The Market Ticker
Commentary on The Capital Markets

It's about damn time.

BlackBerry has had leaked a feature in the upcoming 10.3.2 firmware release for all of their BB10 devices that should make the phones worthless if stolen.

When you do a "Security Wipe", or if you nuke the phone using an autoloader when it connects back to the network it will demand the previous BlackBerry ID, and force you to sign back in using the (current) password for it, before it can be set up.

Since this comes from BlackBerry's servers and is tied to the device PIN it cannot be overridden irrespective of what you do on the device, including destructively loading it. If you don't comply it will work as a telephone but all of the market, BBM and similar functions will not work.

This approach is far superior to an on-device protective function that allegedly "survives" a phone wipe because virtually all can be field-flashed with new firmware, and if the protection is on the device itself then it can be overwritten.  Since this implementation is linked to the device PIN which cannot be changed in the field it's going to be nearly impossible to circumvent.

The long and short of this is that if you steal a BlackBerry 10 device, once 10.3.2 rolls out, you have a worthless device from the standpoint of a "smartphone"; you instead have a device that at best is a "dumb" flip-phone in capability.

In a relatively short period of time this should utterly decimate the phone thieves game where they rip off a device and then resell it on eBAY or Craigslist, destroying the value of stolen devices.

Bravo BlackBerry.

View this entry with comments (registration required to post)

2015-04-17 07:44 by Karl Denninger
in Market Musings , 325 references

Hope you're ready folks...

The CPI was a "miss", and yet the headline number was hit (as expected) by rising gas prices.  The claims is up 10%, but I don't know how you get there in that locally we went from right near $2.00 to about $2.40, which is closer to 20% than 10%.

In any event the other issue is the obvious one: Economic data surprises have nearly all been negative.

CNBS talking heads continue to rationalize away the facts -- particularly that economic surprises have simply not filtered through to either prices in the markets.

But they will, and when you add into this the fact that most of the non-McJob additions in the employment sector were in the oil patch here in the US, and that hiring has now reversed with low oil prices and these people are being furloughed, well....

You might claim "jobs have recovered" but when the remaining "jobs" are all entry-level and provide little or no upward mobility there's no economic driver involved in them.

Markets, particularly in the no-earning tech sector, have been extremely buoyant, along with the garbage fast-casual food joints.

Unjustifiably so, in my opinion....

Oh, and then there's Greece.... which is coming, and is going to matter.  Not so much because of Greece per-se, but because all that crap paper they wrote went somewhere, and the place it went was probably in places you don't want it with the LTRO gamesmanship and similar.

Remember that in a derivative-linked world this crap is levered 20:1 as allegedly "good collateral" behind those bets, and when the collateral is exposed as trash the loss isn't the face amount, it's 20x as much because governments allowed this garbage to be geared up by so-called "banks" as a means of legalized counterfeiting.

Here it comes.

View this entry with comments (registration required to post)

But there's no intent of these people to exploit our open border, right?

Islamic State fighters are operating training bases near the U.S. southern border and are being aided by violent drug cartels to smuggle terrorists into states like Texas, a report published Tuesday by a watchdog group claims.

Oh wait..... you mean there are such people and they are trying to exploit our open border?

Well go figure....

Beware folks -- this is the "price" of allowing illegal invaders to come into your nation -- you're assuming they all "just want a job" and "just want a better life."

What happens when they want to walk into a shopping mall with a suicide vest on and blow themselves (and everyone else in the place) to bits?

View this entry with comments (registration required to post)

Things that make me smiley when it comes to the market...


A rank double on the IPO.  We haven't seen that before, have we?  Oh wait....

Netflix up $78 on "earnings" when its free cash flow is the most-negative in its history, which of course is what's actually in the bank at the end of the day (or more-accurately in this case how much of it is flying out of the bank!)

The CNBS people are running around talking about nonsense like Bitcon (er, "coin"), which has lost somewhere around 75% of its alleged value (or, if you prefer my view, it has reverted 75% of the way to its actual value -- that is, bupkis!) in the last little while -- but it's a "breakthrough" they say.... (sure is -- it's breaking through the bottom of your wallet headed for the toilet!)

I had an interesting conversation with one of the folks who hold a number of these tech stocks; he was the typical early 30s young and full-of-cum dudes when it came to the markets and technology, and of course was a huge believer in them in the public marketplace.  It's hard not to be when you've seen your Apple stock price nearly double in a reasonably short period of time.

My caution to him was the same as it is to everyone else in this space: Know where the door is and be prepared to use it; these prices are being driven by uneconomic acts that are being "validated" and even driven by central bank policy along with pie-in-the-sky unicorn beliefs.

