Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2006-01-19 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

F-Secure Security Bulletin

Published: 2006-01-19
Last Updated: 2006-01-19 21:18:40 UTC
by Deborah Hale (Version: 1)
0 comment(s)
F-Secure has issued a critical security bulletin regarding a Code Execution vulnerability that affects all of F-Secure products. The bulletin states that if you have the 2004 to 2006 versions with the Automatic Delivery System that you will be patched automatically.

For older versions or systems that are not automatically updated - the patches are available at:
http://www.f-secure.com/security/fsc-2006-1.shtml

http://secunia.com/advisories/18529/

Good work Thierry for discovery of this vulnerability. 
Keywords:
0 comment(s)

Symbian operating system - Nokia series 60 mobile phones - 3 new Trojans

Published: 2006-01-20
Last Updated: 2006-01-20 14:39:15 UTC
by Deborah Hale (Version: 2)
0 comment(s)
For those of you with the Nokia Series 60 phones I have some bad news.  Symantec today has posted 3 new trojans identified that impact your operating system. 

SymbOS.Sendtool.A -  The Trojan horse drops a hacktool that can be used to send malicious programs, such as variants of the SymbOS.PBStealer family of Trojans, to other mobile devices via Bluetooth.

SymbOS.Pbstealer.D - The Trojan sends the user's contact information database, Notepad, and Calendar To Do list to other Bluetooth-enabled devices.

SymbOS.Bootton.E - A Trojan horse that restarts the mobile device when executed. However, as it also drops corrupted components, the device is unable to restart.

While looking at this information - I discovered that this particular phone OS has been hit several times in the last 2 years by trojan like programs.  I can't find anything on the Nokia site that indicates that a patch is available.  I wonder if it isn't time for Nokia to take a serious look at fixing the problem?  Especially since one of these new ones allows someone with another Bluetooth device to steal the user's information. 

What about it Nokia?  For those of you that own these devices, what are you doing to protect your phone?


Updating Information on this item:

We received an email today from CJ with some really good information.  I am including the information in it's entirety.  CJ has already dealt with this issue and can lend some valuable assistance.

CJ's E-Mail

Nokia does put out updates to the Symbian OS however, at this time, to get the upgrades in the US you have to either send the phone back to the main Service Center or find an authorized Dealer/Service Center. It is not as easily said as done especially in my case. I have the Nokia 9300 and it was not sold in the US until recently. Because of this the Dealer Service centers in the Boston and NYC areas would not handle it. I did find a web site that helps with finding Service/Dealers that can upgrade you however not under the Nokia warranty. (In other words they charge a fee.) It is http://www dot howardforums dot com/. Here you can get help/information on any mobile phone ranging from normal operation to unlocking. Also, for the Nokia phones, I have found that Warlox Wireless Accessories (www dot iunlock dot com) does very reliable work. Outside the US, it is a different case as most Dealers are registered Service Centers and do all the warranty work in their shops.

Another quick note. When talking to Nokia recently, the tech related to me that Nokia will be eventually enabling their Nokia PC Suite to do the upgrades on their higher end phones. He did not say when.

Regards,

CJ


Keywords:
0 comment(s)
Diary Archives