Tag Archives: phone

VoIPTK version 0.2

While testing another IP PBX product I found some bugs in my applications that I have now fixed. While fixing these bugs I also finished some additional changes that I have been working on. I also added an additional method of determining if an account is valid or not that I found while testing the other PBX product.

More details are available under the VoIPTK page.

Asterisk SIP vulnerability

I found a security hole in the Asterisk SIP implementation last week. I was happy to hear that it has already been patched and released. The vulnerability allows an attacker to determine whether a given username is valid or not. With knowledge of existing usernames a more efficient password guessing attack can be mounted against the system.

The full advisory can be read here:
http://downloads.asterisk.org/pub/security/AST-2009-008.html

I have been working on some very basic VoIP tools lately which amongst other things have this attack implemented. I’ll hopefully get to releasing it in the near future.