![]() |
Re: BIS - No Better Security than Web Based Mail
Quote:
|
Re: BIS - No Better Security than Web Based Mail
Quote:
Quote:
Quote:
Quote:
|
Re: BIS - No Better Security than Web Based Mail
Thanks for the explanation.
Noting that PGP is not supporting Outlook 2010, is there an alternative to PGP? for outlook? and for Blackberry? |
Re: BIS - No Better Security than Web Based Mail
Basically there is SMIME and PGP - PGP is the easiest but they only recently came to the table with Outlook 2007 SP2 so I don’t see them releasing 2010 capability soon. I have called/written and they have no idea when – they didn’t even say they were testing it. When they can give NO time frame it’s not a good sign.
Outlook supports SMIME natively you just have to get a certificate…. but so does the other person. Which isn’t bad if you are only dealing with a few people you want to do this with. VeriSign is the number 1 company for certificates, it’s 19.99 a year. Comodo is the number 2 company and they do it for free... but there are many companies that do this. I can send/recieve encrypted SMIME from Outlook now to the people I have set up certificates for - but I cannot get the cert installed on the Blackberry. It may be you have to have BES for that to work on a Blackberry, which I don't have. Sandy |
Re: BIS - No Better Security than Web Based Mail
I was searching the net for this very issue because I was not sure. Not because I didn't care but, RIM is often referred as "most secure" but I know now that applies more for BES. My job doesn't subscribe to BES, but I still want security now what?
What does a regular person do? Purchase a whole list of other products, lotus, exchange, CALs and BES if they want to secure their personal email accounts? Uh, it doesn't work like that What would a small business do? I doubt all small businesses can afford BES but I am sure they all would want it I think this was a very good post to share. To assume someone does not care just because they may lack the knowledge to inquire about it, is the reason society is messed up! If it is common knowledge then this post should be a sticky, right....because everything that is all over the net is ALWAYS asked over and over again I think it is better to say consumers are unaware about Internet security,SSL, ports, wifi, hot spots, routers etc.. Most people don't know these things!! Some opt to never use a PC, smartphone because they assume it is all unsafe... well these types of post HELP, you've cleared the air! Realistically if given the option, both services freely available, Who would really choose to have no SSL? No security? I think that is what the original poster was trying to express and I appreciate it!! Still love BB though, better than them others! <IMO> |
Re: BIS - No Better Security than Web Based Mail
I just wish RIM would change this... making Gmail/Yahoo/Hotmail through the BIS as secure as it is through Apple, Droid and WP7's email clients, where you get SSL (or encryption) from device to server. They told me they do not plan on doing so... sad.
I tried AstraSync and NotifySync - to get the SSL for the Blackberry, but they both sucked compared to Blackberry's native email client. They are also quite hard on the battery life. I have now set up hosted exchange, because Blackbrerry is a very good device with a very good OS and in order to keep it... BES was the only way. My other smartphones will carry the Yahoo/Hotmail accounts. Sandy |
Re: BIS - No Better Security than Web Based Mail
2 Attachment(s)
Just to add... when I put the hosted exchange account through all my devices, once again the Blackberry was the only device to show me NOTHING. So really, I have no idea what they do. I am not able to "see anything" in regard to the settings like I was for Outlook or my WP7 and my Nokia N900, I would assume it's "all good"... but I don't' know for sure.
I have attached 2 print screens of the screens you see in Outlook where you can select SSL, etc. On both WP7 and N900 I was able to select SSL (actually see it.) I was surprised that again, I was able to determine nothing on the Blackberry. I am going to call RIM on Monday... Sandy |
Re: BIS - No Better Security than Web Based Mail
Since I am now on the xxx8220;BESxxx8221; plan itxxx8217;s $250 dollars to ask RIM a question. Only for personal BIS accounts is the fee $49. So the person who answered the phone put me on hold and tried to find out what he could. In the end he didnxxx8217;t have an answer, he just kept repeating, xxx8220;the BES has encryptionxxx8221; which I already knew. I know itxxx8217;s up to the device (more specifically the user of the device) to select the use of SSL, I selected it personally for everything I have put the hosted exchange account through so far. I hope BB, when prompted for that question, answered it the way I wanted them to.
To get the BES cost me $15 more monthly from AT&T and about $5 more as an add-on for hosted exchange ($20. Monthly) If you have a household of Blackberryxxx8217;s this could add up quick. To put hosted exchange through my other smartphones cost me - nothing. Add to this the ability to now use Hotmail and Google as exchange accounts through some of these other smartphones giving the consumer a full sync for contacts/calendar and push email xxx8211; all with a protected SSL connection. RIM will have to think about this, itxxx8217;s hard to compete with xxx8220;free.xxx8221; Why should I have to pay and use the BES just to get basic SSL and contact/calendar sync??? Which is all I am really after, I donxxx8217;t need some xxx8220;governmentxxx8221; level lock down that the BES provides. But if you like BB that is what you will have to doxxx8230; and I will do it because I am a fan, I have an established relationship with BB xxx8211; that is why I am willing to pay that. If RIM wants new users, they are going to have to do something to change this. |
Re: BIS - No Better Security than Web Based Mail
The point that has been mentioned (but not really hashed out here) is that SMTP isn't secure anyways.
