasm]Anyways, they're only sitting on a /10. It's not a big waste of resources or anything. [/sarcasm]

$whois 184.211.xxx.xxx

# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=184.211.xxx.xxx?showDetails=true&showARIN=false
#

NetRange: 184.192.0.0 - 184.255.255.255
CIDR: 184.192.0.0/10
OriginAS:
NetName: SPRINT-WIRELESS
NetHandle: NET-184-192-0-0-1
Parent: NET-184-0-0-0-0
NetType: Direct Allocation

I think we can safely assume that Blackberry is about as secure as a wet paper bag

Only BIS and only for in-flight data (data on the BB is encrypted), or no less secure than using a standard wired connection in those countries.
BES is end-to-end encrypted with keys RIM (and the local despot) don't have access to... so barring the wrench treatment there's no way to compromise your data either in-flight or at rest.

If you're really paranoid, you can always run your own BES (for free [*]).
[*] BES service plan from wireless provider required.

Look, there's nothing Blackberry can do about it and it's not their job. It's not like they would be able to fight it if USA was the same. It's the people in general who will need to deal with their governments, not some single random company that is just selling products for the market. Stop being childish and stop these immature comments. If you want, YOU go change those governments minds.

You are right that in the end, its not their job, but security and privacy has been one of their central claims for years and years. They have in the past made promises they they couldn't keep. These days are quietly backing off of these claims, you no longer see them, and are just like any other smartphone provider.

Tthey are starting to put the proper perspective on it, buried deep in their FAQ:

Is it necessary to use S/MIME or PGP to make the BlackBerry Enterprise Solution secure?

All messages sent between BlackBerry smartphones and the BlackBerry Enterprise Server are encrypted. However, once a message goes to the mail server outside the corporate firewall, it’s sent over the Internet. This is exactly what happens when you send an unencrypted message from a desktop or laptop computer.

The S/MIME and PGP solutions provide sender-to-recipient security from the moment a message leaves a BlackBerry smartphone to the moment it reaches its destination. This ensures the message can’t be read or modified anywhere along the way.

Note that even the above is not technically true once you leave your campus.

In the real world, this is the responsibility of the end-user. If Mr. Traveling Businessman doesn't know enough to use a mailer with PGP then he shouldn't be trusted with anything secret.

It's clear you are not aware of the primary reason most companies use BES. If you are interested here are some links that should be enlightening.

RIM's security encryption explained
http://us.blackberry.com/ataglance/security/features.jsp

India threatens to shut down Blackberry service because they cannot snoop on BB users.
http://www.zdnet.com/blog/igeneration/blackberry-encryption-too-secure-national-security-vs-consumer-privacy/5732

http://devblog.blackberry.com/2011/02/thanks-for-the-open-letter-to-rim-developer-relations/

Hi guys.

All complaining and whining of that guy aside, I would like to mention that people who develop Blackberry Tablet OS apps right now that get accepted into the Blackberry app world (app store) by March 15 will receive *FREE* Blackberry Playbook tablets.

Looks like dev license fees will be a little hefty after this initial "seed" period, so take advantage now and sign up now for the developer program even if you don't plan to dev in the short term just to take advantage of the free license you'll get now.

For those who don't want to gamble it all on Blackberry Tablet with your time and money, Adobe AIR is an excellent solution as AIR apps are qualified for the ongoing FREE BLACKBERRY PLAYBOOK FOR EACH ACCEPTED APP developer promo ongoing 'til March 15.

AIR runs on Windows, OSX, Linux, Android 2.2+, Blackberry Tablet OS and as Apple iOS native apps (iPhone, iPad, iPod Touch via the Adobe iOS Packager) so your app will have a lot of bases covered. AIR is pretty nice too because Actionscript 3 syntax/structure is pretty much Java now and easy to pick up, and you can also create AIR apps using the free open source Flex SDK, which is pretty much like the JDK except you output .SWF or AIR apps with it. Here's a free PDF ebook from O'Reilly on getting started with Flex.

Here's some stuff to get you started on AIR/Blackberry Tab: 1, 2, 3.

From what I've heard, for each app you make that is accepted in the Blackberry App world, you will receive 1 free Blackberry Tab via a redeemable coupon at Amazon.com and all you will have to pay for is shipping. Hey, free blackberry tablet is free blackberry tablet right? Take advantage now! Cheerios and hope to have helped! :)

Hi guys.

All complaining and whining of that guy aside, I would like to mention that people who develop Blackberry Tablet OS apps right now that get accepted into the Blackberry app world (app store) by March 15 will receive *FREE* Blackberry Playbook tablets.

Looks like dev license fees will be a little hefty after this initial "seed" period, so take advantage now and sign up now for the developer program even if you don't plan to dev in the short term just to take advantage of the free license you'll get now.

