Connect

Clear F5 Bigip LCD warning from remote

2011-10-18T22:46:00.000+02:00

Sometimes it may be desirable to clear the warning that appear on the F5 LCD panel from remote.
This can be achieved easily by entering the following statement over an SSH session:

for i in 0 1 2 3 4; do for j in 0 1 2 3 4; do lcdwarn -c"${i}" "${j}"; done; done

CUCM SIP Transparency and Normalization Lua scripting

2011-07-18T21:55:00.010+03:00

Cisco Unified CM is a Business to Business User Application (B2BUA). Therefore, any SIP to SIP call consists of 2 SIP dialogs. It is often useful to pass information from one dialog to the other during the life of the dialogs. This includes call setup, mid call, and end of call messaging. Using the pass through object described, it is possible to trigger transparent pass through of information on from one SIP dialog (representing 1 of the call legs) to the other.

The snippet below is an example of a script I used in order to transparently pass through an arbitrary header ("Subject" in this case) in an INVITE message from the inbound call to the outbound call leg.

B = {}
function B.inbound_INVITE(msg)
local pt = msg:getPassThrough()
local Subject = msg:getHeader("Subject")
if pt and Subject
then
pt:addHeader("X-Subject", Subject)
end
end
function B.outbound_INVITE(msg)
local Subject = msg:getHeader("X-Subject")
if Subject
then
msg:addHeader("Subject", Subject)
msg:removeHeader("X-Subject")
end
end
return B

Toll fraud with CDR field separator injection - part I

2011-04-10T18:49:00.011+03:00

Overview

In case you ever worked with or for a service provider you probably know that CDR (Call Detail record) integrity is one of the most important issues.

The reason why CDR is so important is because it is the most common way for a provider to meter and record service consumption.

Normally, in post-paid billing scheme, when a subscriber places a call, the provider's switch generates a call record.
Most often the CDR file is a delimited flat file where each record in the file describes a single call (or call leg) and includes details such as - was the called answered or not, how much time did the call last, who was the calling party, what was the destination and lots of additional information regarding the call.

Periodically, the provider's billing system (directly or via a mediation system) parses the CDRs resulting in the charges associated with each record/call .

It is not hard to guess that if a call record for a specific call is missing or cannot be properly parsed by the billing system - the consuming entity (subscriber or peering partner) can avoid the charges associated with the call and the provider serving the call potentially loses revenue.

As previously mentioned, the CDR holds many details about the call. some of these details are actually taken from the signaling messages used throughout the call.
this is where it gets interesting - signaling messages may originate from possibly untrusted entities such as peering partner switches and subscribers. so it leads to the fact that potentially untrusted entities can affect the content of the most important information of a for-profit provider - the CDR.
Back in the old PSTN days this was less of a worry, ISDN Q.931 and SS7 ISUP were inherently limited in the information that could be injected into signaling messages. protocols were less extensible and specs were clearer and didn't update so often.
Going on to SIP, things are a bit easier for the malicious user - many fields in signaling messages can hold alphanumeric values, protocol specs tend to change frequently and when it comes to header field format validation in SIP stacks and application, well it nothing to write home about.

In part II I'll provide intimate details of a remote vulnerability I've discovered in known class 4 switch that allows a remote SIP peer to place international calls while avoiding termination charges by CDR corruption.
Note to blackhats and fraudsters - the vendor had been notified of this specific vulnerability, so don't hold your breath.

Egypt unrest - network point of view

2011-01-29T17:34:00.008+02:00

http://stat.ripe.net/egypt/

http://bgpmon.net/blog/?p=450

http://extraexploit.blogspot.com/2011/01/egypt-telecom-as-isolation-bgplay-show.html

http://asert.arbornetworks.com/2011/01/egypt-loses-the-internet/

http://www.renesys.com/blog/2011/01/egypt-leaves-the-internet.shtml

התקפת פישינג בפייסבוק

2010-06-05T03:22:00.006+03:00

שימו לב שמתבצע נסיון הונאה בפייסבוק, כאשר המטרה היא גנבת סיסמאות לחשבון הפייסבוק.