You can encrypt the living hell out of your connection between the handheld and the provider. Be it Yahoo, Microsoft, Google.... Whomever. But the instant that mail message leaves their server for its destination... It is in clear text. Bouncing from router to router until it gets to the destination SMTP server for the domain the e-mail was intended for. The only way to guarantee security here is with the (cumbersome) method of using PGP or S/MIME. Neither of which you can do with any of the free mail services being discussed in this thread; obsessed upon actually. Does it REALLY matter if your connection from your handheld, over your providers network, to RIM is encrypted or not, if the connection from your Hotmail account to wherever your outgoing mail is destined for is not? No, it doesn't. If anything, it instills a false sense of security; makes people think their mail is "protected". Same goes for receiving mail. When the mail is pushed from RIM's server to your handheld, even if the last link between your provider and your handheld (lets say Rogers and my Blackberry if I were using BIS) was unencrypted, if the e-mail message came from a domain other than the one I'm sending through, how many networks has it passed through in clear text already? I think the other point here (and what Penguin appeared to be getting at) is that RIM isn't using HTTP, HTTPS or SMTP on the bloody handheld anyway. You aren't configuring your DEVICE to use the providers mail servers. You are configuring a system on RIM's servers to USE those credentials to login to your providers servers. And RIM clearly states that the connection between their server and your provider is encrypted! So what is the issue? The mail isn't being delivered to your handheld through POP, HTTP or any conventional mechanism. So the point about HTTPS/SSL here is irrelevant. The mail is being PUSHED to your handheld using proprietary RIM technology, from THEIR server; the server which your account is configured on. And when mail is SENT from the handheld, it is handled the same way. The only way HTTP or HTTPS are relevant are if we are discussing accessing your mail through a web browser, and not RIM's BIS "client". Which is just an interface to make configuration changes at THEIR end. I think there is a severe fundamental misunderstanding of the underlying technology here; somebody knows just enough to be dangerous. I give Penguin props for trying to explain this earlier in the thread. Though it appears to have fallen on deaf ears. I think the rep from RIM did a poor job explaining the technology to Sandy. And that is likely why this thread ended up the way it did. |
Re: BIS - No Better Security than Web Based Mail
Quote:
Of course, keep in mind it's an encrypted "tunnel"... it does not encrypt the body of the message itself. For that you need PGP/SMIME or WinZip with encryption. But it does enough that it is now standard practice on smartphones. And I use SMIME with "free email services" in this thread. I encrypt Yahoo and Hotmail everyday from Outlook to the people I have set this up with - and you can get certificates for free... so POP3 and IMAP have the capability as well as exchange. RIM stated to me that the connection from their server to my provider (Yahoo/Gmail/Hotmail) was not encrypted. They also stated they push the email to the device with nothing. Which is why I did two things... switched to BES and put Yahoo/Hotmail through another smartphone with SSL. Now all my accounts are going from device to/from server protected. Sandy |
Re: BIS - No Better Security than Web Based Mail
Quote:
And yes, you are correct on the philosophy about SSL adoption on mail servers making this less and less of an issue at the end-user level, but it is still an issue as it stands now. Quote:
A Blackberry requires a certificate to talk to the BIS server. That is why the device has to be REGISTERED with the BIS. Quote:
But then again, you are talking about POP and IMAP. Neither of which are used by your Blackberry to talk to the BIS server. You are talking about traditional mail transport mechanisms. Those are not what are in play here. Quote:
And yes, the mail is being pushed to the device unencrypted. But it also isn't being delivered via a conventional mail transport mechanism. You need to take that into consideration. This isn't a device polling a mail server using POP or IMAP, not sending mail out using SMTP. This is a client/server relationship between the handheld and the BIS server. BTW, I'm not arguing against your point that encryption is better. Of course it is! Here is some more reading for you: BIS Connections - BlackBerry Support Community Forums Gives a good run-down on how BIS communication is tunneled from the handheld through RIM's servers. |
Re: BIS - No Better Security than Web Based Mail
Thanks for the link I will check it out.
But I am done with the BIS until RIM changes this. I just prefer my accounts having an encrypted tunnel from device (or Outlook with a WPA2-psk router) to server and "possibly" beyond to recipient - as possibly is still better than not possible, because you didn't bother. I spent 4 hours with RIM tech level 2 Sunday night and am on my 2nd hosted exchange trial to get SMIME through the BES. I may be able to use DM 5.0 and redirect yahoo through the BES. It's a work in progress right now... Sandy |
Re: BIS - No Better Security than Web Based Mail
I got the SMIME through... if you want to do this - the company that hosts your exchange needs to "enable" it. It took several companies before I found one that would (which surprised me as the directions for doing so are not hard.) Most don't even know what you are talking about. Even after getting that part out of the way - this was not easy.
As far as using SMIME for free accounts from your computer, like Yahoo/Hotmail - you can do this by putting them through Outlook (which you pay for,) but it also works through Windows Mail. Windows Mail is a free download, and actually, it's a very good program. I found that Redirect on DM 5.0 only works with exchange folders... you can't redirect your Yahoo account inbox through the BES. I actually see why now, but it was a cool "thought." |
All times are GMT -5. The time now is 03:45 AM. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.