For those who don't want to gamble it all on Blackberry Tablet with your time and money, Adobe AIR is an excellent solution as AIR apps are qualified for the ongoing FREE BLACKBERRY PLAYBOOK FOR EACH ACCEPTED APP developer promo ongoing 'til March 15.

AIR runs on Windows, OSX, Linux, Android 2.2+, Blackberry Tablet OS and as Apple iOS native apps (iPhone, iPad, iPod Touch via the Adobe iOS Packager) so your app will have a lot of bases covered. AIR is pretty nice too because Actionscript 3 syntax/structure is pretty much Java now and easy to pick up, and you can also create AIR apps using the free open source Flex SDK, which is pretty much like the JDK except you output .SWF or AIR apps with it. Here's a free PDF ebook from O'Reilly on getting started with Flex.

Here's some stuff to get you started on AIR/Blackberry Tab: 1, 2, 3.

From what I've heard, for each app you make that is accepted in the Blackberry App world, you will receive 1 free Blackberry Tab via a redeemable coupon at Amazon.com and all you will have to pay for is shipping. Hey, free blackberry tablet is free blackberry tablet right? Take advantage now! Cheerios and hope to have helped! :)

Hi guys.

All complaining and whining of that guy aside, I would like to mention that people who develop Blackberry Tablet OS apps right now that get accepted into the Blackberry app world (app store) by March 15 will receive *FREE* Blackberry Playbook tablets.

Looks like dev license fees will be a little hefty after this initial "seed" period, so take advantage now and sign up now for the developer program even if you don't plan to dev in the short term just to take advantage of the free license you'll get now.

For those who don't want to gamble it all on Blackberry Tablet with your time and money, Adobe AIR is an excellent solution as AIR apps are qualified for the ongoing FREE BLACKBERRY PLAYBOOK FOR EACH ACCEPTED APP developer promo ongoing 'til March 15.

AIR runs on Windows, OSX, Linux, Android 2.2+, Blackberry Tablet OS and as Apple iOS native apps (iPhone, iPad, iPod Touch via the Adobe iOS Packager) so your app will have a lot of bases covered. AIR is pretty nice too because Actionscript 3 syntax/structure is pretty much Java now and easy to pick up, and you can also create AIR apps using the free open source Flex SDK, which is pretty much like the JDK except you output .SWF or AIR apps with it. Here's a free PDF ebook from O'Reilly on getting started with Flex.

Here's some stuff to get you started on AIR/Blackberry Tab: 1, 2, 3.

From what I've heard, for each app you make that is accepted in the Blackberry App world, you will receive 1 free Blackberry Tab via a redeemable coupon at Amazon.com and all you will have to pay for is shipping. Hey, free blackberry tablet is free blackberry tablet right? Take advantage now! Cheerios and hope to have helped! :)

BlackBerry has been tested under FIPS 140-2, CC and CAPS and has been approved for NATO RESTRICTED, UK IL3 and Canada Protected B (among others). It's all available for review here. BlackBerry also supports S/MIME and/or PGP, device and media card encryption, DoD CAC/smartcards (for two factor authentication to the device), Bluetooth encryption, AES256 encryption between the device and it's BlackBerry Enterprise Server, several options for secure remote wipe of the data (even if there is no cellular connection) and all of this can be enforced from a centrally administered server and compliance verified from there as well. Show me how iPhone or Android can even come close to not only the certifications but the security features that can be easily audited for compliance. The only other phone that beat some of this is the Sectera Edge by General Dynamics (which can encrypt voice as well) but I wouldn't call their solution COTS. I know that reads like an advertisement but BlackBerry is really the only one doing all of that (afaik anyway).

In any case BES connects to Blackberry Infrastructure (BB Router) to user's devices (Wireless phone network).

The BB's connection to the BES is encrypted.
All your traffic goes through the BES (unless you configure it otherwise).

BB Infrastructure which seems to be open to governments in some foreign countries.

Only BIS (not BES) - there's nothing RIM can do for governments wanting access to BES traffic.
more info

Cost to use BB infrastructure is unknown to me

free, as in beer (part of the service plan from your wireless provider)

from the link:
Q: Am I going to have to pay an extra fee per month to use this?

A: BlackBerry Enterprise Server Express is free to all businesses – there is no software licensing cost and no client access license fees. For you, the end user, the only cost is the internet-enabled BlackBerry service plan from your wireless service provider. (This means if you can browse the Internet from your BlackBerry smartphone today you are already on a service plan that can be used with BlackBerry Enterprise Server Express).

Read through their many certifications:

http://us.blackberry.com/ataglance/security/certifications.jsp

Forget the iPad. The Blackberry Playbook is obviously the right choice for a playbook!

