Russian Software Company Says Its App Can Crack BlackBerry Security

← Back to Stories (view on slashdot.org)

Russian Software Company Says Its App Can Crack BlackBerry Security

Posted by timothy on Sunday October 2, 2011 @04:25AM from the put-down-that-wrench dept.

AZA43 leaps into the ranks of accepted submitters, writing "Russian security software vendor Elcomsoft has released an app that it claims can determine BlackBerry handheld passwords. The software supposedly hacks the BlackBerry password via an advanced handheld security setting that's meant to encrypt data stored on a user's memory card. And a hacker doesn't even need to have the BlackBerry to determine a password, just the media card."

78 comments

Min score:

Reason:

Sort:

In Soviet Russia... by ksd1337 · 2011-10-02 04:29 · Score: 2

...software cracks YOU!
Do Russians contribute anything useful? by Beelzebud · 2011-10-02 04:38 · Score: 2, Insightful

It seems like the only time I read about anything Russians do with computer tech, it involves botnets, stealing passwords, and ripping off peoples bank accounts. Are there any Russians that contribute something positive to the world of software?
1. Re:Do Russians contribute anything useful? by Threni · 2011-10-02 04:41 · Score: 1
  
  They provide entertaining plane/sub/ etc disasters. Oh, and putin does stuff like lying about finding ancient vases etc when he goes swimming. He's like that bearded Iranian twat. But without the beard.
2. Re:Do Russians contribute anything useful? by thht · 2011-10-02 04:43 · Score: 2, Funny
  
  Kaspersky?
3. Re:Do Russians contribute anything useful? by Anonymous Coward · 2011-10-02 04:46 · Score: 4, Funny
  
  Are there any Russians that contribute something positive to the world of software?
  Tetris alone puts them way ahead of most countries.
4. Re:Do Russians contribute anything useful? by Osgeld · 2011-10-02 04:47 · Score: 2
  
  they have pinouts for everything!
  http://pinouts.ru/
5. Re:Do Russians contribute anything useful? by ripdajacker · 2011-10-02 04:53 · Score: 3, Insightful
  
  One might view the testing and breaking of security as a valuable contribution. How else will companies like RIM learn?
6. Re:Do Russians contribute anything useful? by davester666 · 2011-10-02 05:14 · Score: 1
  
  Unfortunately, RIM has two CEOs, and it appears it takes them twice as long as everybody else to learn things.
  
  --
  Sleep your way to a whiter smile...date a dentist!
7. Re:Do Russians contribute anything useful? by roman_mir · 2011-10-02 05:28 · Score: 1
  
  I am former Soviet, Israeli, Canadian, currently in Europe building and selling/deploying software systems that analyze and integrate retail operations within store chain (integrate stores into a chain) and between stores and suppliers/manufacturers. It's hard business to compete with Oracle, SAP, MS in this field as well as with a number of smaller providers, including Russian 1C (1S), which is supported by Russian government, even their owner is a 'comptroller general' for a very large part of Russian Federation. OTOH I don't have Russian citizenship, so :) maybe not precisely what you are asking.
  
  --
  You can't handle the truth.
8. Re:Do Russians contribute anything useful? by fuzzyfuzzyfungus · 2011-10-02 05:37 · Score: 4, Funny
  
  I'm told that they are currently hunting for a third, because they think that a Mismanage à trois would be totally hot...
9. Re:Do Russians contribute anything useful? by Anonymous Coward · 2011-10-02 05:39 · Score: 1
  
  Have you seen that picture of him riding the shark though? A guy who could harness a wild shark and ride it around the sea, is probably badass enough to happen upon an ancient vase. Even more likely to do so because he would be traveling at shark speed through the water, rather than human speed.
10. Re:Do Russians contribute anything useful? by Reservoir+Penguin · 2011-10-02 05:41 · Score: 2
  
  Parallels.
  
