<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<font face="Arial">All,<br>
<br>
Has Nokia published any documentation on the subject of how to secure
the N800 OS from attack from both a software developer perspective as
well as an end user perspective? <br>
<br>
I mention this because, as more Internet aware/dependent applications
are developed for the N800 (it is an Internet tablet after all) the
"attack surface" for the product will increase. I have asked previously
about whether or not the N800 has a stateful firewall but so far the
answer seems to be no. <br>
<br>
To provide a context for the question of OS and application security,
here is the url to a www page at the SANS institute Internet Storm
Center www site whose purpose is to provide the viewer with a
perspective on the time between attacks on various kinds of systems:<br>
<br>
<a class="moz-txt-link-freetext" href="http://isc.sans.org/survivaltime.html">http://isc.sans.org/survivaltime.html</a><br>
<br>
<br>
The data used to collect this information is not country source or
country destination specific thus it represents a reasonable proxy for
what goes on every day on the Internet from wherever one makes a
connection. The idea behind the output graph rendered by this www page
is that, given that <br>
<br>
a) your Internet connected system WILL be attacked at
the intervals indicated in the graph <br>
<br>
then <br>
<br>
b) your system will eventually be successfully
compromised unless you do something to prevent that from happening
beforehand.<br>
<br>
The "survival time" shown in the graph thus attempts to estimate the
time interval between <br>
<br>
a) when you connect your system to the Internet <br>
and <br>
b) when your system gets compromised by something, to
be as shown in the graph for the kind of system or app you are using.<br>
<br>
I realize that the 770/N800 OS is only a subset of what is possible to
incorporate into a Linux distro and I am sure that the software and
security engineers at Nokia carefully considered the pros and cons of
different OS components/extensions from a security perspective before
deciding whether or not to include them in the Nokia OS200X
distribution. Having said that, as this community continues its
excellent work to add functionality to the base system, this question
of OS/stack/app hardening and attack surface minimization becomes a
more important issue to consider. And this does not even consider
vulnerabilities introduced by latent software defects (e.g. not
safely/properly dealing with malformed input), which as this community
knows only too well, can lead to openings for attack.<br>
<br>
</font><font face="Arial">It would be interesting to know what, if
anything,
the Nokia development team has in its OS software product plan
regarding further OS/TCP/IP stack/Application hardening. As more end
users come to depend upon this device to perform sensitive tasks (e.g.
online banking) then this issue will move to the forefront of concern
for those users.</font><br>
<br>
<div class="moz-signature">-- <br>
<meta http-equiv="Content-Type" content="text/html; ">
<meta name="ProgId" content="Word.Document">
<meta name="Generator" content="Microsoft Word 10">
<meta name="Originator" content="Microsoft Word 10">
<link rel="File-List"
href="ASN%20End%20of%20Message%20Signature%2004%2022%2006_files/filelist.xml">
<title>Best Regards,</title>
<o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place">
<o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="PersonName"><o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="phone">
<!--[if gte mso 9]><xml>
<o:DocumentProperties>
<o:Author>John B. Holmblad</o:Author>
<o:LastAuthor>John B. Holmblad</o:LastAuthor>
<o:Revision>5</o:Revision>
<o:TotalTime>8</o:TotalTime>
<o:Created>2006-04-22T20:38:00Z</o:Created>
<o:LastSaved>2006-10-20T20:57:00Z</o:LastSaved>
<o:Pages>1</o:Pages>
<o:Words>52</o:Words>
<o:Characters>302</o:Characters>
<o:Company>Televerage International</o:Company>
<o:Lines>2</o:Lines>
<o:Paragraphs>1</o:Paragraphs>
<o:CharactersWithSpaces>353</o:CharactersWithSpaces>
<o:Version>10.6817</o:Version>
</o:DocumentProperties>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:GrammarState>Clean</w:GrammarState>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[
if !mso]><object
classid="clsid:38481807-CA0E-42D2-BF39-B33AF135CC4D" id=ieooui></object>
<style>
st1\:*{behavior:url(#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;
mso-font-alt:"\FF2D\FF33 \660E\671D";
mso-font-charset:128;
mso-generic-font-family:modern;
mso-font-pitch:fixed;
mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
@font-face
{font-family:Papyrus;
panose-1:3 7 5 2 6 5 2 3 2 5;
mso-font-charset:0;
mso-generic-font-family:script;
mso-font-pitch:variable;
mso-font-signature:3 0 0 0 1 0;}
@font-face
{font-family:"\@MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;
mso-font-charset:128;
mso-generic-font-family:modern;
mso-font-pitch:fixed;
mso-font-signature:-1610612033 1757936891 16 0 131231 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"MS Mincho";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;
text-underline:single;}
span.grame
{mso-style-name:grame;}
span.GramE
{mso-style-name:"";
mso-gram-e:yes;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-->
</style><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]--><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="7170"/>
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1"/>
</o:shapelayout></xml><![endif]-->
</o:SmartTagType></o:SmartTagType></o:SmartTagType>
<div class="Section1">
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: Papyrus; color: navy;">Best
Regards,</span><span style=""><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 6pt; font-family: Papyrus; color: navy;"> </span><span
style="font-size: 6pt;"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: Papyrus; color: navy;">John
Holmblad</span><span style=""><o:p></o:p></span></p>
<br>
<p class="MsoNormal"><st1:PersonName><span
style="font-size: 11pt; font-family: Papyrus; color: navy;"></span></st1:PersonName><span
style=""><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: Papyrus; color: navy;"><o:p> </o:p></span></p>
</div>
</div>
</body>
</html>