Language is supposed to make ideas clearer so that we can understand them. But when politicians such as Colin Powell, George W. Bush, and Tony Blair get hold of language, their aim is usually the opposite. That's how they persuade us to take ludicrous concepts seriously. Like the whole idea of a 'war on terrorism'. You can wage war against another country, or on a national group within your own country, but you can't wage war on an abstract noun. How do you know when you've won? When you've got it removed from the Oxford English Dictionary?

Full Story:
http://www.observer.co.uk/iraq/story/0,12239,901102,00.html

Security Advisory

Advisory Name: Nokia 6210 DoS SMS Issue
Release Date: 02/25/2003
Application: Nokia 6210
Platform: Nokia 6210
Severity: An attacker is able to cause a 6210 to crash
Author: Ollie Whitehouse [ollie@atstake.com]
Vendor Status: Vendor has supplied attack recovery procedure
CVE Candidate: CVE Candidate number applied for
Reference: www.atstake.com/research/advisories/2003/a022503-1.txt


Overview:

Nokia's (http://www.nokia.com) 6210 handset is a cellular
ME designed for business users supporting GSM and HSCSD, data
services and vCard extensions to SMS. VCards are common attachments
used for exchanging address book information between parties which
support RFC2426 (http://www.faqs.org/rfcs/rfc2426.html). This
includes products from Microsoft, Netscape and Lotus (although these
products are not affected by this advisory).

There is a vulnerability which allows an attacker to send a malicous
vCard to a handset, causing to crash in one of three ways.

This is a good example of why all newly introduced product
functionality should be reviewed to ensure that no new security
vulnerabilities will also be introduced. A cursory souce code
audit would find an error of this type.


Details:

There is a format string vulnerability in the processing of Multi-
Part vCards. When the phone receives vCard fields containing many
format string characters the phone will crash in one of 3 ways:

- SMS Receiver handler will die
- Phone will lock up, requiring battery to be removed
- Phone will automatically restart


Vendor Response:

Response to the security advisory "Nokia 6210 DoS SMS Issue"
submitted by @stake Inc. in January 2003:

Some users of the Nokia 6210 may potentially experience an error when
someone deliberately sends a specially created non-standard Business
Card-text message to the phone. The error causes the Nokia 6210 to
either a) crash b) show corrupted business card with ill-behaving
user interface or c) reject the business card and all the following
business cards, non-standard or not. Users will recover from the
error if they restart the phone by removing the battery. There is no
damage caused to the phone memory, software or stored data. The error
affects the Nokia 6210 with SW version 05.27 or above.

The possibility of this error occuring is very remote, as it is
depending on the potential attacker's ability to create and send
malformatted Business Cards over the air to the Nokia 6210 mobile
phone. In addition it is very simple to deal with the error, as the
user only needs to restart the phone by removing the battery and
there is no damage caused to the phone memory, software or stored
data. Due to these reasons, Nokia currently has no plans to issue a
software fix for this error caused by an intentional action of a
person.


Recommendation:

Operators should look to deploy SMS proxies ensuring that
all user supplied SMSes are correctly formed and that any malformed
SMSes are not recieved by the SMSC.

http://www.hungover.net/