[17843] in bugtraq
Re: Nokia firewalls
daemon@ATHENA.MIT.EDU (King, Iain)
Wed Nov 29 14:31:40 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-Id: <4FC68B779807D31191B10008C7731C4D844733@meeis01nok>
Date: Wed, 29 Nov 2000 00:35:59 +0200
Reply-To: Ext-Iain.King@NOKIA.COM
From: "King, Iain" <Ext-Iain.King@NOKIA.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
> PS. The only contact I have for Nokia is
> info.ipnetworking_americas@nokia.com, I don't believe that this mailbox
> would have given this information proper handling, my hope is that
> somebody @ Nokia will either be on this list or somebody will know
> actually how to contact this vendor. And as I allready stated, this is
> a pretty low-priorty vulnerability, requireing an authenticated user.
> However, if they had a ssl site or did not have clear text TELNET
> authentication by default it would make me feel much better.
Im on this list, and though I'm not an employee of Nokia Security.. I have
informed them of your post.
I'd expect to see an official reply some time soon.
> I guess you have considered to inform the manufacturer? So why post it
> here at this point?
>
> Hugo.
>
> PS: I would encourage to use normal disclosure procedures giving the
> manufacturer 5 working days for such issues.
>
I agree completely, and I think that people should spend at least 5 minutes
looking for a contact mail..
for eg: on the nokia website, www.nokia.com theres a link to security
appliance, which contains such
address' for "Further Information".
Iain King
IM EUS Unix Specialist
Nokia Telecommunications, MPD/APAC
