Slashdot Mirror

I bet MS has a better SDK on release than RIMM though.

http://na.blackberry.com/eng/developers/tablet.jsp

App Dev *only* via HTML5/CSS or Flash.

Idealy the secure enterprise account shouldn't be able to decrypt your data at all.

Except your Exchange/Domino/GroupWise/other server already has the plaintext, why does it matter if it could also decrypt the encrypted BlackBerry version?

RIM would be able to give it to them

Why? They don't own your secure enterprise server, nor your BlackBerry smartphone.

So to make it genuinely secure you'd have to use public key crypto and let people choose their own certificate service in which case it would be as secure as the cert service and devices themselves.

I can't really see how that's any better than generating your own private key - then it's as secure as the server and devices themselves.

Simply put, if they asked for it then yes, there's nothing stopping [private key being turned over to US gov].

This presumably implies that you distrust the secure enterprise server inside your firewall, or the BlackBerry smartphone. I'm not really sure how that could be made any more trustworthy - you could have different companies manufacture the servers and the handsets, but then you'd have terrible integration and you'd actually have to trust two companies instead of one. You could put together an open-source solution, I suppose, or you could get dozens of respected organisations to perform security audits on your closed-source one.

Get an iPhone or windows mobile and get yourself a hosted exchange account in anoter country. Same deal only not centralized like rim.

Businesses can set up their own Blackberry Enterprise Server, so Blackberries can be decentralized.

Falcon

So you are saying that my private encryption key on my blackberry has been turned over to the US government?

You do know how it works do you not?
http://na.blackberry.com/eng/ataglance/security/features.jsp

Its my security key. Not Rims.

There is no technological way to give access to content between a BES and a blackberry.

To governments: It's impossible. That's why YOU feel comfortable using it.

Apparently neither do you. I'm willing to concede I might be confused, as I don't actually use this feature of the Blackberry. However a statement of "You don't know what you are talking about," without any clarification, reference, etc implies that you are either just being contrary, or are not confident enough in your knowledge to state it.

There are many services unique to RIM.

1. The most secure, requires a blackberry enterprise server (BES) to be installed at your office. The BES talks to your mailserver (exchange/notes/groupwise). The BES grabs the incoming email, strips out most of the html fluff, compresses it, encrypts it with AES, and forwards the encrypted message to RIM. RIM forwards the encrypted message to the cell phone carrier. The cell phone carrier forwards the encrypted message to the blackberry. The blackberry decrypts the message.

The way the BES solution is laid out, the encryption keys are only located on the BES, and on the blackberry. RIM does not have the keys to decrypt. The cell phone carrier does not have the keys to decrypt. The key exchange between the BES and the blackberry can be done by usb cable - hard to spoof that.

The BES platform has been tested, audited, and certified:

http://na.blackberry.com/eng/ataglance/security/certifications.jsp

2. For those of you without a BES or exchange/notes/groupwise, RIM offers Blackberry Internet Service (BIS).

With BIS, RIM connects to your pop/imap/hotmail/gmail/etc account for you, grabs the message, encrypts the message, and forwards it to the cell phone carrier. The carrier sends it to the blackberry. In this case, RIM does have the keys to decrypt, but the cell phone carrier does not.

3. And lastly, blackberry messenger. BBM is encrypted using 3DES, which is much weaker than AES. Further, the nice thing about BBM is that all blackberries have it by default. So how does BBM work? How can they all decrypt the BBM messages? Every blackberry has the same default BBM encryption key, and it is well known in the security community. In its documentation, RIM refers to BBM as "scrambled" and not encrypted.

(note that with a BES, you can replace the default BBM key with something else, but most people don't)

So, if you care about security, BES is the way to go.

Also note that you can use PGP or S/MIME for additional email encryption on top of the regular email encryption.

uh yes you do actually - several in fact:

http://www.berryreview.com/2009/02/04/phoneyfart-the-inevitable-farting-app-for-blackberry/
http://crackberry.com/best-blackberry-fart-app-yet-ibee-farting
http://www.mobihand.com/150//product.asp?id=24413
http://appworld.blackberry.com/webstore/content/3699
http://forums.crackberry.com/f35/free-fart-app-joy-154538/


and there's plenty more. Got anymore bullshit or is your talking points script all tuckered out diddums?

uh yes you do actually - several in fact:

http://www.berryreview.com/2009/02/04/phoneyfart-the-inevitable-farting-app-for-blackberry/
http://crackberry.com/best-blackberry-fart-app-yet-ibee-farting
http://www.mobihand.com/150//product.asp?id=24413
http://appworld.blackberry.com/webstore/content/3699
http://forums.crackberry.com/f35/free-fart-app-joy-154538/


and there's plenty more.

