[32442] in bugtraq
Re: [Full-Disclosure] Re: Serious flaws in bluetooth security lead
daemon@ATHENA.MIT.EDU (Pentest Security Advisories)
Fri Nov 14 17:03:06 2003
Message-ID: <3FB4AC90.7060506@pentest.co.uk>
Date: Fri, 14 Nov 2003 10:21:04 +0000
From: Pentest Security Advisories <alerts@pentest.co.uk>
MIME-Version: 1.0
To: Jordan Wiens <jwiens@nersp.nerdc.ufl.edu>
Cc: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com
In-Reply-To: <Pine.LNX.4.58.0311140114130.19768@afybt.areqp.hsy.rqh>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Jordan Wiens wrote:
>
> <SNIP>
>
>>The ultimate fix is for manufacturers to provide a greater separation of
>>services, an attitude that seems to have been taken with the Ericsson T610.
>
>
> I'm a bit confused; if I read it right, the first report specifically
> mentioned this as a vulnerable device, now it's listed as one that got it
> right? Did I misread?
No, you didn't misread - The T610, whilst still vulnerable to some
attacks, does provide more protection
of OBEX profiles. In this respect, it's better than the other phones /
devices we've tested.
On the particular T610 that was tested, we found that whilst it was
possible to upload files to the phone we could not download files from it.
