[Asterisk-Dev] Security issue mumblings
John Todd
jtodd at loligo.com
Sun Nov 6 12:48:32 MST 2005
[sent to -dev first to avoid total devolution into wild speculation
and nonsense on -users]
http://www.accessintel.com/cgi-bin/press/show.cgi?1130972376
Can anyone here speak more clearly on this otherwise un-useful list
of assertions as to "security flaws with VoIP" specifically
referencing Asterisk? The lack of a protocol discussion is
suspicious - VoIP is not homogenous. The other term of "billing
code" is also suspicious - I can't recall a "billing code" field in
my SIP packets. CCM is mentioned - is this an SCCP issue?
Perhaps most importantly (and relevant to -dev) is this an issue that
can be resolved or patched within Asterisk, or is it that Asterisk is
being used as the toolset to wedge into other platforms?
Please respond to this post with real data if you have it; guesses
and speculation are just noise.
JT
More information about the asterisk-dev
mailing list