The problem with uneconomic actions is that they're uneconomic.  I know that sounds circular and to some extent it is; the most-important part is that it cannot and thus won't continue forever.  When it stops the avalanche of people trying to get out before their "gains" are gone will make 2000 and even 2008 look like a cakewalk.

It is always said "this time it's different" when a mania takes hold; the parade of people claiming so is never-ending and they get lots of ink because excitement sells -- especially in the financial media.  But the fact of the matter is that debt accumulation never has and never can drive sustainable growth -- in asset prices or anything else.

Were I to have obtained an allocation in ETSY I'd have done exactly what I did back in 1999 with a couple of allocations I did get -- I flipped them immediately.  While this looked dumb a week or a month later with the benefit of hindsight a year later it was in fact extremely smart.

View this entry with comments (registration required to post)

Ok, I'm officially pissed off.

BlackBerry has supported S/MIME on BES-managed devices for a while.  At least in theory.

However, the signatures it generates are invalid as they do not meet RFC requirements for MIME-encoded email.

It turns out that Outlook doesn't care, and thus "eats" these just fine.  But Thunderbird raises hell and says the signature is invalid.

It took me a lot of digging around to figure out the cause, and it turns out to be utterly inexcusable.

Here's what's going on.

When you send a MIME-encoded email (e.g. one with images in it, etc) the multiple parts are broken up and sent.  Each "piece" has a separator that is defined by the software (it's simply an arbitrary string that isn't anywhere else) and then before the content the type and transfer encoding is described.

The problem that MIME solves is that email transport is not 8-bit transparent.  That is, it normally is only printable characters that are guaranteed transport.  But a digital signature comprises bytes of any value, not just printable characters.  MIME solves this (as it does for pictures and similar) by using what is called base64 encoding.

But, email transports are also not guaranteed to handle long lines!  Most of them will these days, but historically they might not handle anything more than 80 characters before a carriage return, and unbounded line size can be a problem even today.  As a result base64's MIME type specifies that a base64 line must not be more than 76 characters and that any more than that must be ignored.  This prevents a potentially-malicious jackass from trying to blow up your mail transfer agent by sending an arbitrary (millions of bytes!) "line"; yes, defensive programming should prevent that from doing damage, but......

Here's a piece of a valid signature generated by Thunderbird:

Content-Type: application/pkcs7-signature; name="smime.p7s"^M
Content-Transfer-Encoding: base64^M
Content-Disposition: attachment; filename="smime.p7s"^M
Content-Description: S/MIME Cryptographic Signature^M

Notice that all the lines are cut off with carriage returns; this is what Base64 does and allows.

Now here is a similar piece generated by a BB10 device:

Content-Type: application/x-pkcs7-signature; name="smime.p7s"^M
MIME-Version: 1.0^M
Content-Transfer-Encoding: base64^M
Content-Disposition: attachment; filename="smime.p7s"^M

The signature generated is one great big line; there are no carriage returns in it at all!

Oh by the way, the same horsecrap happens when you send a signed and encrypted message -- although the data type is different (enveloped-data) the same rule on line length applies.  For this reason once again some email clients will blow up, particularly for large encrypted emails where the "line length" could be megabytes in size and thus exceed internal transport level buffering.

This crap is flat-out invalid according to the Internet RFCs that define email transport and results in the signature failing to validate against a client that processes digital signatures properly and enforces the MIME standards.  

Outlook, as with many other Microsoft products, doesn't give a rat's ass and accepts it silently but it shouldn't -- it should instead throw up and complain that the signature block is malformed (because it is.)

Thunderbird (and probably many other clients) refuses.  I have filed a bug report with Mozilla because the complaint should not be that the signature is invalid but rather than the signature block is malformed.

BlackBerry, this sort of incompetence in 2015 is utterly inexcusable, particularly given your previous violation of the rules regarding line terminators in the SMTP protocol back in the early days of 10.x and the fact that his has been going on now, as far as I can tell, since the initial 10.x firmware releases several years ago.

Fix this now and roll it out to everyone as the way your code stands right now S/MIME interchange is guaranteed to break with standards-enforcing mail clients and transports (and that's a lot of them, by the way.)

Until this is fixed and deployed this screw-up forces me to formally and publicly recommend against all BlackBerry devices in any environment where encrypted and/or signed email is part of the requirement set.  That, sadly, is all of them where BlackBerry is currently targeting its sales.

View this entry with comments (registration required to post)

Main Navigation
MUST-READ Selection:
Wake Up America

Full-Text Search & Archives
Archive Access
Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.


The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be reproduced or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media or for commercial use.

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.