  --
  US-UK-Israel: The real Axis of Evil
11. Re:Do Russians contribute anything useful? by X.25 · 2011-10-02 05:41 · Score: 1
  
  It seems like the only time I read about anything Russians do with computer tech, it involves botnets, stealing passwords, and ripping off peoples bank accounts. Are there any Russians that contribute something positive to the world of software?
  No, of course not, you stupid retard. All Russians are criminals, right?
  How are you not ashamed of publicly admitting that you don't read anything is beyond me, though.
12. Re:Do Russians contribute anything useful? by Anonymous Coward · 2011-10-02 05:44 · Score: 0
  
  The Russians don't contribute much to anything. Its a bunch of criminal thugs.
13. Re:Do Russians contribute anything useful? by melted · 2011-10-02 05:59 · Score: 1
  
  They do. There are a lot of Russian programmers working here in the US contributing quite heavily and positively to "the world of software". It's just that good news aren't as exciting.
  Engineer is really a third rate profession in an oil and gas rich country like Russia. Everyone wants to be a boss of some kind and to sit just a wee bit closer to the pipe. A few companies that manage to pull together good talent generally either work for the local market (because US is impossible to get into if you're not a US company), or offer outsourcing, or just keep low profile. Kaspersky writes antiviruses, but it was almost a decade before he figured out a viable strategy to enter the US market. Yandex works on the local market. Google, Cisco and Intel have dev offices there. I suspect many other large multinationals do, too.
14. Re:Do Russians contribute anything useful? by TheRaven64 · 2011-10-02 06:08 · Score: 2, Informative
  
  How did this borderline racist shit get modded up? Two of the biggest open source projects that I work on (LLVM and FreeBSD) have a lot of Russian contributors. You are almost certainly using code (at least partially) written by Russians on a daily basis.
  
  --
  I am TheRaven on Soylent News
15. Re:Do Russians contribute anything useful? by Anonymous Coward · 2011-10-02 06:40 · Score: 0
  
  It seems like the only time I read about anything Russians do with computer tech, it involves botnets, stealing passwords, and ripping off peoples bank accounts. Are there any Russians that contribute something positive to the world of software?
  Kaspersky A/V.
16. Re:Do Russians contribute anything useful? by Anonymous Coward · 2011-10-02 07:25 · Score: 0
  
  nginx.
17. Re:Do Russians contribute anything useful? by fatphil · 2011-10-02 07:29 · Score: 2
  
  Plenty working on Linux are from Russia too. The input layer subsystem is Dmitry Torokhov's ward, for example, and Artem Bityutskiy gave us UBI(FS). Not to mention a great number of footsoldiers contributing a whole host of drivers, features, fixes, etc. I've worked alongside a great many Russians, and they were highly skilled and rigorous engineers.
  
  --
  Also FatPhil on SoylentNews, id 863
18. Re:Do Russians contribute anything useful? by tokul · 2011-10-02 07:33 · Score: 1
  
  Are there any Russians that contribute something positive to the world of software?
  
  rarlabs, akella, http://l10n.gnome.org/languages/ru/
19. Re:Do Russians contribute anything useful? by Hentes · 2011-10-02 08:26 · Score: 2
  
  If they disclose the vulnerability instead of just exploiting it than it's useful. Also, Russians are very good at IT in general, you just only hear about the hackers as they are the ones to make the news.
20. Re:Do Russians contribute anything useful? by Anonymous Coward · 2011-10-02 08:35 · Score: 0
  
  www.kaspersky.com
  That is, if you agree that's a contribution. Some don't :).
21. Re:Do Russians contribute anything useful? by Anonymous Coward · 2011-10-02 09:22 · Score: 0
  
  Yes, he generalized, but --You-- haven't listed anything to support that their primary export, besides oil, is -not- cyber crime; you only implied an unsupported position. Your screechy little comment sounds like you write sound bites for PETA in your spare time. You spoke out, so give us the benefit of your wisdom- You imply that you have read something... Why don't you make a solid list of the positive, well-known contributions Russians / Eastern Europeans have made to the cyber world. I'm not talking about IrfanView, or a bunch of Russian code slaves working in a basement in New York either. Come on, Sparky, tell us some of the ground-moving, positive contributions they've made- Give me an operating system, a browser, hell- just give me a decent word processor. How about something like drop box? Paypal? iTunes? a worthwhile cloud-based app? any good games? Yeah, Russians are really out there swinging for the fences, pal... enthusiasm for the art of computer science and ethics are just rampant in the Russian cyber community. Their entire fucking economy is run like a Chicago gangland from the 1920's, why should their cyber domain be any different?
22. Re:Do Russians contribute anything useful? by gtall · 2011-10-02 11:48 · Score: 2
  
