Bugtraq mailing list archives
Re: Nokia firewalls
From: "King, Iain" <Ext-Iain.King () NOKIA COM>
Date: Wed, 29 Nov 2000 00:35:59 +0200
PS. The only contact I have for Nokia is info.ipnetworking_americas () nokia com, I don't believe that this mailbox would have given this information proper handling, my hope is that somebody @ Nokia will either be on this list or somebody will know actually how to contact this vendor. And as I allready stated, this is a pretty low-priorty vulnerability, requireing an authenticated user. However, if they had a ssl site or did not have clear text TELNET authentication by default it would make me feel much better.
Im on this list, and though I'm not an employee of Nokia Security.. I have informed them of your post. I'd expect to see an official reply some time soon.
I guess you have considered to inform the manufacturer? So why post it here at this point? Hugo. PS: I would encourage to use normal disclosure procedures giving the manufacturer 5 working days for such issues.
I agree completely, and I think that people should spend at least 5 minutes looking for a contact mail.. for eg: on the nokia website, www.nokia.com theres a link to security appliance, which contains such address' for "Further Information". Iain King IM EUS Unix Specialist Nokia Telecommunications, MPD/APAC
Current thread:
- Re: Nokia firewalls King, Iain (Nov 30)