On 2/23/07, Eero Tamminen <[EMAIL PROTECTED]> wrote:
Hi,
ext Gustavo Sverzut Barbieri wrote:
>> > yes, but the most harmful action is to add "/" to be scanned, but
>> > that's in blacklist so it's avoided.
>>
>> If it is monitoring file changes in the device, you should also
>> ignore at least /
On 2/23/07, Marius Gedminas <[EMAIL PROTECTED]> wrote:
On Thu, Feb 22, 2007 at 08:20:53PM -0300, Gustavo Sverzut Barbieri wrote:
> On 2/22/07, Eero Tamminen <[EMAIL PROTECTED]> wrote:
> >ext Gustavo Sverzut Barbieri wrote:
> >> yes, but the most harmful action is to add "/" to be scanned, but
> >
On Thu, Feb 22, 2007 at 08:20:53PM -0300, Gustavo Sverzut Barbieri wrote:
> On 2/22/07, Eero Tamminen <[EMAIL PROTECTED]> wrote:
> >ext Gustavo Sverzut Barbieri wrote:
> >> yes, but the most harmful action is to add "/" to be scanned, but
> >> that's in blacklist so it's avoided.
> >
> >If it is mo
Hi,
ext Gustavo Sverzut Barbieri wrote:
> yes, but the most harmful action is to add "/" to be scanned, but
> that's in blacklist so it's avoided.
If it is monitoring file changes in the device, you should also
ignore at least /dev & /sys*, otherwise your process wakes up
unnecessarily (which d
On 2/22/07, Eero Tamminen <[EMAIL PROTECTED]> wrote:
Hi,
ext Gustavo Sverzut Barbieri wrote:
> yes, but the most harmful action is to add "/" to be scanned, but
> that's in blacklist so it's avoided.
If it is monitoring file changes in the device, you should also
ignore at least /dev & /sys*, o
Paul,
yes "click fatigue/click cluelesness" is an issue but the dialog box
does provide one more potential barrier to a successful attack.
By the way there is a wwwcast series on mobile device security over the
next 5 weeks that is sponsored by sybase/ianywhere. The speaker in the
first wwwc
Hi,
ext Gustavo Sverzut Barbieri wrote:
yes, but the most harmful action is to add "/" to be scanned, but
that's in blacklist so it's avoided.
If it is monitoring file changes in the device, you should also
ignore at least /dev & /sys*, otherwise your process wakes up
unnecessarily (which drai
On 2/22/07, Eero Tamminen <[EMAIL PROTECTED]> wrote:
Hi,
ext Gustavo Sverzut Barbieri wrote:
>> > - canola-conf listen to 127.0.0.1:9000 (can be changed using
>> > GConf), it's a webserver that serves HTML, JS, ... it's written using
>> > libsoup and actions (/actions/ClassName/{get,set}_data
Hi,
ext Gustavo Sverzut Barbieri wrote:
> - canola-conf listen to 127.0.0.1:9000 (can be changed using
> GConf), it's a webserver that serves HTML, JS, ... it's written using
> libsoup and actions (/actions/ClassName/{get,set}_data and
> /actions/ClassName/get_presentation) is written in C, fo
On 2/22/07, Eero Tamminen <[EMAIL PROTECTED]> wrote:
Hi,
ext Gustavo Sverzut Barbieri wrote:
> - canola-conf listen to 127.0.0.1:9000 (can be changed using
> GConf), it's a webserver that serves HTML, JS, ... it's written using
> libsoup and actions (/actions/ClassName/{get,set}_data and
> /ac
Hi,
ext Gustavo Sverzut Barbieri wrote:
- canola-conf listen to 127.0.0.1:9000 (can be changed using
GConf), it's a webserver that serves HTML, JS, ... it's written using
libsoup and actions (/actions/ClassName/{get,set}_data and
/actions/ClassName/get_presentation) is written in C, for object
> by way of example, my PC has a firewall (Symantec) that does outbound
> filtering. I appreciate the fact that when I launch an application for
> which I have not previously provided authorization to access the
> Internet (defined here as an IP range beyond my LAN subnet), the
> firewall warns m
Daniel,
by way of example, my PC has a firewall (Symantec) that does outbound
filtering. I appreciate the fact that when I launch an application for
which I have not previously provided authorization to access the
Internet (defined here as an IP range beyond my LAN subnet), the
firewall wa
On Wed Feb 21 17:39:44 2007, Acadia Secure Networks wrote:
1. An option for keeping sensitive data on the device encrypted.
This is important for dealing with the fact that mobile devices
get
stolen and, more often lost.