  Racist? Errrm...okay, I give up, how does casting aspersions on Russians constitute racism?
  The GP though should give the Russians a break. First the Tsars, then Stalin, and now Putin. Russkies do have a knack for finding the least capable people to run the country. Having a government which is the moral equivalent of La Cosa Nostra isn't a recipe for success. The Russkies should be hailed for still trying to succeed in spite of their leaders.
23. Re:Do Russians contribute anything useful? by Anonymous Coward · 2011-10-02 13:02 · Score: 0
  
  It seems like the only time I read about anything Russians do with computer tech, it involves botnets, stealing passwords, and ripping off peoples bank accounts. Are there any Russians that contribute something positive to the world of software?
  http://en.wikipedia.org/wiki/List_of_Russian_people#IT_developers
  A Russian invented Google, and you can't even use it.
  -Yuri
24. Re:Do Russians contribute anything useful? by Anonymous Coward · 2011-10-02 14:39 · Score: 0
  
  While here in America, the cream of our finest business and engineering schools jointly crafted the subprime mortgage derivatives boom that produced billions USD in profits for themselves, and trillions in public debt and a worldwide recession that should last, oh, another eight years or so, for everyone else.
25. Re:Do Russians contribute anything useful? by Unequivocal · 2011-10-02 15:18 · Score: 1
  
  Yeah good points. I'll add Nginx to the list. Jeez - that webserver software has been killing it in terms of capabilities (and market growth) for about 4 years. All thanks to a solid Russian OSS developer named Igor Sysoev.
  And if you want to dig a little deeper, the GiST index system for Postgres which enables GIS, spherical projections (for astronomy) and all kinds of other amazing solutions in Postgres - thanks to two great (and amazingly smart) guys also in Russia. http://www.sai.msu.su/~megera/postgres/gist/ (note the ".su" badass domain still). :)
26. Re:Do Russians contribute anything useful? by hutsell · 2011-10-02 18:22 · Score: 1
  
  Isaac Asimov's Three Laws of Robotics. Initially, I found the simplistic algorithm to be strangely fascinating; in hindsight,
  I realized the exposure was my first experience with the idea of programming--something I still find strangely fascinating.
  
  From: ...Are there any Russians that contribute something positive to the world of software?
  --
  "God, please stop me before I code again."
  
  --
  Yesterday's Weirdness is Tomorrow's Reason Why
27. Re:Do Russians contribute anything useful? by Anonymous Coward · 2011-10-02 19:41 · Score: 0
  
  I suppose it could be worse. Imagine running code written by chinky's!
28. Re:Do Russians contribute anything useful? by Eponymous+Hero · 2011-10-03 04:29 · Score: 1
  
  they trade us awesome hockey players. lawyered
  
  --
  insensitive clod overlords obligatory xkcd car analogy russian reversals whoosh pedant fanbois ftfy in 3...2...1..PROFIT
29. Re:Do Russians contribute anything useful? by Anonymous Coward · 2011-10-03 17:30 · Score: 0
  
  Not sure why password cracking software is not positively good? Have you tried it? Does it work reliably?
30. Re:Do Russians contribute anything useful? by Anonymous Coward · 2011-10-03 17:38 · Score: 0
  
  Well, I work at Microsoft and here in Redmond 2/3 of all developers appear to be Indian, Russian or Jewish by country of origin. Facebook and Google even more so. Feels like US. suddenly stopped producing good developers, or maybe all smart ones decided to turn into lawyers and patent trolls? Look at LinkedIn - many studied in Moscow Univ or one place they call "Novosibirsk" - that is where one of their strongest tech schools are I guess.
31. Re:Do Russians contribute anything useful? by Anonymous Coward · 2011-10-04 06:57 · Score: 0
  
  identifying vulnerabilities in code is a valuable skill and I applaud these researches for releasing this to the general public. So as far as I am concerned this is something positive.
Not reliable... by hawkbat05 · 2011-10-02 04:39 · Score: 5, Interesting

If you actually read this one you'll realize it's useless if the card isn't encrypted (ironically) or the user chose one of the other 3 options. Plus this option is designed to be less secure so you can put the card in another device and decrypt it with just a password. I also wonder what character set is included in their claim of cracking a 7 character password in just hours. http://xkcd.com/936/
1. Re:Not reliable... by Anonymous Coward · 2011-10-02 06:09 · Score: 0
  
  That's the first xkcd I've seen that has is a genuine disappointment.
2. Re:Not reliable... by runningduck · 2011-10-02 06:22 · Score: 0
  
  The real question, however, is will any such attack against Blackberries be successful before RIM is out of business? Hmmm, come to think of it this is sort of like TKIP but on a macro level.
  