Got anymore bullshit or is your talking points script all tuckered out?

RIM is like Microsoft: not the best made stuff, but business adopted it so it's a standard of sorts.

Well, that depends what you mean by "best".

The blackberry platform is the most secure, strongly encrypted mobile email/internet platform out there.

The blackberry platform has been audited from end-to-end & certified by the governments of Canada, USA, UK, Austria, New Zealand, Australia & Turkey, along with NATO and the Fraunhofer Institute for Secure Information Technology in Germany.

Iphone has been audited by... nobody.

No other mobile email platform has the level of logging that blackberry offers, and some companies (particularly investment banks) need to track all communications with clients.

There is a reason the governments of Saudi Arabia & United Arab Emirates are thinking to ban the blackberry and not the iphone.

Not everyone is interested by or needs that kind of security. But some do need that, and no other mobile email platform comes close. Not iphone, not nokia, not android, not palm pre.

Dragon is not open source. It is not even multi-platform.

What? Their technology is on multiple platforms and trivially confirmed with google in seconds with queries like: dragon speech mac

WINDOWS: http://www.nuance.com/naturallyspeaking/products/editions/default.asp

MAC: http://www.nuance.com/naturallyspeaking/products/macintosh/for-the-mac.asp

iPhone/iPad: time-limited note recording, but impressive accuracy : http://www.dragonmobileapps.com/

Phone via calling like, as a regular phone: http://jott.com/

Also...

Blackberry: http://appworld.blackberry.com/webstore/content/8108

At least as far as YOU know.

Prove it.

Well, it's easy to prove:

1. With a blackberry enterprise server you can force all data from the blackberry to go through your server (and then don't allow outside connections). Or sniff all outgoing traffic from your server. There is a reason blackberries are chosen when a company needs to track, log & audit all communications for SOX, HIPAA or other reasons.

2. The blackberry platform from end-to-end has been tested, audited & certified by many governments and non-governmental organizations. Iphone has been tested, audited & certified by: nobody.

3. Most importantly, there are some blackberries without GPS, and the GPS in every blackberry I've used sucks really bad. Even if I have it on, even with A-GPS, half the time it can't get a position while I'm in my car.

Historically, Blackberries have had no auto-lock timer, but required being put into the case or hitting a key combination in order to lock the device.

Maximum Security Timeout

(the above link is to the BES article, but the setting exists in standalone configuration too)

Or, there is the re-bindable convenience key

So you've been annoyed enough to rant on /. but not enough to spend 10 seconds on google?
Or are you just another iPhone fanboi?

1.7.0.22 is the latest version, it was last updated on 11/18/2009. A quick Google search reveals other people complaining about the imfamous scroll issue here.

pple will get the consumer and RIM will get the business

Really? I know that iWork for iPad isn't exactly MSOffice (in some ways worse (Numbers), in some ways much better (Keynote)), but exactly what integrated word processor, spreadsheet, and presentation app suite does RIM have?

Those types of apps take serious amounts of time and money to develop.

RIM better get crackin' ,'cuz this is all they show under "Business Software"!!!

Oh, and the "business" market for the iPad hasn't been lost on Apple, either.

one day you look at your phone: hey, there's a bing icon

couple of months later: look at that, a skype icon

Actually, Verizon CAN'T push out applications to your blackberry. No carrier can.

You might recall when Etisalat (a carrier in the United Arab Emirates) wanted to install spyware on all blackberries in the country.

They had to trick users to install the software manually, because the carrier couldn't do it themselves.

What Verizon is doing is pushing out an icon, and then you can click on the icon to download & install the application. The icon isn't the application itself.

You can even block these icons from your blackberry enterprise server, it's under "browser" and "allow application download services". Set this to false.

it's vaguely unsettling, to be reminded of how raped you are in terms of privacy

You aren't, because you have a blackberry. The blackberry platform has been tested & certified by many governments & non-governmental organizations.