Now this *is* a sound idea. Doesn't GNOME have something like t
On 2/20/07, Marius Gedminas <[EMAIL PROTECTED]> wrote:
On Mon, Feb 19, 2007 at 09:00:18PM +, Dave Cridland wrote:
> If you're running network daemons on the device, you deserve
> everything you get, of course, but even then, there's plenty of
> documents and guides.
Canola comes with a netwo
Mike,
feel free to put it to bed for now.
Nonetheless, I hope and believe that this group will continue to look
for ways to make the N800 a more secure mobile device. Here are a few
more items I can think of for consideration by Nokia itself:
1. An option for keeping sensitive data on th
Hi,
ext Ross Burton wrote:
On Tue, 2007-02-20 at 10:12 -0600, Paul Klapperich wrote:
The internet tablet runs an Xserver for one. Use nmap on your PC to
scan your Nokia. It has open ports. Marius had specifics earlier.
Which is a fixed bug, and will be closed in the next release. It's not
ro
This thread should really be put to bed. The only concrete action item
that has emerged from it is a request for the inclusion of iptables,
which is duly noted. Iptables is one clearly useful tool for limiting
access to a daemon based on source IP. Since none of the devices ship
with any dae
> Maybe the target market for 770 and N800 does not include the business
> market, but If Nokia is at all interested in penetrating that market for
> a device like the N800 Nokia will surely have to come up with a very
> strong offering with respect to device security. Otherwise the CIO's of
> the
On 2/20/07, Paul Klapperich <[EMAIL PROTECTED]> wrote:
How many mobile phones have you found that provide unfettered access to 3rd
party applications?
Symbian mobile phones. Windows mobile phones. Palm mobile phones. Any
phone with java. They don't provide 'unfettered access' but they
certainl
On Tue, Feb 20, 2007 at 04:34:21PM -0600, ext Paul Klapperich wrote:
> Nokia really doesn't have to do anything to "guarantee" that 3rd party apps
> are safe, but I would certainly trust the integrity an official iptables
> compiled by Nokia. They certainly have something to loose by somehow
> subv
On Tue, Feb 20, 2007 at 04:22:37PM -0500, ext Acadia Secure Networks wrote:
> Since Nokia is actively encouraging the development of 3rd party
> applications including ones which are TCP/IP Stack/Internet enabled,
> Nokia (or any other similar device manufacturer for that matter that
> creates a
On 2/20/07, Gavin O' Gorman <[EMAIL PROTECTED]> wrote:
Out of curiosity, how many mobile phones have you encountered that run
firewalls ?
How many mobile phones have you found that provide unfettered access to
3rd party applications?
Network providers are extremely fearful about what applicat
On 2/20/07, Acadia Secure Networks <[EMAIL PROTECTED]> wrote:
Maybe the target market for 770 and N800 does not include the business
market, but If Nokia is at all interested in penetrating that market for a
device like the N800 Nokia will surely have to come up with a very strong
offering with
Philippe,
I have to disagree with your assertion of where Nokia's responsibility
ends.
Since Nokia is actively encouraging the development of 3rd party
applications including ones which are TCP/IP Stack/Internet enabled,
Nokia (or any other similar device manufacturer for that matter that
c
On Tue, Feb 20, 2007 at 05:53:15PM +0100, Kees Jongenburger wrote:
> On 2/20/07, Marius Gedminas <[EMAIL PROTECTED]> wrote:
> >On Tue, Feb 20, 2007 at 01:19:56PM +0100, Kees Jongenburger wrote:
> >> On 2/20/07, Marius Gedminas <[EMAIL PROTECTED]> wrote:
> >> >I wonder how many people install OpenSS
On 2/20/07, Marius Gedminas <[EMAIL PROTECTED]> wrote:
On Tue, Feb 20, 2007 at 01:19:56PM +0100, Kees Jongenburger wrote:
> On 2/20/07, Marius Gedminas <[EMAIL PROTECTED]> wrote:
> >Also, due to a bug, the X server on the N800 listens on TCP port 6000:
> >https://maemo.org/bugzilla/show_bug.cgi?i
Hi,
> On Tue, 2007-02-20 at 10:12 -0600, Paul Klapperich wrote:
> > The internet tablet runs an Xserver for one. Use nmap on your PC to
> > scan your Nokia. It has open ports. Marius had specifics earlier.
>
> Which is a fixed bug, and will be closed in the next release. It's not
> rocket scienc
On Tue, 2007-02-20 at 10:12 -0600, Paul Klapperich wrote:
> The internet tablet runs an Xserver for one. Use nmap on your PC to
> scan your Nokia. It has open ports. Marius had specifics earlier.
Which is a fixed bug, and will be closed in the next release. It's not
rocket science to fix this you
> #!/bin/sh
> echo "your system is now secured"
Works! Man! Thank you!