I filter all my emails using the built-in email filter. This even applies to a Blackberry running off an internet service account.

Blackberry does support encryption of the device memory, contact list and media card.

Its really annoying though, I spent a week figuring out why my caller ID'ing didn't show my contact names, when they phoned.

Turns out contact list protection, won't show incoming caller names.

Their solution? Disable content protection. How... lame.

Content protection is designed to encrypt BlackBerry smartphone data. When content protection is enabled, the BlackBerry smartphone encrypts the data that is stored on the smartphone. This allows you to secure sensitive information (such as your contact information). When the contact list is content protected, features such as caller ID that use data from the contact list and Bluetooth® Address Book transfer are unable to access the encrypted data.

http://us.blackberry.com/playbook-tablet/

it's not going to protect you from professional fraudsters. 'Don't think that having an initial password set on your phone can stop people from getting in there,' says Nikki Junker, a victim advisor at the Identity Theft Resource Center. 'It's a very low level of protection -- you can even find 30-second videos on how to crack smartphone passwords on YouTube.'"

Complete BS.

Blackberries offer real security. The flash memory can be encrypted with solid AES. They can be set to wipe after a certain number of bad login attempts. They can be locked or wiped remotely. They can be set to wipe after a certain period of time off the network. There is a background process which continuously overwrites unused RAM to make sure decrypted data in memory is kept to a minimum.

And most importantly, you can enforce all of these settings from the Blackberry Enterprise Server so that you can protect idiot users from their own stupidity.

The blackberry platform has been tested, audited & certified by many security organizations. Iphone & Android have been certified by... nobody.

If you want real security, the choice is clear.

If you want real security, get yourself a real smartphone: blackberry.

http://us.blackberry.com/ataglance/security/certifications.jsp

The blackberry platform has been tested, audited & certified from end to end by the governments of United States, Canada, the United Kingdom, Austria, Australia, Turkey, New Zealand, and NATO.

Android & iphone have been certified by... nobody.

And the way to deal with fraudulent advertising is the American way: sue the bastards.

The military's security evaluations are heavily biased. Any technology the military does not want to use can be declared insecure, whether or not it is, and vice versa. One can always find a reason something is not secure.

BS. There may be some grey areas, but there are all sorts of actual, real documented standards. The blackberry platform has been audited & certified from end-to-end:

http://us.blackberry.com/ataglance/security/certifications.jsp

Blackberry has been approved by the governments of Canada, United Kingdom, Austria, Australia, New Zealand, United States, Turkey, and NATO.

Blackberry has gone through the Cryptographic Module Validation Program (CMVP) that governs the conformance testing of cryptographic modules to Federal Information Processing Standard (FIPS) 140-2, "Security Requirements for Cryptographic Modules."

The Common Criteria is an international evaluation scheme of IT security products and systems. Common Criteria evaluation results are recognized by 26 countries. Many Blackberry products have been certified for Common Criteria EAL 2+ or EAL 4+ certification.

Apple and Android have been tested, audited & certified by... nobody.

Yeah but what "market" are we talking about here? I've walked around a lot of enterprises and I haven't seen many tablets, Windows or otherwise. My understanding has always been that except for individual enthusiasts, the markets (plural) for Windows Tablets have traditionally been verticals

You're all looking at the wrong market.

Agreed, I think the usage of the term bind is excessive. Somehow MS and RIM survive without external developers working on their products language

What language does RIM use again?

Oh right, Java.

As for MS, both C# and the Common Language Runtime have published specifications, and MS's implementation is not the only one (see also: Mono Project). Granted, I don't think Mono has released a version of .NET Compact Edition.

RIM goes out of their way to discourage the whole "ZOMG MY PHONE IS FUN!!" vibe that defines the non-enterprise market

http://na.blackberry.com/devices/blackberrytorch/

Tag line.. "Act on Inspiration"
Um... I guess that enterprisey right?

Top billing: maximized multimedia - pinch & zoom, enhanced music player
for the enterprise user who needs to zoom in on his album artwork?

Second billng: 5 megapixel camera
for the enterprise user who needs to capture those precious spontaneous moments?

Third billing: Integrated social feeds (facebook leads the list)
For the enterprise user who... I give up. ... lets try the next one one

http://na.blackberry.com/eng/devices/blackberrypearl3G/
Tagline - "Carry your friends in your pocket"

Yeah... we're done here.

For what its worth I agree blackberry is still a top contender in the enterprise space and has a lot of features aimed specifically at their needs. But I think you are going too far trying to claim they "go out of their way to discourage" the whole fun side of things.

Holy crap.

That's a worse fail than their development SDK.

HTML/CSS or Flash *only*.

http://na.blackberry.com/eng/developers/tablet.jsp