funsec mailing list archives
Re: Nokia & Sun: Yes, Nokia S40 J2ME vulnerabilities exist
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Fri, 22 Aug 2008 10:03:08 +0300 (EEST)
From 'Did Nokia pay for vulnerability information?'
".... Gowdiak would not disclose if he was paid, but said that only reputable, vetted companies that pay would get the full research, which amounted to 180 pages and 14,000 lines of proof-of-concept code. Nokia has a complete copy of Gowdiak's research, said Mark Durrant of Nokia's corporate communications." --clip-- More at http://news.idg.no/cw/art.cfm?id=E60D4A5D-17A4-0F78-31F4BD4CE5B829BD Juha-Matti Juha-Matti Laurio [juha-matti.laurio () netti fi] kirjoitti:
It's not known if Sun Microsystems or Nokia paid 20 000 euros (about $29 000) to get the detailed information about J2ME vulnerabilities discovered by Adam Gowdiak affecting to Nokia Series 40, but both of the companies have confirmed the existence of these vulnerabilities now. More at http://blogs.securiteam.com/index.php/archives/1129 The both companies are "investigating further and developing a fix".
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Nokia & Sun: Yes, Nokia S40 J2ME vulnerabilities exist Juha-Matti Laurio (Aug 21)
- <Possible follow-ups>
- Re: Nokia & Sun: Yes, Nokia S40 J2ME vulnerabilities exist Juha-Matti Laurio (Aug 22)