Penetration Testing mailing list archives
RE: Tools for voicemail testing?
From: "Todd A. Jacobs" <nospam-keyword-securityfocus.7d8038 () codegnome org>
Date: Fri, 6 Jun 2003 18:02:31 -0700 (PDT)
On Wed, 4 Jun 2003, Stephan Barnes wrote:
If you do proceed on to actually do the testing, instead of trying to do a full keyspace search my suggestion is to use password sampling and patterns. I have examples in the voicemail hacking section (Hacking
This is a great approach for vulnerability assessment. On the other hand, if one of the goals of penetration test is "break the CEO's mailbox" rather than "find out if we have any insecure VMBs" then a brute force approach, even if only semi-automated, is probably going to yield better results. In and of itself, this isn't really all that valuable. But if you're coordinating a pen-test simulating a competitive intelligence attack, breaking a specific target mailbox (as opposed to any mailbox) can be a real eye-opener for the client. I agree with your main point. I would restate it this way: most of the time, security dollars are better spent on auditing and defense-in-depth rather than penetration testing. Having said that, the customer is (almost) always right. :) -- The DMCA is anti-consumer. The RIAA has no right to rewrite copyright laws to suit themselves. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Tools for voicemail testing? Todd A. Jacobs (Jun 02)
- Re: Tools for voicemail testing? Mark Rowe (Jun 03)
- Re: Tools for voicemail testing? Chris Hall (Jun 03)
- <Possible follow-ups>
- Re: Tools for voicemail testing? Cory . Bys (Jun 02)
- RE: Tools for voicemail testing? Rob Shein (Jun 02)
- Re: Tools for voicemail testing? Alexandre Bezroutchko (Jun 03)
- RE: Tools for voicemail testing? Stephan Barnes (Jun 04)
- RE: Tools for voicemail testing? Todd A. Jacobs (Jun 09)