4 replies to this topic

[Holmes.Sherlock]

This is a part of the email copied verbatim sent by Nokia Developer website team on behalf of Nokia Corporation

You may have seen reports or received an email from us regarding a recent
security breach on our developer.nokia.com/community discussion forum.
During our ongoing investigation of the incident we have discovered that a
database table containing developer forum members' email addresses has
been accessed, by exploiting a vulnerability in the bulletin board
software that allowed an SQL Injection attack. Initially we believed that
only a small number of these forum member records had been accessed, but
further investigation has identified that the number is significantly
larger.
The database table records includes members? email addresses and, for
fewer than 7% who chose to include them in their public profile, either
birth dates, homepage URL or usernames for AIM, ICQ, MSN, Skype or Yahoo.
However, they do not contain sensitive information such as passwords or
credit card details and so we do not believe the security of forum
members? accounts is at risk. Other Nokia accounts are not affected.
We are not aware of any misuse of the accessed data, but we have
identified that your email address was in one of the records accessed,
though it contained none of the optional information, so we believe that
the only potential impact to you may be unsolicited email. Nokia
apologizes for this incident.
Though the initial vulnerability was addressed immediately, we have now
taken the developer community website offline as a precautionary measure,
while we conduct further investigations and security assessments. We hope
to get the site back online as soon as possible and will post developments
there in the meantime.

[Wonko the Sane]

This is a part of the email copied verbatim sent by Nokia Developer website team on behalf of Nokia Corporation

Sent to whom?

And/or copied verbatim from WHAT/WHERE?


Wonko

[Holmes.Sherlock]

Sent to whom?

Copies of this mail were sent to those who registered themselves as Nokia Developer to the mentioned website. In this particular case, it was sent to Holmes.Sherlock

And/or copied verbatim from WHAT/WHERE?

Copied from the mail which Sherlock received last week.

[Wonko the Sane]

Copied from the mail which Sherlock received last week.

Good.

That was last week.

Today is today:
http://www.developer...TLS-PAP-support

Further to our earlier message regarding the security breach on this developer.nokia.com/community discussion forum, we are pleased to advise that the wiki and blog features of the website are now live again and we are very happy to welcome you back!

The developer community discussion board remains offline as a precautionary measure, while we conduct further investigations and security assessments. We hope to get the discussion board back online as soon as possible and will post developments here in the meantime.

We have now communicated with all affected forum members. Nokia apologizes again for this incident.

If you have any questions on this, please contact Nokia.developer-discussions-support@nokia.com.

The Nokia Developer website team.

Wonko

[Holmes.Sherlock]

Good.

That was last week.

Today is today:
http://www.developer...TLS-PAP-support

Hmm, already know that. But, without the discussion board, it's too hard / time-taking to develop on Nokia platform. Sometimes, the "real" devices behave so erratically than what output is exhibited by the simulators.