funsec mailing list archives

Re: Nokia & Sun: Yes, Nokia S40 J2ME vulnerabilities exist

From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Fri, 22 Aug 2008 10:03:08 +0300 (EEST)

From 'Did Nokia pay for vulnerability information?'


"....
Gowdiak would not disclose if he was paid, but said that only reputable, vetted companies that pay would get the full 
research, which amounted to 180 pages and 14,000 lines of proof-of-concept code.

Nokia has a complete copy of Gowdiak's research, said Mark Durrant of Nokia's corporate communications."
--clip--

More at
http://news.idg.no/cw/art.cfm?id=E60D4A5D-17A4-0F78-31F4BD4CE5B829BD

Juha-Matti

Juha-Matti Laurio [juha-matti.laurio () netti fi] kirjoitti:

It's not known if Sun Microsystems or Nokia paid 20 000 euros (about $29 000) to get the detailed information about 
J2ME vulnerabilities discovered by Adam Gowdiak affecting to Nokia Series 40,
but both of the companies have confirmed the existence of these vulnerabilities now.

More at
http://blogs.securiteam.com/index.php/archives/1129

The both companies are "investigating further and developing a fix".


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Nokia & Sun: Yes, Nokia S40 J2ME vulnerabilities exist Juha-Matti Laurio (Aug 21)
- <Possible follow-ups>
- Re: Nokia & Sun: Yes, Nokia S40 J2ME vulnerabilities exist Juha-Matti Laurio (Aug 22)