Re: MS OCS Security Assessment

[Jason Ostrom <justiceguy () pobox com>]

Hi,

Actually OAT is still being maintained by the company in question.  All 
we need from you is information on how to duplicate / verify the 
problem, and we will fix any potential bugs.

OAT is still an important, valid security tool.  Just because the 
original author left the company, doesn't signify that the tool will no 
longer be supported by the company, even if it's an open source security 
tool.  Help us help you :-)

Jason O.

Francois Yang wrote:
> I'm wondering if anyone know of any tools that I can use to do a
> security assessment for a MS OCS 2007 system using SIP TLS.
> I've found the tool OAT (OCS Assessment Tool), but I'm getting some
> errors and the project is not being maintained anymore and the author
> doesn't work for that company anymore.
> http://voat.sourceforge.net/
>
> I'm basically looking for some kind of tool that will show management
> that OCS should not be allowed from the outside in and what kind of
> damages can be done when it is allowed.
> anything that would show that once inside someone can download
> contacts, send spam, dos, etc....
> OAT would of done a great job if it worked.
>
> Thanks.
>
> Frank
>
>   


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------