Iphone, android, symbian et al haven't been certified by anyone.

When the phone is collected you have the choice: either remove the battery or put the phone into a shielded bag. No special shielded bags handy? Then you have to remove power and hope the phone doesn't lock itself.

And what about passworded Blackberries configured with encryption enabled and an IT policy that says "Secure Erase if low battery / battery door opened, and secure wipe after delay ?"

The act of breaking communications can result in a self-erasure.

Standard data leak protection practice. Anything that could be used by law enforcement to isolate a mobile device, could also be used by a criminal attempting to conduct industrial espionage / gathering info from a stolen handset.

Are they secure wipes or can data still be gleaned?

I don't know about iphone, but blackberry wipes securely. The blackberry platform has been tested, audited & certified by many government & private agencies:

http://na.blackberry.com/eng/ataglance/security/certifications.jsp

The iphone has been tested, audited & certified by... nobody.

But there is one advantage to the iphone - since you can't take out the battery, it remains on the network for a longer time to receive the wipe signal.

you can't run flash on a blackberry either. why is nobody attacking RIM for being non-competitive?

Could you explain this then, please?

http://video.foxbusiness.com/v/4148785/adobe-ceo-on-creative-suite-5-and-apple
http://na.blackberry.com/eng/developers/resources/adobe.jsp
http://www.blackberrycool.com/2010/04/18/adobe-ceo-confirms-flash-10-1-on-blackberry-in-2nd-half-2010/

I'm interested in the sensors of the iPhone See where it has bullet points for * Accelerometer * Proximity sensor * Ambient light sensor Details, Apple. You do not have them.

Uh-hum. Let's compare to others:

• Nokia (after wading through Flash) N 900: the only sensor is a "CMOS sensor" under "Camera" - so either none of those the iPhone has, or even less detail.

• RIM: (again, lots of Flash) BlackBerry® Bold: "Light sensing screen", no other sensors.

• HTC (again needs Flash to access) Hero: again, no sensors mentioned.

So Apple actually has better details then Nokia, RIM and HTC, and I doubt the most smartphone or computer makers will actually fare any better. But I'm sure you will try to claim victory by pointing to some obscure maker or some info available via secret handshake.

Totally agree. This is totally exemplified by dmesg0's comment above: "By the way, I own nexus one, and with the right firmware (latest cyanogenmod with UV kernel), it's a great phone." Do you really think that Apple would ever let it's users deal with something that nerdy? It's a totally different target audience. The iPhone/iPad is about simplifying things so much that the actual hardare gets out of your way. Android is more about tinkering and spec sheets and more nerdy goods.What nerd on earth would ever stand for buying a product with no RAM numbers given? .

Many people here on Slashdot own a Blackberry, as do many others (it's still the number 1 selling smartphone.) Very few know its specs, nor are they listed on their website. Also note that the Droid (running on the 'nerdy' Android) is in 3rd place.

With several phones out that provide a better and equally secure email experience through ActiveSync withoout the need for the Blackberry server,

Secure? You gotta be kidding.

The Blackberry platform has been audited & certified by the governments of Canada, United Kingdom, Austria, Australia, New Zealand, United States and Turkey.

Also certified by NATO, FIPS 140-2, Common Criteria EAL 2+ and the Fraunhofer Institute for Secure Information Technology in Germany.

Iphone & other ActiveSync devices have been certified by: NOBODY.

corporations are starting to open up their email environments and you should expect to see RIM fade away. They had a niche, their phones are crap.

Blackberries certainly do have their quirks, but no other mobile platform offers what RIM does.

Now, not everyone needs real email security, but some of us do. Blackberries also support PGP and S/MIME for additional email paranoia.

I doubt its because of security soley. Its the BES management features that really sell it. Centralized policies, remote wipes, etc. Security is only part of that.

True.

The BB system relies on your pumping your mail to Ontario and BB's getting it from Ontario.

Not true. RIM does have NOCs around the world.

Its not a direct connection to the BES server in your enterprise. So any outtage in Ontario means an outtage for you.

Not everyone goes through the Ontario NOC, although North America does.

Not sure how good of an idea that is, especially since Android and other Activesync phones connect straight to your mail server just like any email client, and not through BB's proxies, which can be compromised.