ההונאה עובדת בצורה הבאה:
מופיע לינק מאחד החברים המפנה לאתר מחוץ לפייסבוק.

באתר החיצוני מוצגת תמונה. לחיצה על התמונה מוליכה לקישור שנראה כמו דף הכניסה של פייסבוק, אך למעשה מדובר בהעתק זדוני (ראו הדגשה בצהוב).

משתמש המבצע כניסה לאתר הזדוני למעשה חושף את שם המשתמש והסיסמא לפייסבוק ולאחר מכן מופנה לדף חיצוני כלשהו.

הגורם הזדוני משתמש בזהות של הקורבן ובעזרתו מפרסם את הקישור הזדוני לחברים נוספים.

התראה בנוגע להתקפות על רשתות ואתרים המזוהים עם ישראל

2010-05-31T23:02:00.007+03:00

חברים שימו לב שלאור המצב יש עליה בהתקפות על אתרים בעלי זהות ישראלית מצד גורמים טורקים.

אני ממליץ למנהלי רשת / אבט"מ של אתרים המזוהים עם ישראל לשקול ביצוע חסימה זמנית של הגישה מכתובות טורקיות.

כמובן שהדבר אינו מספק הגנה מלאה שכן האתר עדיין חשוף להתקפות דרך פרוקסי או בוטנט.

לחילופין, בהנחה בהאתר מיועד לקהל ישראלי בלבד, ניתן לאפשר גישה רק לטווחי הרשתות הישראליות. שיטה זו עדיפה בהתמודדות עם התקפות של גורמי חו"ל אך חשוב לשים לב שקיימת אפשרות לטעויות בזיהוי, דהיינו מניעת גישה מישראלים או גורמים מורשים אחרים שהכתובות שלהם אינן מופיעות ברשימה מסיבה זו או אחרת.

בכל מקרה, יש לבצע בדיקה בסביבה מבוקרת לפני הפעלה של הגבלת הגישה על המערכת החיה והדבר הוא על אחריות המשתמש בלבד.

* עדכון - קיימים מספר דיווחים על כך שרבות מההתקפות מגיעות מהכתובות של טורק טלקום. הכתובות הללו נכללות ברשימה למטה כך שאתרים שכבר ישמו את החסימה המוצעת אינם חשופים להתקפות מספק זה.