  --
  -rd
3. Re:Not reliable... by Anonymous Coward · 2011-10-02 07:33 · Score: 1
  
  I don't think so. The Troubador password may have 5,748,511,570,879,116,626,495 possible requirements if brute forced, but it does not require pure brute forcing. A modified dictionary attack would quickly crack a one word password like that because people use certain patterns. For example, the capital letter usually only appears at the first position and numbers and symbols are appended to the end of the word. Additionally, "troubador" is likely to appear on some expanded word lists (in fact the comic seems to think it would appear on a list of 65,536 words on it). Put that all together, John the Ripper would likely get that fairly quick using some of their more basic rules.
  Conversely, the four words example appears to assume they would appear on a list shorter list of 2,048 possible words (to reduce uncertainty to 1 and guarantee a hit). Then, then you get 2048^4 (possible selections^number of selections) or 17,592,186,044,416 possible permutations to get the right words in the right order through brute forcing.
4. Re:Not reliable... by Anonymous Coward · 2011-10-02 13:27 · Score: 0
  
  AC reply to AC is correct, the 4 word seems easier to crack if you don't know how john the ripper works, but is less likely to get cracked in a short amount of time.
5. Re:Not reliable... by Ja'Achan · 2011-10-02 18:49 · Score: 1
  
  That's assuming the average person will have 2048 words to choose from, rather than, say, 64.
6. Re:Not reliable... by Anonymous Coward · 2011-10-03 10:34 · Score: 0
  
  Where do you get 64 from? The last thing I wrote was barely one page and according to uniq (after being converted to a document with new lines instead of spaces and sorted) has over 400 unique word in it. That does not even consider the fact that if I were to use the many word password, that I would have the whole English language to choose from. People use more words then they think they do.
7. Re:Not reliable... by fatphil · 2011-10-03 12:07 · Score: 1
  
  And that he won't lock himself out by repeatedly trying "pony right cell staple", or similar.
  
  --
  Also FatPhil on SoylentNews, id 863
I wonder how they managed that... by fuzzyfuzzyfungus · 2011-10-02 04:39 · Score: 0

Why would the password be stored, in any form recoverable by means that aren't computationally intractable brute forcing, anywhere in the device or storage expansion cards?

Isn't this the sort of thing that hashing is supposed to solve?
1. Re:I wonder how they managed that... by hawkbat05 · 2011-10-02 04:41 · Score: 2
  
  They're brute forcing it
2. Re:I wonder how they managed that... by Anonymous Coward · 2011-10-02 04:48 · Score: 0
  
  Isn't this the sort of thing that hashing is supposed to solve?
  Yeah! Hash that data! ... ... ... ... ... Um... ... ... how do I get it back now? ... ...
3. Re:I wonder how they managed that... by Sqr(twg) · 2011-10-02 04:53 · Score: 3, Informative
  
  The password is not stored in any form, of course. But if there's encrypted data on the card, and that data can be decrypted using only the password, then you can just try every possible password until you find one that doesn't result in gibberish. This is called a known-plaintext attack.
Re:someone cracks blackberry security by PsychoSlashDot · 2011-10-02 04:43 · Score: 5, Informative

news at 11...big freaking deal...
You act like this is either unimportant or not news. I'm not sure which.
Fact is while there's a lot of FUD floating around regarding things like RIM "caving in" and dropping BIS servers in questionable countries, there haven't actually been very many actual real-life exploits for the phones or their communications. Blackberry phone remains the only ones on the market that encrypt all data traffic by default and that encryption can't be disabled. If you're on BIS or if you're on BES, your unencrypted web traffic, e-mail traffic (even POP3) is encrypted at the device. That's still worlds ahead of the other devices.
There's reports that one exploit exists that can decrypt Password Keeper data from a phone backup on a PC. There's this report that discusses recovery of phone unlock passwords. There's the widely discussed and misunderstood reports about RIM dropping BIS MDS servers in unfriendly countries and what that allows (hint: it has zero to do with Blackberries not in those countries).
RIM's stuff is by and large still very, very secure by any comparison and their phones are unique in that regard. So the way I see it, this is both news (being a genuine security hack) and relevant (these phones being the best on the market).
So stuff your ignorant sarcasm.