The beauty of the Blackberry Enterprise Server platform is that it doesn't matter if RIM's infrastructure is compromised. The encryption keys are located in two places: on the blackberry, and on your Blackberry Enterprise Server, which runs on a server in your office. RIM does not have the keys to decrypt. The cell phone carrier does not have the keys to decrypt.

That is part of the reason the Blackberry Enterprise Server platform has been audited & received so many security certifications: http://na.blackberry.com/eng/ataglance/security/certifications.jsp

How many security certifications does the iphone have? Android? Nokia? I strongly suspect the answer is none.

Not everyone needs the level of security offered by Blackberry, but some of us do.

Sure they use end to end security but how feasible are MITM attacks?

Once a blackberry is activated with a Blackberry Enterprise Server, not possible. You can even set up the key exchange between the Blackberry Enterprise Server & the blackberry over a usb cable - hard to spoof that.

My BlackBerry 8900 made my bedside clock obsolete with the addition of the charging pod and my Canon Powershot and Sony camcorder with the 8900's built-in camera.

The 8900's built-in maps app is decent but I still prefer my Magellan GPS, for the moment.

Does it support IMAP/POP/SMTP natively or are you still stuck with the pile-of-crap BIS/BES services for email (or using Web interfaces or third party java apps)?

I disagree with your assessment that BES is crap, but you are correct, blackberries work only with BIS/BES service. For those who don't know, BIS is a hosted IMAP/POP/SMTP service run by RIM. BES (blackberry enterprise server) is a server that you install and connect to your email server.

The blackberry push email platform is designed to work with a hosted service, either you run it in-house with a BES, or RIM runs it for you with BIS.

That's the way it is. Data push cannot occur without support on the server end. Regular cellphone data connections won't do push data - they have to continuously poll for new messages, running up the data bill even if no messages are sent. While some people have unlimited data plans, many of us don't, so we like push data.

I won't even consider looking at this model for the rest of our small (16) corporate team unless we can use our own (postfix-based) mail servers. The fact that we have to hand over our email account usernames and passwords AND pay just so the Vodafone BIS server can pick up mail and kindly pass it on to the Blackberries (and vice versa) is simply crap, a security risk and a PITA if a user changes their password via our mail server's Web interface.

Well, you need to get a BES (blackberry enterprise server) to get full use of the blackberry platform. With a BES, you keep all your passwords and all your encryption keys. No one else has the keys & passwords, not RIM, not the cellphone carrier.

BES works with Lotus Notes, Novell Groupwise, and Microsoft Exchange. That's the way it is. If that doesn't fit into your company for whatever reason, then you get the blackberry BIS experience that you describe.

Given your small size, it may be hard to justify the cost of a BES & Notes/Groupwise/Exchange. There is BES-lite product called BPS which is much cheaper & simpler than a full BES, but still provides most features.

It's my working assumption that RIM is basically a fully integrated member of the US intelligence community,

RIM is a Canadian company, headquartered in Waterloo, Ontario, Canada.

The blackberry platform has been audited from end-to-end and certified by a number of different agencies around the world, including many that aren't UKUSA countries, like Germany, Austria & Turkey.

And you can run S/MIME & PGP on top of the native RIM AES encryption.

and the fact that highly confidential business communications from major international corporations get routed through their servers

With a Blackberry Enterprise Server, email gets routed through RIM's servers AFTER it gets encrypted by YOUR AES encryption keys. RIM does not have the AES keys to decrypt the messages.

Can you cite any example, anywhere, of successful decryption of blackberry messages in transit? Any court case, anywhere, where the authorities produced decrypted messages from RIM? Of course, that doesn't prove anything, but it's a pretty good reputation.

Notice whose phone Obama uses? And how easily it got NSA-modified?

The US president gets whatever electronic toys he wants. Running additional message encryption on top of the native blackberry encryption isn't that hard.

It also intrigues me that setting up Blackberry service on a SIM card requires special telco magic. It's not just running over ordinary Internet over cellphone data service, no.

Correct. There is a lot of work on the back-end for data push to occur. That is, when a new message comes in to your mailbox, it gets pushed to the blackberry immediately without delay.

