Full Disclosure mailing list archives
Re: breaking SIP for fun and toll fraud
From: reepex <reepex () gmail com>
Date: Sun, 4 Nov 2007 13:09:48 -0600
On Nov 4, 2007 8:45 AM, Radu State <State () loria fr> wrote:
P is the proxy located at URL: proxy.org
<http://proxy.org> X is the attacker located at URL: attacker.lan.org
V is the victim located at URL: victim.lan.org V is also registered with P under the username victim () proxy org . Step 3) The accomplice Y steps in and invites victim V, and then the victim decides to put X on hold
to make this "exploit" work you need more conditions present than in The Malloc Maleficarum. If Alice sits in bob's lap and bob looks over alices shoulder and sees her type her password and alice does not notice bob then bob has broken the security of the windows login.
POC code: Available ONLY to legitimate VoIP device manufacturers. Will you "step down to them" and send them more of your expert perl? or
will you send them iterative loops in lisp
Humberto Abdelnur, Ph.D student, the Madynes team at INRIA Radu State, Ph.D, the Madynes team at INRIA Olivier Festor, Ph.D the Madynes team at INRIA
phd is the new cissp!
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- breaking SIP for fun and toll fraud Radu State (Nov 04)
- Re: breaking SIP for fun and toll fraud reepex (Nov 04)