Thursday, August 21, 2008

Homeland Security Dept's PBX hacked?

Ouch! ZDNet have a short article about a misconfigured PBX making 400 calls to some of the hottest countries around: Afghanistan, India, Yemen and Saudi Arabia. Very ugly .. hope that the details emerge. If anyone has more details email me or post here.

Promotional message: SIPVicious is free - test your SIP based PBX before someone else does ;-)

Update: Apparently it consisted of voicemail hacking - you know that thing from the 90s. So no VoIP or SIP involved, just plain old school default pin cracking.

Monday, August 11, 2008

Surf Jack - HTTPS will not save you

Alert: this is not a VoIP security post. Just a repost from EnableSecurity.

I just released a new paper and tool on the subject of web application security.

Check out the blog post (which includes the bonus video everyone loves), and the proof of concept tool itself.

And if you did not do it already, please subscribe to my other site, EnableSecurity's RSS feed.

Sunday, August 10, 2008

New SIPVicious release 0.2.4

Just updated the release of SIPVicious to 0.2.4 to include a couple of bug fixes in svwar and a new feature. The new "--template" parameter allows you to make use of format strings to create more flexible ranges. Some examples include scanning prefixes or suffixes.. which apparently can be quite useful with certain environments ;-)

Many thanks to Teodor Georgiev for his patience and help in making SIPVicious more robust and reliable!

Here's a link to the full Changelog.

Grab the tarball or the zip file.
To upgrade to the svn version simply run "svn update" as usual - enjoy