I take back all I sad about security.
Zoran
___
maemo-developers mailing list
maemo-developers@maemo.org
https://maemo.org/mailman/listinfo/maemo-develope
On 2/20/07, Simon Budig <[EMAIL PROTECTED]> wrote:
I guess you are missing the point here: Usually a nokia tablet does not
have internet services running. Asking for iptables is like asking for a
padlock, when your house does not have any doors. In that case the lock
would not at all improve the
Zoran Kolic ([EMAIL PROTECTED]) wrote:
> > Usually a nokia tablet does not
> > have internet services running. Asking for iptables is like asking for a
> > padlock, when your house does not have any doors. In that case the lock
> > would not at all improve the security.
>
> Is it necessary my 770
> I guess you are missing the point here:
Yes.
> Usually a nokia tablet does not
> have internet services running. Asking for iptables is like asking for a
> padlock, when your house does not have any doors. In that case the lock
> would not at all improve the security.
Is it necessary my 770 to
On Tue Feb 20 15:31:06 2007, Zoran Kolic wrote:
see it on my 770. And I should not, for it is a little dude. I
would just
ask for iptables, nothing more. I don't want to argue is it useful
or not.
Believe me with your life.
But I don't have to believe you with my life, and if you want a
fire
Zoran Kolic ([EMAIL PROTECTED]) wrote:
> Flaming doesn't go me well, so I will try. If I have security in my mind,
> I would ask for openvms or openbsd. I use freebsd as my second skin, since
> it is secure almost as openbsd and simple as reading mind. I could add
> all kind of measures that harden
> > Just cannot say how much I disagree!
> But can you say why?
I feel it in my heart. What else can I say to sound serious?
> Can you explain why the N800/770 are sufficiently distinct to any
> other platform as to require special treatment in this area?
Flaming doesn't go me well, so I will tr
On Tue Feb 20 14:51:53 2007, Zoran Kolic wrote:
> > I mention this because, as more Internet aware/dependent > >
applications are developed for the N800 (it is an Internet tablet >
> after all) the "attack surface" for the product will increase. I
> > have asked previously about whether or not
> > I mention this because, as more Internet aware/dependent
> > applications are developed for the N800 (it is an Internet tablet
> > after all) the "attack surface" for the product will increase. I
> > have asked previously about whether or not the N800 has a stateful
> > firewall but so far
On Tue, Feb 20, 2007 at 01:19:56PM +0100, Kees Jongenburger wrote:
> On 2/20/07, Marius Gedminas <[EMAIL PROTECTED]> wrote:
> >Also, due to a bug, the X server on the N800 listens on TCP port 6000:
> >https://maemo.org/bugzilla/show_bug.cgi?id=1055.
> >
> >I wonder how many people install OpenSSH/D
On 2/20/07, Marius Gedminas <[EMAIL PROTECTED]> wrote:
Also, due to a bug, the X server on the N800 listens on TCP port 6000:
https://maemo.org/bugzilla/show_bug.cgi?id=1055.
I wonder how many people install OpenSSH/Dropbear and then leave..
I wonder how many people thrust the openssh deb :
On Mon, Feb 19, 2007 at 09:00:18PM +, Dave Cridland wrote:
> If you're running network daemons on the device, you deserve
> everything you get, of course, but even then, there's plenty of
> documents and guides.
Canola comes with a network daemon. It listens on 127.0.0.1:9000 (the
configura
On Mon Feb 19 20:40:41 2007, Acadia Secure Networks wrote:
Dave,
if you think of the N800 simply as an entertainment device then
security is not a significant issue.
Hmmm... I only recently realized some people do consider it an
entertainment device.
However, if and when users start to u
Dave,
if you think of the N800 simply as an entertainment device then security
is not a significant issue.
However, if and when users start to use this device to store important
and sensitive info whether related to business or personal use then OS
and application security, and especially th
ISTR that the "attack surface" rhetoric originates with Microsoft,
because windows has traditionally had a fairly large one, and that it
was a good handle for describing "what needs fixing" on the Microsoft
side. (It has made a big difference there.)
Linux (through it's unix roots) starts off fro
On Mon Feb 19 15:59:25 2007, Acadia Secure Networks wrote:
Has Nokia published any documentation on the subject of how to
secure the N800 OS from attack from both a software developer
perspective as well as an end user perspective?
Not that I know of, but I'm not clear what the point would b
All,
Has Nokia published any documentation on the subject of how to secure
the N800 OS from attack from both a software developer perspective as
well as an end user perspective?
I mention this because, as more Internet aware/dependent applications
are developed for the N800 (it is an Interne
46 matches
Mail list logo