להלן רשימת הרשתות הטורקיות

# Total Networks: 319
# Total Subnets: 11,228,096
62.29.0.0/17
62.108.64.0/19
62.244.192.0/18
62.248.0.0/17
77.67.128.0/17
77.72.184.0/21
77.73.216.0/21
77.75.32.0/21
77.75.216.0/21
77.79.64.0/18
77.92.0.0/19
77.92.96.0/19
77.92.128.0/19
77.223.128.0/19
77.245.144.0/20
78.40.224.0/21
78.111.96.0/20
78.135.0.0/17
78.160.0.0/11
79.98.128.0/21
79.99.176.0/21
79.123.128.0/17
79.170.168.0/21
79.171.16.0/21
80.71.128.0/20
80.93.208.0/20
80.251.32.0/20
80.253.240.0/20
81.6.64.0/18
81.8.0.0/17
81.21.160.0/20
81.22.96.0/20
81.91.16.0/20
81.91.112.0/20
81.212.0.0/14
82.145.224.0/19
82.150.64.0/19
82.151.128.0/19
82.222.0.0/16
83.66.0.0/16
84.17.64.0/19
84.44.0.0/17
84.51.0.0/18
85.29.0.0/18
85.95.224.0/19
85.96.0.0/12
85.119.32.0/21
85.119.64.0/21
85.153.0.0/16
85.158.96.0/21
85.159.64.0/21
85.159.72.0/21
85.235.64.0/19
86.108.128.0/17
87.251.0.0/19
88.224.0.0/11
89.19.0.0/19
89.106.0.0/19
89.107.224.0/21
89.252.128.0/18
90.158.0.0/15
91.93.0.0/16
91.102.160.0/21
91.142.142.0/24
91.151.80.0/20
91.188.192.0/18
91.191.160.0/20
91.195.138.0/23
91.198.49.0/24
91.198.61.0/24
91.198.124.0/24
91.198.185.0/24
91.198.189.0/24
91.199.73.0/24
91.199.111.0/24
91.199.166.0/24
91.199.191.0/24
91.208.61.0/24
91.208.70.0/24
91.208.199.0/24
91.208.206.0/24
91.212.178.0/24
91.213.1.0/24
91.213.245.0/24
91.213.253.0/24
91.213.254.0/24
91.216.91.0/24
91.216.119.0/24
92.42.32.0/21
92.43.80.0/21
92.44.0.0/15
92.61.0.0/20
92.63.0.0/20
93.89.16.0/20
93.89.64.0/20
93.91.64.0/20
93.93.24.0/21
93.94.192.0/21
93.94.248.0/21
93.95.176.0/21
93.155.0.0/17
93.182.64.0/18
93.184.144.0/20
93.186.112.0/20
93.187.64.0/21
93.187.200.0/21
93.190.120.0/21
93.190.216.0/21
94.54.0.0/15
94.73.128.0/18
94.78.64.0/18
94.79.64.0/18
94.101.80.0/20
94.102.0.0/20
94.102.64.0/20
94.103.32.0/20
94.120.0.0/14
94.138.192.0/19
94.199.32.0/21
94.199.200.0/21
95.0.0.0/12
95.65.128.0/17
95.70.128.0/17
95.128.56.0/21
95.130.168.0/21
95.142.128.0/20
95.173.0.0/19
95.173.160.0/19
95.183.128.0/17
109.232.216.0/21
109.235.248.0/21
178.18.192.0/20
178.22.8.0/21
178.233.0.0/16
178.240.0.0/13
188.3.0.0/16
188.38.0.0/16
188.41.0.0/16
188.56.0.0/14
188.64.208.0/21
188.95.144.0/21
188.124.0.0/19
188.125.160.0/19
188.132.128.0/17
193.0.61.0/24
193.23.156.0/24
193.25.124.0/23
193.28.225.0/24
193.34.132.0/23
193.36.0.0/24
193.36.39.0/24
193.36.184.0/24
193.37.135.0/24
193.37.154.0/24
193.41.2.0/23
193.42.216.0/24
193.58.236.0/24
193.104.13.0/24
193.104.109.0/24
193.104.124.0/24
193.104.130.0/24
193.104.138.0/24
193.104.201.0/24
