RE: [Full-Disclosure] Nokia IPSO

From: Keifer, Trey (Trey.Keifer_at_fishnetsecurity.com)
Date: 11/26/03

  • Next message: Ron DuFresne: "Re: [Full-Disclosure] Attacks based on predictable process IDs??"
    To: "Frederic Charpentier" <fcharpentier@xmcopartners.com>, <full-disclosure@lists.netsys.com>
    Date: Wed, 26 Nov 2003 09:33:34 -0600
    
    

    When we released our IPSO vulnerability we learned that typically security issues with this platform
    are handled through the Nokia customer service channels. Responsible disclosure guidelines almost
    always dictate that the vendor is given the first notification so these are usually your best bet for
    information. We felt that the Bugtraq and Full-Disclosure lists were the best for making the security
    research community aware of the issues and helping to spread the notification.

    In addition to our advisory though we also wrote a quick and simple guide to securing the voyager/IPSO
    interface...
    http://www.fishnetsecurity.com/CSIRT/disclosure/Nokia/Securing.Nokia.Network.Voyager.pdf

    Hope that helps...

    Trey Keifer
    Security Engineer - Level II
    Fishnet Security

    Office: 816.421.6611
    Cell: 816.710.6830
    Toll Free: 888.732.9406
    Fax: 816.421.3371

    http://www.fishnetsecurity.com

    -----Original Message-----
    From: Frederic Charpentier [mailto:fcharpentier@xmcopartners.com]
    Sent: Wednesday, November 26, 2003 4:36 AM
    To: full-disclosure@lists.netsys.com
    Subject: [Full-Disclosure] Nokia IPSO

     hi, does anyone know a mailing list (or web site) about Nokia IPSO
    security ?

    Fred

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Ron DuFresne: "Re: [Full-Disclosure] Attacks based on predictable process IDs??"