--
"Oh no... he found the .sig setting."
Puzzling by amightywind · 2011-10-02 04:50 · Score: 1

Russians are good at cracking software. It is a puzzle that they are so bad at creating it.

--
an ill wind that blows no good
Mod parent up. by RulerOf · 2011-10-02 05:02 · Score: 1

Kaspersky?
Talk about getting pwned.

--
Boot Windows, Linux, and ESX over the network for free.
Why does this matter? by Anonymous Coward · 2011-10-02 05:05 · Score: 0, Funny

RIM will not even exists within a year or so. I'ts only a matter of time before they get completely slaughtered and file for bankrupcy etc..
1. Re:Why does this matter? by jkflying · 2011-10-02 05:40 · Score: 2
  
  Dunno. Here in South Africa, everybody has a BB. In an average week I probably see 3 people posting their new BBM number on facebook. Just because the US all went iPhone doesn't mean the rest of the world particularly agrees.
  
  --
  Help I am stuck in a signature factory!
Re:someone cracks blackberry security by wiedzmin · 2011-10-02 05:33 · Score: 1

Very well said. Though, I really hope this gets addressed, because I don't feel comfortable with having to make a choice between potentially exposing my device password or contents of my SD card..

--
Bow before me, for I am root.
Re:someone cracks blackberry security by MindPrison · 2011-10-02 05:34 · Score: 0

quote you:
So stuff your ignorant sarcasm.
quote end...
Yep...stuff me, that will solve all issues right there.
unlike you, I actually know something about it, but then again, would you even care?
You write...RIM's stuff is by and large, very secure...etc... yep.. you do live in a cubicle of security beliefs don't you? Do I really care? Nope...not really..just trying to inform the likes of ya. Take the information any way you like it. I get my burger edgeways.

--
What this world is coming to - is for you and me to decide.
In other news by G3ckoG33k · 2011-10-02 05:38 · Score: 4, Funny

In other news "Other Russians Say They Cracked BlackBerry Years Ago" but kept mum about, for "financial and business reasons". ;)
Same key? by russotto · 2011-10-02 05:47 · Score: 1, Interesting

Pure speculation here:
Since this only works with media encryption enabled, I'm guessing this is an alternative cipher attack. They can't directly obtain the Blackberry device password, but they can break the media encryption (perhaps because it is a much weaker cipher). The media encryption key is likely the same as or derived from the device password, allowing an expedited attack on that.
Moral of the story: If you derive a key for a weak cipher from a key used for a strong one, make sure you use an irreversible function to do so.
1. Re:Same key? by Anonymous Coward · 2011-10-02 14:43 · Score: 0
  
  Moral of the story: If you derive a key for a weak cipher from a key used for a strong one, make sure you use an irreversible function to do so.
  Excellent observation, I used to charge for that....
Re:someone cracks blackberry security by PsychoSlashDot · 2011-10-02 06:04 · Score: 1

would you even care?
Yes.

just trying to inform the likes of ya.
Inform away. So far you've got zero information content in either of your posts. Mine summarizes the known exploits and security topics. Yours don't. Feel free to drop the newsburger edgestuff at 11 nonsense and communicate with us. Drop down to the lesser language of English and educate me.

--
"Oh no... he found the .sig setting."
Tetris by Anonymous Coward · 2011-10-02 06:22 · Score: 0

Not sure about "useful", but Tetris sprints to mind as something positive
Re:someone cracks blackberry security by Anonymous Coward · 2011-10-02 06:26 · Score: 0

There is a lot of hype here, so be sure to read the full article. It only works for users who have encrypted the media card with device password only, and they only discuss the time to hack a single case 7 character password. If you use one of the encryptions options that includes the device key, then the attacker is stuck trying to crack AES.
Re:someone cracks blackberry security by ColdWetDog · 2011-10-02 06:27 · Score: 1

Pics. Or it didn't happen.
Slapping your epenis around with ol Psycho isn't terribly entertaining. You know something? Tell us.