All other mobile email services are pull services, in that the phone continuously checks for new email arrival, running up the data bill even when there is no email to send to the device. Some people have unlimited data plans, but most of us don't, so we like the push feature.

And, with the wifi available on some blackberries, you can connect directly to your Blackberry Enterprise Server over an ipsec vpn without going through RIM at all.

That's the point though. What's the point of adding Wifi to the Storm 2? Nothing will really take advantage of it.

Really? There are 2 reasons: faster & cheaper.

Here's the big one: having complete access to all the data you regularly do, with the same strength encryption, without paying ridiculously high international roaming rates. Or, if your domestic data rates are very high, avoid them entirely.

Blackberry even once made a wifi-only blackberry - there was sufficient demand from campus users. Never was that popular though, mostly because cellphone networks dropped significantly in price.

I would look at a BlackBerry Tour on VZW.

I moved to T-Mobile from VZW to get a BlackBerry 8900 and I'm very pleased with the phone (my first smartphone) and the lower prices on T-Mobile. I love the fact that I don't have to worry about charging mid-day and can go two days easy w/o charging. The phone have good Google support with BB-specific programs for syncing, Gmail, Search, GTalk, GVoice, etc.

The BB may not be shiny and flashy like a iphone but it is a solid communications device with great third-party support.

I would look at a BlackBerry Tour on VZW.

I moved to T-Mobile from VZW to get a BlackBerry 8900 and I'm very pleased with the phone (my first smartphone) and the lower prices on T-Mobile. I love the fact that I don't have to worry about charging mid-day and can go two days easy w/o charging. The phone have good Google support with BB-specific programs for syncing, Gmail, Search, GTalk, GVoice, etc.

The BB may not be shiny and flashy like a iphone but it is a solid communications device with great third-party support.

Shouldn't Palm at least be checking to see if the apps are malware?

'cause Apple's application inspection regime has worked well to prevent malware, right?

If your platform security relies on code inspection to catch malware, you're setting yourself up for epic fail.

Is that functionality malware? From post #29585841,

I was curious if this was possible on other devices. Seems like all the big ones have some API functionality to retrieve similar information:

- http://docs.blackberry.com/en/developers/deliverables/8540/Retrieve_phone_number_BB_device_565546_11.jsp Blackberry

- http://blogs.msdn.com/windowsmobile/archive/2004/11/28/271110.aspx Windows Mobile

- http://www.forum.nokia.com/infocenter/index.jsp?topic=/S60_5th_Edition_Cpp_Developers_Library/GUID-3EB7E846-A29F-4546-B04D-A90B009903EF.html [nokia.com] Symbian (while on casual inspection there appears to be no function to retrieve the phone number, you can retrieve the IMEI, and be notified on events such as phone calls, at which point you can retrieve the caller ID as well as the dialed number)

- http://developer.android.com/reference/android/telephony/TelephonyManager.html Android (requires permissions be granted to the app)

So it's malware on the iPhone, when it's a supported API on a number of other platforms, except Symbian.

OTOH, this is good for Palm - we'll soon be inundated with Norton Antivirus for WebOS, McAfee Antivirus for WebOS, etc. Just like Symbian and I believe WinMo have. After all, we can't have another Liberty virus that afflicted PalmOS devices. (This was named after the Liberty Game Boy Emulator for PalmOS).

And I suppose, good for developers of fart apps, flashlight apps, and other spam apps. Last one was particularly interesting. Helps the Pre's app numbers, though.

"In a second class, highly crippled way. There is no Sync capability. No playlist support."

I don't have any first-hand experience, but your claim is inconsistent with what Blackberry says on their web site.

No, Palm does not need Apple's USB vendor ID in order to enable iTunes media synchronization with the Pre.

BlackBerry just released their desktop software for the Mac, which syncs with iTunes.

Mark/Space produce software which syncs Windows CE devices, Palm devices (including the Pre!) and Android devices with the iTunes library.

Mark/Space and BlackBerry use the supported APIs, so they haven't had any problems with Apple disallowing their sync functionality. (Mark/Space's products have been sold for years now.) Palm are just being lazy, because they don't want to have to write and support their own sync code.

"I have to agree. There would be only one reason for Palm to need to resort to USB ID spoofing."

No, there's a second possible reason: Palm is too damn lazy/cheap to make their own interface, like RIM does for the Blackberry.

