Check out this article from TEAM FORREST about explaining SIP Brute Force Attacks in plain English.
Explaining SIP Brute Force Attacks to Non-techs
Reply
Tag Archives: security
Facebook Disconnect
Facebook Disconnect
Facebook, with it’s over 500 million active users, routinely faces concerns over the privacy; specifically the lack of privacy for its members. The Wall Street Journal recently found:
Many of the most popular applications, or “apps,” on the social-networking site Facebook Inc. have been transmitting identifying information—in effect, providing access to people’s names and, in some cases, their friends’ names—to dozens of advertising and Internet tracking companies, a Wall Street Journal investigation has found.
The issue affects tens of millions of Facebook app users, including people who set their profiles to Facebook’s strictest privacy settings. The practice breaks Facebook’s rules, and renews questions about its ability to keep identifiable information about its users’ activities secure.
Spam wars
I r muzikal n delishus
1
spam n. \ˈspam\ unsolicited usually commercial e-mail sent to a large number of addresses
I r muzikal n delishus
Millions of dollars are spent every year by companies and individuals combating spam. Spam filters, email systems with integrated spam management, reviewing spam emails for real emails that got inappropriately flagged, storing spam, deleting spam, reporting spam, it all adds up.
Rackspace WordPress Sites Under Attack
Fanatical Support
Got Rackspace? Got WordPress? If so… you may just have a problem.
We’ve been getting calls today from Rackspace clients (hosting WordPress sites) that have been compromised similarly to the GoDaddy hack a few weeks back. The Unmask Parasites Blog has an excellent article on the attack posted on their, well, their blog.
There are some huge sites that have been hit, and some not-so-large as well (we personally were hit by an earlier attack). In the “Is Cloud the answer” debates, this will surely become an example of how a compromise in the cloud, can devastate an entire farm.
Update 6/19/2010
Shortly after this article was initially posted, Rackspace via their Rackcloud Twitter account posted the following message: Continue reading
VoIP Users Conference SIP Hacks Discussion Brings the Heat
The VoIP Users Conference provides an open-to-all weekly conference call where anyone can engage in discussions related to, well, VoIP. Sometimes the conversations discuss new technologies / products. Sometimes discussions center around implementation. And lately, conversations may focus on security.
Last week, Ward Mundy, Tim Panton, Karl Fife, Leif Madsen, Yours Truly, and many other regulars discussed a SIP Caller ID Injection Hack. As in all conversations, opinions differ. My position about where to best filter this injection differed than Ward Mundy’s thoughts… and, courtesy of the VoIP Users Conference, you can listen to the conversation and form your own opinions.
Although, next time… maybe you’d enjoy actively participating in our conversations rather than listening to the replay. 
→ SIP Hacks: who should filter what, where? (VoIP Users Conference)
(The VoIP Users Conference provides weekly live discussion about VoIP, SIP, Asterisk and all kinds of telephony-related topics every Friday at 12pm EST. For more information, please visit http://vuc.me.)
Thieves Take Control of LifeLock CEO’s Identity
Whoops. My bad.
LifeLock promises to “take control” of your identity — they just don’t tell you who gets to take control. Patrick and I chatted a while back about Todd Davis, the CEO of LifeLock, and how his ads promoting the ability of his company to protect identity, actually helped with the theft of his own. Back in 2007, a gentleman in Texas had used Davis’ identity to obtain a $500.00 without Davis’ knowledge. In fact, Davis only had learned about it after the unpaid loan was sold to a debt collection agency — but that’s old news.
Today, thanks to the Phoenix News Times, we learn that Davis had his identity stolen a grand total of 13 times. Or, at least 13 times that we know of.
With attention grabbing ads that published Davis’ Social Security Number, LifeLock caught the attention of many customers; as well as the FTC — who accused the company of running a scam operation and fined them $12 million dollars.
Additional Reading
SIP Attacks From Amazon EC2 Cloud Continue
Attacks from the cloud.
Just over a month ago, we reported that SIP attacks from the Amazon EC2 cloud were on the rise. While the attacks we received last month were limited to “extension only” registration attempts, one of the attacks we received this morning included what we assume was a standard dictionary attack.
The first attack came from 204.236.245.101. In less than 60 seconds, this IP attempted more than 11,500 registrations against our server. Most of these were 4 digit extensions (download the log (zipped) here). The second attack came from 184.73.4.183. In less than 90 seconds, this IP attempted more than 21,000 registrations against our server; including what we think is a standard dictionary attack complete with root, postmaster, pixadmin, etc. (download the log (zipped) here).
Maybe we could all be a little more neanderthalish?
Our Hero
Early humans found hollowed out rocks to turn into homes, originating the term “Cave men”. 1 This constraint made community difficult, so humans advanced to creating homes from natural materials, such as wood. Primitive homes were modeled on the cave, with nothing but some closed walls and an uncovered opening. Thousands of years of evolution lead us to create doors that open, close, and lock, and windows that allow us to see out and in, then glass to keep what’s out out and what’s in in, then curtains to cover what’s both out and in. In the end, we have the same caves we had before, with our darkness and privacy. Continue reading
FreePBX Security Vulnerability
I do love their logo.
Ward Mundy, of Nerd Vittles / PBX in a Flash fame, warns of a FreePBX Security Vulnerability allowing a system to be compromised simply by displaying a CDR report in the FreePBX browser.
There is a very serious security vulnerability that needs to be patched by loading the very latest version of FreePBX Framework as soon as it becomes available for your version of FreePBX. Just displaying a CDR report in the FreePBX browser could compromise your system.
The 2.5 and 2.6 patches already have been released and probably 2.7 as well. Load this patch IMMEDIATELY!!!
Setup, Module Admin, Check for Updates on Line, Upgrade All
2.5.2.3: #4223 Security Vulnerability
2.6.0.2: #3805, #3707, #4188, #4223 Security Vulnerability
For more information, check out the PBX in a Flash Forum.
McAfee Anti-Virus Goes Bad Lieutenant
Whoops. Our Bad.
McAfee released a “faulty update” this morning causing the security program to believe a good file had gone bad. In what the company calls a “False Positive Issue,” the anti-virus software identifies a good windows file, svchost.exe, as the W32/Wecorl.a virus; causing the system to continuously reboot and lose network access.
At the University Hospital in Syracuse, NY 2,500 computers were affected; however the hospital stated that patient care was not compromised. Other public service/safety organizations were also impacted, including the Kentucky State Police, the National Science Foundation, and Illinois State University.