193.105.78.0/24
193.105.208.0/24
193.105.211.0/24
193.105.234.0/24
193.105.243.0/24
193.108.213.0/24
193.109.134.0/23
193.110.170.0/23
193.110.208.0/21
193.140.0.0/16
193.143.226.0/24
193.150.165.0/24
193.164.9.0/24
193.186.208.0/24
193.188.198.0/23
193.189.142.0/24
193.192.96.0/19
193.200.134.0/24
193.200.170.0/24
193.200.180.0/24
193.200.188.0/24
193.201.128.0/22
193.201.149.192/26
193.201.157.0/25
193.202.18.0/24
193.202.120.0/24
193.218.113.0/24
193.218.200.0/24
193.223.76.0/24
193.243.192.0/19
193.254.228.0/23
193.254.252.0/23
193.255.0.0/16
194.0.130.0/24
194.0.142.0/24
194.0.178.0/24
194.0.202.0/24
194.9.174.0/24
194.24.168.0/23
194.24.224.0/23
194.27.0.0/16
194.29.208.0/21
194.36.160.0/24
194.50.84.0/24
194.50.179.0/24
194.54.32.0/19
194.60.73.0/24
194.69.206.0/24
194.107.22.0/24
194.110.150.0/24
194.110.213.0/24
194.125.232.0/22
194.126.230.0/24
194.140.227.0/24
194.169.253.0/24
194.242.32.0/24
195.8.109.0/24
195.33.192.0/18
195.39.224.0/23
195.46.128.0/19
195.49.216.0/21
195.85.242.0/24
195.85.255.0/24
195.87.0.0/16
195.95.149.0/24
195.95.160.0/24
195.95.179.0/24
195.112.128.0/19
195.114.108.0/23
195.128.32.0/21
195.128.254.0/23
195.137.222.0/23
195.138.222.0/24
195.140.196.0/22
195.142.0.0/16
195.149.85.0/24
195.149.116.0/24
195.155.0.0/16
195.174.0.0/16
195.175.0.0/16
195.177.206.0/23
195.177.230.0/23
195.182.25.0/24
195.182.42.0/24
195.190.20.0/24
195.191.118.0/23
195.200.222.0/24
195.214.128.0/18
195.216.232.0/24
195.234.52.0/24
195.234.165.0/24
195.244.32.0/19
195.245.227.0/24
212.2.192.0/19
212.12.128.0/19
212.15.0.0/19
212.29.64.0/18
212.31.0.0/19
212.50.32.0/19
212.57.0.0/19
212.58.0.0/19
212.64.192.0/19
212.65.128.0/19
212.68.32.0/19
212.79.96.0/20
212.98.0.0/19
212.98.192.0/18
212.101.96.0/19
212.108.128.0/19
212.109.96.0/19
212.109.224.0/19
212.115.0.0/19
212.125.0.0/19
212.127.96.0/19
212.133.128.0/17
212.146.128.0/17
212.154.0.0/17
212.156.0.0/16
212.174.0.0/16
212.175.0.0/16
212.252.0.0/16
212.253.0.0/16
213.14.0.0/16
213.43.0.0/16
213.74.0.0/16
213.128.64.0/19
213.139.192.0/19
213.139.224.0/19
213.142.128.0/19
213.143.224.0/19
213.144.96.0/19
213.148.64.0/19
213.153.128.0/19
213.153.160.0/19
213.153.192.0/18
213.155.96.0/19
213.161.128.0/19
213.186.128.0/19
213.194.64.0/18
213.211.0.0/19
213.232.0.0/18
213.238.128.0/18
213.243.0.0/19
213.243.32.0/19
213.248.128.0/18
213.254.128.0/19
217.17.144.0/20
217.31.224.0/20
217.31.240.0/20
217.64.208.0/20
217.68.208.0/20
217.116.192.0/20
217.131.0.0/16
217.169.192.0/20
217.174.32.0/20
217.195.192.0/20