The real question is: why is Palm doing it the standard-violating way? I don't get it.

BlackBerry just released their desktop software for the Mac, which syncs with iTunes.

Mark/Space produce software which syncs Windows CE devices, Palm devices (including the Pre!) and Android devices with the iTunes library.

Mark/Space and BlackBerry use the supported APIs, so they haven't had any problems with Apple disallowing their sync functionality. (Mark/Space's products have been sold for years now.) Palm are just being lazy, because they don't want to have to write and support their own sync code.

I was curious if this was possible on other devices. Seems like all the big ones have some API functionality to retrieve similar information:

- http://docs.blackberry.com/en/developers/deliverables/8540/Retrieve_phone_number_BB_device_565546_11.jsp Blackberry

- http://blogs.msdn.com/windowsmobile/archive/2004/11/28/271110.aspx Windows Mobile

- http://www.forum.nokia.com/infocenter/index.jsp?topic=/S60_5th_Edition_Cpp_Developers_Library/GUID-3EB7E846-A29F-4546-B04D-A90B009903EF.html Symbian (while on casual inspection there appears to be no function to retrieve the phone number, you can retrieve the IMEI, and be notified on events such as phone calls, at which point you can retrieve the caller ID as well as the dialed number)

- http://developer.android.com/reference/android/telephony/TelephonyManager.html Android (requires permissions be granted to the app)

There are other ways to interface to iTunes. The only advantage to the way Palm tried to integrate with iTunes is that you don't have to load extra software alongside iTunes. The biggest problem with Palm's setup is that iTunes will happily send DRMed songs to your Pre which it can't play. I wonder how many tech support incidents Apple is getting about Pre/iTunes problems.

Blackberry has much more logical iTunes integration
http://na.blackberry.com/eng/services/media/mediasync.jsp

The Pre, Blackberry, and WinCE phones are second-class citizens when used with iTunes, but I don't think that amounts to anticompetitive behavior.

The rules are their so companies can identify their products and load drivers. Palm isn't emulating an iPhone perfectly, which creates compatibility problems for Apple. I wonder how many calls Apple has gotten complaining that their Palm-Pre doesn't play the DRMed songs they downloaded from iTunes.

Palm should have taken the route that Blackberry took. http://na.blackberry.com/eng/services/media/mediasync.jsp

People in the "secure" market have phones. The thing all phones have in common is that they can all be hacked; doesn't matter whether its an IPhone or a BB if someone wants your information, they can get it. It doesn't matter who writes the encryption, there's always someone better who will crack it.

Riiiight. Unlike the iphone and other POS phones, the blackberry has been audited from end-to-end and is certified to a number of different standards. The blackberry platform has been audited by:

NATO
Fraunhofer Institute for Secure Information Technology (Germany)
Communications Security Establishment (Canada)
Communications Electronic Security Group (United Kingdom)
Center for Secure Information Technology (Austria)
Defense Signals Directorate (Australia)
Government Communications Security Bureau (New Zealand)
National Institute of Standards and Technology (United States)
Turkish Standards Institute (Turkey)

Who audited the iphone? Nobody, because Apple can't do security.

ÜberTwitter has been doing that for awhile now, probably since the first release. I've been using it on my BlackBerry Bold for quite some time now, and it works great!

Cute username.

...

Common people where is the news here? You actually think a Blackberry, Nokia or any other phone on the market today has any kind of encryption that can't be broken into with a bit of research.

Yes.

http://www.resourcecenter.blackberry.com/resource/xHCO-BlackBerry_Enterprise_Solution_Security_version_4.pdf

I'd rather use an iPhone, but company policy is BB. Then again, the BB is encrypted. 10 bad attempts at a password and it nukes itself.

The US does not make it easy to sell encryption products, but this (slip from Apple) is pathetic. I'm generally unhappy with Apple's security standards. AFS mounts in the clear by default, and inconvenient to do securely? Come on.

Then Apple came along and blew the whole mobile device market away with the iPhone

Really? So why is the blackberry curve outselling the iphone in North America?

The iphone, sad to say, is more of the same from the cell phone market. A shiny, limited functionality device, locked down, limited control by the user and maximum control by the vendor.

