Actually this is not a vulnerability in the product itself, but if you use Asterisk or one of its derivatives such as TrixBox, you should review your SIP and IAX secrets to make sure they are not the same as your extension numbers. As reported by Kerry Garrison on his blog: There are some new scripts...
A possible glimpse of things to come from Amy Babinchak on her Small Business Tech Notes blog highlights a new type of attack using x.509 certificate s that is on the increase in the USA. Amy speculates that the bad guys are beginning to escalate the security arms race by leveraging some of the technologies...
This superficially amusing article about one customer’s experience with Lloyds Bank Plc actually raises a more interesting security issue. The BBC news article reports (emphasis mine): Lloyds TSB stressed there was no security lapse in this case. A spokesperson said: "On the majority of transactions...
Is your ISP patched against the DNS cache poisoning ( US CERT advisory ) exploit? There are confirmed attacks in the wild . My ISP is patched. I asked them, and actually got an intelligent response. They escalated my ticket and a day later came the response: “Thank you for contacting us And again thanks...
I saw this article in Microsoft's UK Security Newsletter (which you can subscribe to online). Ed Gibson, chief security advisor, relates the following story: The owner of a '.com' web domain name is telephonically contacted by someone claiming to work for a domain registration service. The...
Back in 2000 I was in Fry's Electronics in San Jose, California and I stumbled accross a little device called " U.are.U 2000 ". It was a fingerprint reader and some software that replaced the normal Windows login screen with one that allowed you to use your fingerprint to log in. It was...
I found this article by the Electronic Frontier Foundation (EFF) which claims some laser printer manufacturers are using a form of steganography to essentially 'fingerprint' each page of output, so that it can be traced back to the original printer and, by implication, the owner of the printer...