--
Faster! Faster! Faster would be better!
Re:someone cracks blackberry security by Bert64 · 2011-10-02 07:00 · Score: 3, Interesting

RIM stuff is largely security by obscurity at this point however, very few people have seemingly tried to pull their stuff apart, and the few that have didn't find good things, see the pwn2own contest from this year for one such example.
Android, iphone and even windows mobile devices are much easier to target because they are largely based on existing systems which are well understood... RIM are using a totally obscure black box that requires significant investment of time to reverse engineer. This doesn't mean it's secure, it just means that hackers will need to spend more time to find holes in it. On the other hand, it means that whitehats will also require more time to reverse engineer the system, whereas its highly possible that blackhats have already stolen the sourcecode.
Most devices provide the option to run a VPN between the handset and a server under your control, only RIM require that there be a server under their control sitting in between.
Most devices (RIM included) can also boot up and start talking to the network without requiring any user input, therefore the keys used for this encryption must be stored on the device somewhere, just waiting for someone appropriately skilled and motivated to work out how to extract them...

--
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Sergey Brin? by circletimessquare · 2011-10-02 07:12 · Score: 2

http://en.wikipedia.org/wiki/Sergey_Brin

--
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
1. Re:Sergey Brin? by Pseudonym+Authority · 2011-10-02 09:25 · Score: 1
  
  Yeah, but what has he done for me lately?
I wonder what would happen by circletimessquare · 2011-10-02 07:14 · Score: 1

if Putin crossed paths with Chuck Norris

--
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
1. Re:I wonder what would happen by Anonymous Coward · 2011-10-03 11:00 · Score: 0
  
  Maybe you could make a movie about Russian zombies. That would be great.
I know they have (in programming) by Anonymous Coward · 2011-10-02 09:03 · Score: 0

Many times over the past 2 decades. E.G.-> I was an avid Borland Delphi dev. circa 1995-2002, & a good % of those that contributed VCL were Russian coders.
(VCL prebuilt objects/libs, albeit, with added or better functionality than std. ones Borland gave you)
I'm SURE that the same goes for C/C++ over time & probably Assembly work before that, etc./et al...
* Then again, I am inclined to go with you on some grounds, online security ones, because I have been populating a custom HOSTS file vs. malware infested sites, botnet C&C servers, known bogus hosts-domain names, & adbanners too, & where do a LARGE %-age of them come out of? You guessed it: The U.S.S.R./Soviet Union/Russia...

"Are there any Russians that contribute something positive to the world of software?" - by Beelzebud (1361137) on Sunday October 02, @12:38PM (#37583738)
Per what I wrote above, you have a SMALL fraction of a possible answer...
(It's the same anywhere though - you've got your "normal folks" & you've got your "criminal elements" too...)
APK
P.S.=> As to what I opened with - Pretty much any custom VCL site can show folks this, & once there? Take a peek around @ the VCL authors' names: You'll see what I mean...
Then also, you've got the guys in the FREEWARE 64 bit world who did UltraDefrag64:
http://it.slashdot.org/comments.pl?sid=2435272&cid=37443252
(Which is 1 of INFOWORLD's "top picks" recently for good freeware)
They're russians too.
Honestly - I'm not even BEGINNING to scratch the surface here either, not really!
Face it - Every culture has "good" & "bad" folks (some are bad due to bad decisions forcing their hands too I'd imagine as well, so, i.e.-> They're not really "evil", just more desperate)...
... apk
An application of... "ReVeRsE-PsYcHoLoGy" by Anonymous Coward · 2011-10-02 10:36 · Score: 0

"nigger" - by Anonymous Coward ANOTHER "ne'er-do-well" /. OFF-TOPIC TROLL on Sunday October 02, @05:43PM (#37585392)
"???"
Uhm... Could we get a translation of that off-topic "troll-speak/trolllanguage" of yours, please?
---
* And, you're an off-topic troll - no questions asked...SEE MY SUBJECT LINE ABOVE!
APK
P.S.=> Yes, it must have just have been another off-topic done nothing of significance with his life troll spewing his off-topic b.s. again & not contributing to the ongoing conversations. Oh well - No biggie!
("ReVeRsE-PsYcHoLoGy", for trolls - Courtesy of this code by "yours truly" in less than 1 second flat):
---
#TrollTalkComReversePsychologyKiller.py (Ver #2 by APK)
def reverse(s):
try:
trollstring = ""
for apksays in s:
trollstring = apksays + trollstring
except:
print("error/abend in reverse function")
return trollstring
s = ""
print reverse(s)
try:
s = "Insert whatever 'trollspeak/trolllanguage' gibberish occurs here..."
s = reverse(s)
print(s)
except Exception as e:
print(e)
---
... apk
Translation from trollspeak by Anonymous Coward · 2011-10-02 10:44 · Score: 0