By comparison, Blackberry and some others are very, very open. Lots of documentation, APIs, and you don't need permission from Big Brother Apple to sell your applications. And if I want pr0n on my phone, nobody stops me.

Oh, incidentally, Blackberries can sync with itunes. They've been doing this for a few years without a peep from Apple, so presumably it's licensed.

It's just a typo in the link, and for some reason the 404 page says "deleted" instead of just "not found". If you read the elreg comments page, you can find the corrected URL and the thread is still live:

http://supportforums.blackberry.com/rim/board/message?board.id=BlackBerryDeviceSoftware&thread.id=5632&view=by_date_ascending&page=1

The Register article stated:

No one from Etisalat, RIM, or SS8 is saying anything about the issue, despite the fact that the application appears remarkably difficult to remove. Enterprising hackers, though, have discovered it can be done, with one providing a useful utility (seventh message down) to automate the process.

It pointed to this link: http://supportforums.blackberry.com/rim/board/message?board.id=BlackBerryDeviceSoftware&thread.id=5504&view=by_date_ascending&page=2

But if you follow it you get:

The message you are trying to access has been deleted. Please update your bookmarks.

Interesting.

Doug

There isn't a podcast application strictly on the Blackberry, but you can sync the Blackberry with your iTunes and include podcasts using the Blackberry MediaSync program. You can find it here: http://na.blackberry.com/eng/services/media/mediasync.jsp

Just check here: http://na.blackberry.com/eng/developers/javaappdev/javaeclipseplug.jsp Free Plug-In for BlackBerry Java Development with Eclipse! Cheers, Cris

Anything stored on the device is possibly in the hands of an attacker, if the phone itself is able to decrypt, encryption or not. Implication is the hax0r can install software on the phone to act as the user and perform automated data dumping.

Fortunately, RIM has thought of that. With a Blackberry Enterprise Server, you can easily restrict what applications users can install. Or, you could allow them to install applications, but don't let the applications have access to the encrypted email store. Or, don't let applications make network connections to dump the data.

If nothing else, they can use radio jamming or other techniques to block the wireless signal, or take the phone to an area with poor reception (so the "wipe" command can't be sent to the device)

Fortunately, RIM has thought of that. With a Blackberry Enterprise Server, you can force the phone to check in periodically, and if it can't reach the server, wipe itself. You can force the user to enter their password periodically, not just after a period of idle time. You can require the use of RSA SecurID one-time-password tokens for additional security. RIM even has a remote smart card reader: http://na.blackberry.com/eng/ataglance/security/products/smartcardreader/

RIM isn't a bunch of fools, they do have some smart people working there. The Blackberry even has a process to clean freed memory as soon as possible, so if you try freezing the ram/flash to extract the data, you're not going to get much out of it.

I have looked at getting into bb development as well, but it is just pure hell. I have an old 8700, I can't even find out if it can run application, and I can use it as a developer platform. There is no guide on the bb website to tell anyone this, going to this shitty bb page for the 8700 reveals no useful information.

Yes, the 8700 can run applications. You need to learn how to search with google. RIM even releases free blackberry emulators so that you can test on different models. Some links for you:

http://www.blackberry.com/developers/downloads/simulators/index.shtml
http://na.blackberry.com/eng/developers/
http://www.blackberry.com/developers/downloads/
http://na.blackberry.com/eng/developers/javaappdev/javadevenv.jsp
http://today.java.net/pub/a/today/2006/01/24/introduction-to-blackberry-j2me.html
http://www.youtube.com/watch?v=AVFi39yvAr8

I have looked at getting into bb development as well, but it is just pure hell. I have an old 8700, I can't even find out if it can run application, and I can use it as a developer platform. There is no guide on the bb website to tell anyone this, going to this shitty bb page for the 8700 reveals no useful information.

Yes, the 8700 can run applications. You need to learn how to search with google. RIM even releases free blackberry emulators so that you can test on different models. Some links for you:

http://www.blackberry.com/developers/downloads/simulators/index.shtml
http://na.blackberry.com/eng/developers/
http://www.blackberry.com/developers/downloads/
http://na.blackberry.com/eng/developers/javaappdev/javadevenv.jsp
http://today.java.net/pub/a/today/2006/01/24/introduction-to-blackberry-j2me.html
http://www.youtube.com/watch?v=AVFi39yvAr8

I have looked at getting into bb development as well, but it is just pure hell. I have an old 8700, I can't even find out if it can run application, and I can use it as a developer platform. There is no guide on the bb website to tell anyone this, going to this shitty bb page for the 8700 reveals no useful information.

