lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <5AC3521D.10705@security-explorations.com> Date: Tue, 03 Apr 2018 12:06:21 +0200 From: Security Explorations <contact@...urity-explorations.com> To: fulldisclosure@...lists.org Subject: [FD] [SE-2011-01] Security contact at Canal+ Group ? Hello All, Over the recent month we have been trying (with no success) to obtain information from various entities regarding the replacement process of set-top-box devices conducted by the NC+ operator in Poland [1]. The basis of the above can be found in this message [2]. We have received a key confirmation from NC+ operator that "the goal of a replacement process of set-top-boxes is to improve security level of a broadcasted signal, which is a requirement of agreements signed with content providers". However when we inquired about the basis of charging end-users a monthly fee for a replacement process of flawed (vulnerable to ST chipsets flaws) set-top-box devices, no response was received. So, we asked NC+ for an official contact at the parent company (Canal+ Group). Again, no response was received. We asked CERT-FR (French Government Cert) for assistance and a contact to Canal+ Group and they responded that this is not their role to pass this information to us (CERT-FR directed us to ST, which has not been responding to our messages / refused to provide information regarding impact and addressing of the vulnerabilities found in their chipsets). So, we asked Vivendi, a parent company of Canal+ Group for an official contact where our inquiries could be sent. Again, there was no response. Thus this message. If anyone of you knows a security contact at Canal+ Group where we could direct our inquiries pertaining to security / replacement process of STB devices vulnerable to STMicroelectronics flaws, please let us know. Thank you. Best Regards, Adam Gowdiak --------------------------------------------- Security Explorations http://www.security-explorations.com "We bring security research to a new level" --------------------------------------------- References: [1] SE-2011-01 Vendors status http://www.security-explorations.com/en/SE-2011-01-status.html [2] [SE-2011-01] Regarding liabilities in SW / HW (ST chipsets flaws) http://seclists.org/fulldisclosure/2018/Feb/50 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists