[Dude]

Quote:

Originally Posted by BigA

Most importantly if anyone can crack RIM's security (AES). Not only have you cracked RIM's security you have crack all of the cryptograhpy world too.

You guys keep talking about encryption and RIM's impregnable security, but none of that matters. The message spends a lot of time traveling between mail servers on open non-encrypted links. Why do I need to break into your Blackberry if I can just sniff the traffic coming out of your Exchange server?!

Remember: Blackberry -> carrier -> BES/BIS -> mail server -> internet -> mail server -> BES/BIS -> carrier -> Blackberry.

[MikeyLikesIt]

I don't know where he was coming from but if he had anything I think he would have posted it a long time ago instead of taking all that abuse.

Now, did I ever tell you about the 100 MPG carbureator that a friend of an inlaw of my distant cousin knows all about that was bought off by the oil companies and buried?

MikeyMike

[Dude]

Quote:

Originally Posted by MikeyLikesIt

I don't know where he was coming from but if he had anything I think he would have posted it a long time ago instead of taking all that abuse.

Now, did I ever tell you about the 100 MPG carbureator that a friend of an inlaw of my distant cousin knows all about that was bought off by the oil companies and buried?

MikeyMike

He posted his original (and first) question on 9/17 at 8:44pm. His last post was at 10:11pm. By 11:55pm that night, he's had enough abuse to never have logged on to this board again.

[LunkHead]

Quote:

Originally Posted by Dude

He posted his original (and first) question on 9/17 at 8:44pm. His last post was at 10:11pm. By 11:55pm that night, he's had enough abuse to never have logged on to this board again.

Please do tell about this abuse that you speak of.... I for one will be very, very interested in hearing this...

My theory on why the OP has not returned is because either RIM or the *security expert*, or both, set the OP straight and it turned out to be nothing...

If RIM or the *security expert* had information to prove post #1 of this thread then you could bet your last buck the OP would have returned to rub this proof in the faces of the nay-sayers (read: me)

Have a great day

Note to self: Add another to your block list..

Kris

[jsconyers]

Quote:

Originally Posted by Dude

You guys keep talking about encryption and RIM's impregnable security, but none of that matters. The message spends a lot of time traveling between mail servers on open non-encrypted links. Why do I need to break into your Blackberry if I can just sniff the traffic coming out of your Exchange server?!

Remember: Blackberry -> carrier -> BES/BIS -> mail server -> internet -> mail server -> BES/BIS -> carrier -> Blackberry.

This statement is not true when using a BES. The message is encrypted prior to leaving the handheld or BES and then decrypted once being received by the handheld or BES.

Message flow to a handheld

1) New Message arrives: the Microsoft message transfer agent delivers message to user’s desktop email mailbox.

2) Message notification: Blackberry maintains a MAPI connection to the user’s mailbox. The connection enables the server to use the same notification for new mail, blackberry processes message as it arrives.

3) Message filters are applied: BES checks message fields against global filter rules.
BES then applies user-defined filters.

4) Message ID is assigned: BES randomly generates a reference id and tag.

5) Message is compressed and encrypted.

6) Message sent to wireless network: BES sends the first portion of the message through port 3101 to the wireless network, which verifies the PIN belongs to belongs to a valid handheld registered on the network
7) Confirmation is returned: The network locates the handheld and delivers the message.
8) Arrives on handheld: The handheld decrypts and decompresses the message and notifies the user of new mail.





Message flow from the handheld

1) Message sent from handheld, on the handheld the message is assigned a reference id.
2) Message is compressed and encrypted.

3) Message is sent to BES Server, through port 3101 to the wireless network to the Blackberry Server.

4) Message is decrypted and decompressed: BES decrypts and decompresses the message. If the message does not match the users encryption key, the message is discarded.

5) Message is placed in outbox on the Exchange Store.

6) Message delivery: The Exchange MTA delivers the message.

7) Copied to sent items folder: A copy of the message is placed in the user’s desktop email program sent items folder.

Therefore if you do happen to "sniff the traffic coming out of the Exchange server" you would only get an encrypted message. Now for BIS, I am not to sure. Also We do not know what mail client the OP was using, nor do we know if he was using BIS or BES.

[Dude]

But what happens to the message as it travels between mail servers of two different companies?

[jpm121]

Quote:

Originally Posted by Dude

But what happens to the message as it travels between mail servers of two different companies?

That part isn't encrypted, but it doesn't matter -- the OP's beef was that the original message stored on the blackberry was modified as well as the one the recipient received.

THAT is the part that just isn't possible -- once the message has been keyed, encrypted, and sent out, it's locked down.

[gibbyoh]

Quote:

Originally Posted by jsconyers

Therefore if you do happen to "sniff the traffic coming out of the Exchange server" you would only get an encrypted message. Now for BIS, I am not to sure. Also We do not know what mail client the OP was using, nor do we know if he was using BIS or BES.

Thats not right when the e-mail message leaves the senders e-mail server it is not encrypted, the senders BES server unencrypts and decompress it before handing it off to the e-mail server.

and I am getting this from the RIM Certification guide as I am currently working on my RIM Certification