"reggin" - by Anonymous Coward ANOTHER "ne'er-do-well" /. OFF-TOPIC TROLL on by Anonymous Coward on Sunday October 02, @05:43PM (#37585392)
"???"
Uhm... Could we get a translation of that off-topic "troll-speak/trolllanguage" of yours, please?
* And, you're an off-topic troll - no questions asked...SEE MY SUBJECT LINE ABOVE!
APK
P.S.=> Yes, it must have just have been another off-topic done nothing of significance with his life troll spewing his off-topic b.s. again & not contributing to the ongoing conversations. Oh well - No biggie!
("ReVeRsE-PsYcHoLoGy", for trolls - Courtesy of this code by "yours truly" in less than 1 second flat):
---
#TrollTalkComReversePsychologyKiller.py (Ver #2 by APK)
def reverse(s):
try:
trollstring = ""
for apksays in s:
trollstring = apksays + trollstring
except:
print("error/abend in reverse function")
return trollstring
s = ""
print reverse(s)
try:
s = "Insert whatever 'trollspeak/trolllanguage' gibberish occurs here..."
s = reverse(s)
print(s)
except Exception as e:
print(e)
---
... apk
Blast to the past: Dmitry Skylarov by Anonymous Coward · 2011-10-02 14:03 · Score: 0

This is the same company that employed Dmitry Skylarov, one of the first people to be arrested under the DMCA for breaking the encryption on Adobe's eBook format.
http://en.wikipedia.org/wiki/Dmitry_Sklyarov
Blast to the past: Dmitry Skylarov by metallic · 2011-10-02 14:06 · Score: 4, Informative

Let's try not posting this as an Anonymous Coward by mistake.
This is the same company that employed Dmitry Skylarov, one of the first people to be arrested under the DMCA for breaking the encryption on Adobe's eBook format.
http://en.wikipedia.org/wiki/Dmitry_Sklyarov

--
Karma: Positive. Mostly effected by cowbell.
Re:someone cracks blackberry security by Fnord666 · 2011-10-02 14:11 · Score: 1

RIM's stuff is by and large still very, very secure by any comparison and their phones are unique in that regard. So the way I see it, this is both news (being a genuine security hack) and relevant (these phones being the best on the market).
This seems to be misunderstood as either a crack or a break in the security of the BB. It is neither. Elcomsoft is using a crib that they have found to attempt dictionary and/or brute force attacks, nothing more. See this blog post for the specific details about the file they are using. Unless there is something else that they haven't mentioned, this is a garden variety known plaintext attack.

--
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
Do Americans contribute anything useful? by Anonymous Coward · 2011-10-02 15:10 · Score: 0

It seems like the only time I read about anything an American wrote, it involves ignorance, bad generalizations, and a us versus them mentality. Are there any Americans that contribute something positive to the world?
Notthing to see here... by Prune · 2011-10-02 15:42 · Score: 2

This is simply brute-forcing the password, relying on a short user password. It is only viable if the user has set up the phone security options in a weak way: selected to encrypt media card with user password only, rather than user password plus device key. So really there is nothing surprising in this attack. If you want good security on a Blackberry, it's a matter of setting it up in the options.

--
"Politicians and diapers must be changed often, and for the same reason."
Bad description of known-plaintext in parent post by Anonymous Coward · 2011-10-02 23:33 · Score: 0

If you understand what a known-plaintext attack is you have explained it very badly. It may well be that a known plaintext attack is possible because you expect certain files or file structure to be in place but known plaintext means that you know specific parts of the plaintext not just that you are looking for anything that isn't gibberish.
Posted anonymously so that I can mod you down.
Re:someone cracks blackberry security by Eponymous+Hero · 2011-10-03 04:28 · Score: 1

fuck rule 10, i'm more interested in rule 34. where's the porn of these security vulnerabilities?

--
insensitive clod overlords obligatory xkcd car analogy russian reversals whoosh pedant fanbois ftfy in 3...2...1..PROFIT