Re: Nokia firewalls

["King, Iain" <Ext-Iain.King () NOKIA COM>]

> PS. The only contact I have for Nokia is
> info.ipnetworking_americas () nokia com, I don't believe that this mailbox
> would have given this information proper handling, my hope is that
> somebody @ Nokia will either be on this list or somebody will know
> actually how to contact this vendor.  And as I allready stated, this is
> a pretty low-priorty vulnerability, requireing an authenticated user.
> However, if they had a ssl site or did not have clear text TELNET
> authentication by default it would make me feel much better.


Im on this list, and though I'm not an employee of Nokia Security.. I have
informed them of your post.
I'd expect to see an official reply some time soon.

> I guess you have considered to inform the manufacturer? So why post it
> here at this point?
>
> Hugo.
>
> PS: I would encourage to use normal disclosure procedures giving the
> manufacturer 5 working days for such issues.

I agree completely, and I think that people should spend at least 5 minutes
looking for a contact mail..
for eg: on the nokia website, www.nokia.com theres a link to security
appliance, which contains such
address' for "Further Information".

Iain King
IM EUS Unix Specialist
Nokia Telecommunications, MPD/APAC