Yes, the 8700 can run applications. You need to learn how to search with google. RIM even releases free blackberry emulators so that you can test on different models. Some links for you:

http://www.blackberry.com/developers/downloads/simulators/index.shtml
http://na.blackberry.com/eng/developers/
http://www.blackberry.com/developers/downloads/
http://na.blackberry.com/eng/developers/javaappdev/javadevenv.jsp
http://today.java.net/pub/a/today/2006/01/24/introduction-to-blackberry-j2me.html
http://www.youtube.com/watch?v=AVFi39yvAr8

I have looked at getting into bb development as well, but it is just pure hell. I have an old 8700, I can't even find out if it can run application, and I can use it as a developer platform. There is no guide on the bb website to tell anyone this, going to this shitty bb page for the 8700 reveals no useful information.

Yes, the 8700 can run applications. You need to learn how to search with google. RIM even releases free blackberry emulators so that you can test on different models. Some links for you:

http://www.blackberry.com/developers/downloads/simulators/index.shtml
http://na.blackberry.com/eng/developers/
http://www.blackberry.com/developers/downloads/
http://na.blackberry.com/eng/developers/javaappdev/javadevenv.jsp
http://today.java.net/pub/a/today/2006/01/24/introduction-to-blackberry-j2me.html
http://www.youtube.com/watch?v=AVFi39yvAr8

BES is, IMHO, a steaming pile - java, dot.net,

Ok, BES does use many technologies. The new BES 5 even requires activeX plugins for some web-based admin tools.

32-bit only. Feh.

Ummm, not true. BES has supported 64-bit windows and 64-bit databases for quite a long time.

Recent iPhones handle active sync nicely and don't bitch about self-signed certs.

Ummm, that's called a security flaw by most competent admins. Frankly, if you can't afford $12.99/year (with coupon code) to get a godaddy signed certificate, maybe security isn't what you're looking for. Is it possible to install your own certificate authority on iphone (or is it that apple doesn't let you)? You can install your own certificates on blackberry, and even manage them all centrally on the BES. You can even use S/MIME & PGP for additional email encryption.

My clients pay $$ for BES CALs, the devices get stupid and need to be factory reset often and re-activated, costing my client more $$ for my time.

Well, then you & your clients don't know how to administer a BES & blackberries. The devices are extremely solid, and almost never need a factory wipe. Of course, most problems will be resolved by a factory wipe & reactivating, but there is almost always a far easier & faster way to resolve the issue, but it seems you don't know that.

When something goes wrong with a windows pc, do you wipe your hard disk & reinstall every time? That will resolve the issue, but there is almost always a simpler, easier & faster solution.

Reactivating a blackberry user on a BES is REALLY HARD! How hard is it? On the BES 4 series, you run the BES console, find the user, right-click on the user, and set the activation password to whatever you like. Then, on the blackberry, go to options, advanced options, enterprise activation, enter your email address, enter the activation password you just set, and click activate. Wasn't that hard?

Frankly, if your clients can't activate a blackberry by themselves, then maybe they aren't smart enough to use email.

I honestly cannot see the attraction when there are better solutions to talk to an Exchange server

Better? How many other solutions have real push email? None (windows mobile comes close with their fake push). How many other mobile email solutions have remote lock, remote unlock, remote wipe, solid AES encryption, certification by many governments and other agencies?. Can you force your users to have a password? Can you force your users to always encrypt the blackberry contents? Does your iphone overwrite freed memory so that the contents can't be read by disassembling the device? Nope.

Do you need to restrict your user from browsing the web? Do you need to centrally track SMS, email & phone calls? All this is easy on the BES.

iPhones, WinMobile or a laptop with RPC over HTTP(S) all work more simply

Ok, that's true. The BES platform is complex, but that is because it does so much.

Look, BES isn't for everyone - there is a lot of complexity & a lot to learn. You may be better off with an outsourced BES provider (there are many). Or choose the Blackberry Professional Software (BPS), which is a simpler, easier to use BES-lite.