by Joel R. Voss aka. Javantea
jvoss@altsci.com
jvoss@myuw.net
May 15, 2007
Official Asterisk bug report
I am releasing the full Asterisk IAX2 exploit framework / alternative implementation. I am giving a talk at Toorcon Seattle 2008 about my findings. Read more about the handshake (and it's failure) at that page.
Although the Asterisk team described a bugfix and mentioned intention to fix this bug, this bug has not been fixed as of Jan 17, 2008 (Tested against 1.4.17). Since the exploit code is widely available through this website, it would seem prudent to fix this if it were indeed a fixable bug. However, it is my opinion that introducing a handshake requirement to the IAX2 protocol would make the protocol far less likely to work with third-party software and hardware.
I am running a vulnerable version at suzy.altsci.com for test (as well as development and actual use) and I intend to keep it running for the purpose of education and disclosure of this vulnerability.
Read more »
by Javantea aka. Joel R. Voss
August 16, 2007
Source Code not yet available.
Collisions in hashes are quite bad news for cryptographers. Finding them is quite difficult. The current best attack against SHA1 requires 2**69 operations.
a is an array of plaintexts.
The likeliness of a collision is a function of len(a).
sha1mod1.py sha1 hashes the plaintexts modulus x.
It counts the collisions.
Plotted here is x vs collisions(x).
Joel R. Voss
jvoss@myuw.net
I have a box in <company>'s rack (207.244.153.137). I have noticed that although everything works perfectly (431 days uptime) I have a problem with data transfer rates to machines in the Westin (2ms and 4 hops away). I suspect that there is some type of router that is seriously mucking stuff up with the link. It makes sense that it'd be on your turf. I thought I'd let you know and see what you think. It's quite likely that I'll be moving my server to the Westin soon, but it is important for you to ensure proper workings of your systems. Also if I ever want to host something in Bothell, I'd go with your company.
From DSL, I can get 140KB/s from my server in <company>'s rack or from the Westin. From my server in <company>'s rack, I get uneven 40KB/s and 80KB/s from the Westin. It is very pronounced. What is going on?
Read more »Network Mapping 4
by Joel R. Voss aka. Javantea
jvoss@altsci.com
jvoss@myuw.net
May 13, 2007
Source not yet available. It will be available soon.
Visualization of networks is an interesting topic whether the networks are intranet, ethernet, real world, social or inside a program tree. I have written software that simply maps data arbitrarily so that it can be seen. It sorts itself and is very quick. It outputs to SVG, which can be scaled, accessed via xml dom, modified, regexed, and output to raster formats (PNG, GIF, JPEG, etc).
