| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e9d9d4020711041109t5dde8ac3j2c81f074fd5ad4@mail.gmail.com>
Date: Sun, 4 Nov 2007 13:09:48 -0600
From: reepex <reepex@...il.com>
To: "Radu State" <State@...ia.fr>, full-disclosure@...ts.grok.org.uk
Subject: Re: breaking SIP for fun and toll fraud
On Nov 4, 2007 8:45 AM, Radu State <State@...ia.fr> wrote:
>
> P is the proxy located at URL: proxy.org
>
<http://proxy.org> X is the attacker located at URL: attacker.lan.org
>
> V is the victim located at URL: victim.lan.org
>
> V is also registered with P under the username victim@...xy.org
>
> .
>
> Step 3) The accomplice Y steps in and invites victim V, and then
> the victim decides
>
> to put X on hold
>
to make this "exploit" work you need more conditions present than in The
Malloc Maleficarum.
If Alice sits in bob's lap and bob looks over alices shoulder and sees her
type her password and alice does not notice bob then bob has broken the
security of the windows login.
> POC code:
>
>
>
> Available ONLY to legitimate VoIP device manufacturers.
>
>
>
> Will you "step down to them" and send them more of your expert perl? or
will you send them iterative loops in lisp
>
> Humberto Abdelnur, Ph.D student, the Madynes team at INRIA
>
> Radu State, Ph.D, the Madynes team at INRIA
>
> Olivier Festor, Ph.D the Madynes team at INRIA
>
>
>
phd is the new cissp!
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists