jvoss@altsci.com
jvoss@myuw.net
May 15, 2007
Official Asterisk bug report
I am releasing the full Asterisk IAX2 exploit framework / alternative implementation. I am giving a talk at Toorcon Seattle 2008 about my findings. Read more about the handshake (and it's failure) at that page.
Although the Asterisk team described a bugfix and mentioned intention to fix this bug, this bug has not been fixed as of Jan 17, 2008 (Tested against 1.4.17). Since the exploit code is widely available through this website, it would seem prudent to fix this if it were indeed a fixable bug. However, it is my opinion that introducing a handshake requirement to the IAX2 protocol would make the protocol far less likely to work with third-party software and hardware.
I am running a vulnerable version at suzy.altsci.com for test (as well as development and actual use) and I intend to keep it running for the purpose of education and disclosure of this vulnerability.
Read more »During January 2-10, I only had to work a few hours and the rest of the time I could spend on my own interests. I worked on a few new projects and looked around the city a bit more.
Read more »New Years is a special holiday for Berlin. Parties are quite numerous and the number of fireworks set off must be incredible. I have 2 videos of the midnight fireworks at Unter den Linden at Videos.
I wrote the last code for my SSH Bruteforce Virus and uploaded it to my site. This was important to me because I cared a lot about the Virus for this trip. I had planned to release it at the 24C3, but I was incredibly ill during the 24C3, so I could barely type a line of code.
It snowed Jan 1st and you can see it was a nice thin layer. That was the start of a cold snap that made it unbearable to go outside for a few days. Though it was 0°ree;C the windchill which pierced even my capeline made it much colder.
Read more »Christmas in Berlin is known as Weinachten. It's a festive time where people hang out in great number downtown and have good fun for the whole family. The markets (markts) are very busy and interesting each with their own unique attraction. The carnival rides were way too dangerous for me to consider riding. I listened to a guy read Red Riding Hood (in German) to a crowd of all ages nearly all drinking gluhwein (aka Glogg or Mullwine). Gluhwein is very tasty (festive taste) and can be either cheap or expensive depending on what it's made of and how much profit the vendor wishes to make. Either way drunkenness ensues for hilarious result.
