Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Subject: Re: Nokia firewalls
From: King, Iain (Ext-Iain.KingNOKIA.COM)
Date: Tue Nov 28 2000 - 16:35:59 CST
- Next message: Roman Drahtmueller: "Re: SuSE Linux 6.x 7.0 Ident buffer overflow"
- Previous message: Geoffrey Moon: "Re: Submission"
- Maybe in reply to: K2: "Nokia firewalls"
- Maybe reply: King, Iain: "Re: Nokia firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> PS. The only contact I have for Nokia is
> info.ipnetworking_americasnokia.com, I don't believe that this mailbox
> would have given this information proper handling, my hope is that
> somebody Nokia will either be on this list or somebody will know
> actually how to contact this vendor. And as I allready stated, this is
> a pretty low-priorty vulnerability, requireing an authenticated user.
> However, if they had a ssl site or did not have clear text TELNET
> authentication by default it would make me feel much better.
Im on this list, and though I'm not an employee of Nokia Security.. I have
informed them of your post.
I'd expect to see an official reply some time soon.
> I guess you have considered to inform the manufacturer? So why post it
> here at this point?
> PS: I would encourage to use normal disclosure procedures giving the
> manufacturer 5 working days for such issues.
I agree completely, and I think that people should spend at least 5 minutes
looking for a contact mail..
for eg: on the nokia website, www.nokia.com theres a link to security
appliance, which contains such
address' for "Further Information".
IM EUS Unix Specialist
Nokia Telecommunications, MPD/APAC