Re: [on-asterisk] FBI Warning
On Mon, Dec 8, 2008 at 10:48 AM, Bill Sandiford b...@telnetcommunications.com wrote: Anyone else see this? http://www.fiercevoip.com/story/fbi-issues-voip-security-warning-asterisk-which-version/2008-12-07?utm_medium=nlutm_source=internalcmp-id=EMC-NL-FVdest=FV Here is a followup blog post by John Todd. Basically, they didn't follow standard reporting procedure, and re-reported a bug fixed back in March. http://blogs.digium.com/2008/12/06/sip-security-and-asterisk/ -- Leif Madsen. http://www.leifmadsen.com http://www.oreilly.com/catalog/asterisk - To unsubscribe, e-mail: asterisk-unsubscr...@uc.org For additional commands, e-mail: asterisk-h...@uc.org
[on-asterisk] FBI Warning
Anyone else see this? http://www.fiercevoip.com/story/fbi-issues-voip-security-warning-asterisk-which-version/2008-12-07?utm_medium=nlutm_source=internalcmp-id=EMC-NL-FVdest=FV Bill Sandiford Telnet Communications 905-674-2000 x100 [EMAIL PROTECTED] IMPORTANT NOTICE: This message is intended only for the use of the individual or entity to which it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by email and delete the message. Thank you.
Re: [on-asterisk] FBI Warning
Hey, We had a lot of posting about this a few weeks ago about guessing easy extension passwords. This is how hackers access the system to dial thousands of calls for credit card fraud. This note talks about Asterisk, but it can be any PBX system if the extension passwords are not strong enough. It just happen that Asterisk is the most popular one I guess. Cheers. Stephan Monette Unlimitel Inc. Tel.: 613-688-6212. x221 TF : 1-877-464-6638, x221 FAX : 613-482-1077 Bill Sandiford wrote: Anyone else see this? http://www.fiercevoip.com/story/fbi-issues-voip-security-warning-asterisk-which-version/2008-12-07?utm_medium=nlutm_source=internalcmp-id=EMC-NL-FVdest=FV Bill Sandiford Telnet Communications 905-674-2000 x100 [EMAIL PROTECTED] IMPORTANT NOTICE: This message is intended only for the use of the individual or entity to which it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by email and delete the message. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [on-asterisk] FBI Warning
Anyone else see this? http://www.fiercevoip.com/story/fbi-issues-voip-security-warni ng-asterisk-which-version/2008-12-07? utm_medium=nlutm_source=internalcmp-id=EMC-NL-FVdest=FV Hey Bill, No clue...it seems pretty vague. It does refer to a new technique, so I don't think it's what Stephan is referring to with guessing passwords. -- Erik Caneris Tel: 647-723-6365 Fax: 647-723-5365 Toll-free: 1-866-827-0021 www.caneris.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [on-asterisk] FBI Warning
Stephan Monette wrote: This note talks about Asterisk, but it can be any PBX system if the extension passwords are not strong enough. It just happen that Asterisk is the most popular one I guess. Apparently some versions of asterisk exposed usernames of all SIP accounts on a system, so this made brute force attacks easier. -- Best regards, Duane http://www.freeauth.org - Enterprise Two Factor Authentication http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://e164.org - Global Communication for the 21st Century In the long run the pessimist may be proved right, but the optimist has a better time on the trip. signature.asc Description: OpenPGP digital signature