lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAHKQagHimcBK7Cvw8m-pBeWO48hQjU9XiuAYwX=Nce9DSFD60g@mail.gmail.com>
Date: Thu, 24 Oct 2013 20:19:24 +0100
From: "Cal Leeming \[Simplicity Media Ltd\]" <cal.leeming@...plicitymedialtd.co.uk>
To: bugtraq <bugtraq@...urityfocus.com>
Subject: Re: RPS/APS vulnerability in snom/yealink and others

The video was taken down by the the conference organizer at the
request of a vendor.

It has now been re-uploaded and can be seen here;
http://www.youtube.com/watch?v=2yN_-g-0PAk

The video has been split into two parts due to YouTube HD restrictions.

Enjoy and apologies for the delay in getting this fixed

Cal

On Wed, Oct 23, 2013 at 11:10 PM, Cal Leeming [Simplicity Media Ltd]
<cal.leeming@...plicitymedialtd.co.uk> wrote:
> Hello,
>
> Discovered a vulnerability that allows for hundreds of thousands of
> SIP accounts to be compromised remotely.
>
> Found a year ago, partial vendor fixes but still vuln as of today,
> disclosed a few hours ago exclusively to the FreeSWITCH community -
> 23rd Oct 2013.
>
> Live disclosure can be seen here;
> http://www.youtube.com/watch?v=raXkHi_uGF8
>
> Slides are here;
> https://www.dropbox.com/s/hp5fj7e7o1mdnyt/Auto%20provisioning%20sucks.pptx
>
> Cal

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