EnableSecurity

Conferences and meeting up: If anyone's going to make it to RSA Europe on the 27-29th of October drop me a line. Offers for wine, chats on security, beer and anything in between are welcome.

Surf Jack news: I've been getting emails about Surf Jack not working / giving exceptions. The reason is that surfjack.py relies on the excellent scapy tool to do most of its magic, and version 2.0 just came out. A small change to support version 2.0 is available on the svn server. I am still having problems with scapy 2.0 so if you need stability I recommend making use of the old scapy.

Give the latest version of Surf Jack a try:

svn checkout http://surfjack.googlecode.com/svn/trunk/ surfjack-read-only

More information on the attack can be found here and this screencast helps illustrate the point.

SIPVicious news: svwar the PBX extension enumeration tool now includes checks for many common extension numbers. This change increases the chances of finding a valid extension on your target PBX dramatically. More information about the specifics of this update can be found the appropiate blog. Be sure to give the latest version a try by getting it from svn:

svn checkout http://sipvicious.googlecode.com/svn/trunk/ sipvicious-read-only