[maemo-developers] Security Guidance for N800 OS development

From: Acadia Secure Networks acadiasecurenets at aol.com
Date: Tue Feb 20 23:22:37 EET 2007

I have to disagree with your assertion of where Nokia's responsibility 

Since Nokia is actively encouraging the development of 3rd party 
applications including ones which are TCP/IP Stack/Internet enabled, 
Nokia (or any other similar device manufacturer for that matter that 
creates an extensible platform like this)  has a responsibility to do as 
much as it can, within the constraints of the device capabilities 
itself, to make the device safe from attack even at the  application 
level. In today's world,doing so for a product developer like Nokia  is 
simply good corporate citizenship. By analogy, there was a time when 
cars did not have air bags or for that matter safety belts and the 
manufacturers considered driver safety to be an "application layer" problem.

Maybe the target market for 770 and N800 does not include the business 
market, but If Nokia is at all interested in penetrating that market for 
a device like the N800 Nokia will surely have to come up with a very 
strong  offering with respect to device security. Otherwise the CIO's of 
the world  will not let this device into their network perimeter, at 
least not knowingly.

Best Regards,


John Holmblad


Philippe De Swert wrote:
> Hi,
>> On Tue, 2007-02-20 at 10:12 -0600, Paul Klapperich wrote:
>>> The internet tablet runs an Xserver for one. Use nmap on your PC to
>>> scan your Nokia. It has open ports. Marius had specifics earlier.
>> Which is a fixed bug, and will be closed in the next release.  It's not
>> rocket science to fix this yourself now if it worries you, which will
>> make it zero open sockets on a N800.
>> Yes, someone should make an iptables package for the people who are
>> running services on their N800.  However the stock image has no services
>> so doesn't really need a firewall.
> I second Ross here. Nokia only has a responsability towards its own releases.
> You can hardly expect that they can secure every possible deamon or service
> they are NOT running or delivering themseleves. It is the security of the
> STOCK image that counts.
> OTOH for somebody who is concerned about getting a firewall, it should not be
> too hard to port iptables. It has been done very often for other platforms.
> Cheers,
> Philippe
> ---
> Scarlet One Unlimited
> Free national calls, surf up to 6 Mbit/s, 50 GB download volume
> For only EUR 49,95 per month. No Belgacom subscription needed.  All in!
> http://www.scarlet.be
> _______________________________________________
> maemo-developers mailing list
> maemo-developers at maemo.org
> https://maemo.org/mailman/listinfo/maemo-developers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.maemo.org/pipermail/maemo-developers/attachments/20070220/4f809273/attachment.htm 
More information about the maemo-developers mailing list