I am a hacker, a self-employed programmer, an open-source advocate, a scientist, and an independent security researcher.
April 19-27, 2008
This program was written in a few days to solve the issue of watching network traffic in realtime. I split packets into groups of IP, TCP, UDP, and non-IP as well as in/out and update the screen every second. It shows packets per second, kilobits per second, and horizontal lines show how much data. The bars switch to yellow when the traffic increases over 1Mbps and to red when it increases over 5 Mbps.
jvoss@altsci.com
jvoss@myuw.net
May 15, 2007
Official Asterisk bug report
I am releasing the full Asterisk IAX2 exploit framework / alternative implementation. I am giving a talk at Toorcon Seattle 2008 about my findings. Read more about the handshake (and it's failure) at that page.
Although the Asterisk team described a bugfix and mentioned intention to fix this bug, this bug has not been fixed as of Jan 17, 2008 (Tested against 1.4.17). Since the exploit code is widely available through this website, it would seem prudent to fix this if it were indeed a fixable bug. However, it is my opinion that introducing a handshake requirement to the IAX2 protocol would make the protocol far less likely to work with third-party software and hardware.
I am running a vulnerable version at suzy.altsci.com for test (as well as development and actual use) and I intend to keep it running for the purpose of education and disclosure of this vulnerability.
Read more »During January 2-10, I only had to work a few hours and the rest of the time I could spend on my own interests. I worked on a few new projects and looked around the city a bit more.
Read more »
