When we released our IPSO vulnerability we learned that typically security issues with this platform are handled through the Nokia customer service channels. Responsible disclosure guidelines almost always dictate that the vendor is given the first notification so these are usually your best bet for information. We felt that the Bugtraq and Full-Disclosure lists were the best for making the security research community aware of the issues and helping to spread the notification.
In addition to our advisory though we also wrote a quick and simple guide to securing the voyager/IPSO interface... http://www.fishnetsecurity.com/CSIRT/disclosure/Nokia/Securing.Nokia.Network.Voyager.pdf Hope that helps... Trey Keifer Security Engineer - Level II Fishnet Security Office: 816.421.6611 Cell: 816.710.6830 Toll Free: 888.732.9406 Fax: 816.421.3371 http://www.fishnetsecurity.com -----Original Message----- From: Frederic Charpentier [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 26, 2003 4:36 AM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Nokia IPSO hi, does anyone know a mailing list (or web site) about Nokia IPSO security ? Fred _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
