Skip Links

Network World

Matthew Nickasch

Asterisk Vishing Vulnerability Vague, Unfounded

By Matthew Nickasch on Tue, 12/09/08 - 8:36am.
Newsletter Signup

Those of you who frequently follow the IP-PBX and enterprise communications news feeds most likely have heard about the recently-issued "warning" by the Internet Crime Complaint Center about a "vishing vulnerability" and the Asterisk IP-PBX platform.

While a headline like this certainly makes good news and generates lots of site hits, it comes rather unfounded to the ears of the community. In March 2008, a security-related and hardly reproducible advisory was made public, and addressed by Digium, although no exploits were identified at that time. This recently-published security alert by the I3C & FBI on Friday of last week possibly re-surfaces the existing advisory and attempts to link the increase in "vishing" (voice phishing) threats and the Asterisk platform in some way.

Bottom line: Any platform with weak passwords, unpatched versions, and poor management can be susceptible to hacking, mischief, and "voice phishing". If an enterprise Avaya or Cisco platform is left unprotected, the same threats are certainly possible, as with any IT platform connected to the Internet today. Poor communication and unfounded threats from the Internet Crime Complaint Center can generate an unnecessary amount of attention on a previously-addressed issue.

For more information, I highly recommend John Todd's blog post on this very topic on the Digium site.

Your thoughts and comments are always welcome and appreciated!

Post new comment

The content of this field is kept private and will not be shown publicly.
  • You can use BBCode tags in the text.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <p> <strong> <i> <br /> <br> <ul> <ol> <li> <dl> <dt> <dd> <blockquote>

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Welcome, visitor. Register Log in
Advertisement:
About Considering Convergence
Matthew Nickasch is an independent consultant and analyst in the IP communication and convergence fields. His current and previous consulting experience includes systems architecture, virtualization, telecommunications, and converged networks for the financial, education, and healthcare industries. In addition to his consulting responsibilities, he has been active in the research realm, recently publishing and presenting on topics including routing protocol security and ERP and transactional database auditing. While his interests include directory services and corporate compliance, Nickasch's focus is on converged networks and IP communications.
Blog Roll
Inside the Asterisk
http://blogs.digium.com/
Hyperconnectivity
http://www.hyperconnectivity.com/
Nearpoints
http://www.networkworld.com/community/mathias