להלן רשימת הרשתות הישראליות

# Total Networks: 270
# Total Subnets: 4,747,712
46.116.0.0/15
46.120.0.0/15
62.0.0.0/16
62.56.128.0/17
62.90.0.0/16
62.122.224.0/21
62.128.32.0/19
62.219.0.0/16
77.124.0.0/14
79.176.0.0/13
80.70.128.0/20
80.74.96.0/20
80.74.112.0/20
80.178.0.0/15
80.230.0.0/16
80.244.160.0/20
80.246.128.0/20
80.250.144.0/20
81.5.0.0/18
81.199.0.0/16
81.218.0.0/16
82.80.0.0/15
82.102.128.0/18
82.166.0.0/16
83.130.0.0/16
83.143.8.0/21
84.94.0.0/15
84.108.0.0/14
84.228.0.0/15
85.64.0.0/15
85.130.128.0/17
85.159.160.0/21
85.250.0.0/16
87.68.0.0/14
89.138.0.0/15
91.90.128.0/20
91.135.96.0/20
91.143.224.0/20
91.193.4.0/22
91.193.48.0/22
91.194.4.0/23
91.194.114.0/23
91.195.162.0/23
91.196.84.0/22
91.197.60.0/22
91.197.100.0/22
91.198.5.0/24
91.198.70.0/24
91.198.129.0/24
91.198.205.0/24
91.198.254.0/24
91.199.29.0/24
91.199.53.0/24
91.199.69.0/24
91.199.94.0/24
91.199.99.0/24
91.199.100.0/24
91.199.119.0/24
91.199.202.0/24
91.199.215.0/24
91.200.144.0/22
91.202.168.0/22
91.203.120.0/22
91.205.152.0/22
91.206.170.0/23
91.207.34.0/23
91.207.90.0/23
91.207.206.0/23
91.207.240.0/23
91.208.86.0/24
91.208.118.0/24
91.208.129.0/24
91.208.139.0/24
91.208.140.0/24
91.208.147.0/24
91.208.218.0/24
91.209.113.0/24
91.209.182.0/24
91.212.76.0/24
91.212.114.0/24
91.212.189.0/24
91.213.152.0/24
91.213.176.0/24
91.214.100.0/22
92.61.224.0/20
92.240.0.0/19
93.157.80.0/21
93.172.0.0/15
93.175.32.0/19
94.127.72.0/21
94.159.128.0/17
94.188.128.0/17
94.230.80.0/20
95.35.0.0/16
95.86.64.0/18
95.129.32.0/21
95.142.16.0/20
95.175.32.0/19
95.215.128.0/22
109.64.0.0/14
109.95.128.0/21
109.160.128.0/17
109.186.0.0/16
109.226.0.0/18
109.234.16.0/21
109.253.0.0/16
147.237.0.0/16
178.249.104.0/21
188.64.96.0/21
188.64.200.0/21
188.120.128.0/19
192.114.84.0/22
192.114.160.0/19
192.116.192.0/18
192.117.128.0/18
193.16.147.0/24
193.17.42.0/24
193.17.68.0/24
193.17.74.0/24
193.22.80.0/24
193.27.92.0/23
193.28.155.0/24
193.30.161.0/24
193.33.16.0/23
193.33.234.0/23
193.34.56.0/22
193.36.176.0/24
193.37.128.0/23
193.37.130.0/24
193.39.79.0/24
193.41.202.0/24
193.41.208.0/23
193.43.244.0/22
193.46.64.0/24
193.47.165.0/24
193.47.248.0/24
193.93.96.0/22
193.104.44.0/24
193.104.62.0/24
193.104.77.0/24
193.104.115.0/24
193.104.117.0/24
193.104.119.0/24
193.104.147.0/24
193.105.99.0/24
193.105.199.0/24
193.106.52.0/22
193.106.204.0/22
193.108.195.0/24
193.108.211.0/24
193.109.78.0/23
193.109.82.0/24
193.110.2.0/23
193.138.92.0/24
193.142.151.0/24
193.169.70.0/23
193.169.88.0/23
193.169.104.0/23
193.169.246.0/23
193.178.218.0/24
193.178.220.0/24
193.186.2.0/24
193.186.163.0/24
193.200.30.0/24
193.200.154.0/24
193.201.155.128/25
193.222.129.0/24
193.238.28.0/22
193.238.188.0/22
193.238.208.0/22
193.239.108.0/22
193.243.183.128/26
193.254.206.0/23
194.1.145.0/24
194.8.76.0/23
194.8.88.0/23
194.11.19.0/24
194.29.32.0/20
194.50.71.0/24
194.50.175.0/24
194.54.168.0/22
194.56.215.0/24
194.88.136.0/23
194.90.0.0/19
194.90.32.0/19
194.90.64.0/18
194.90.128.0/17
194.110.249.0/24
194.116.226.0/23
194.116.230.0/23
194.150.218.0/23
194.153.101.0/24
194.177.16.0/22
194.187.84.0/22
194.213.4.0/24
194.242.24.0/23
194.247.166.0/23
195.2.250.0/23
195.10.194.0/24
195.10.220.0/24
195.10.222.0/24
195.22.148.0/23
195.28.166.0/23
195.28.180.0/23
195.35.85.0/24
195.60.176.0/23
195.60.232.0/22
195.62.18.0/23
195.62.30.0/23
195.66.118.0/24
195.69.236.0/22
195.72.116.0/21
195.82.128.0/23
195.88.234.0/23
195.93.234.0/23
195.95.183.0/24
195.110.40.0/23
195.128.176.0/23
195.137.164.0/24
195.160.240.0/22
195.177.108.0/22
195.182.33.0/24
195.189.140.0/23
195.189.192.0/23
195.190.19.0/24
195.190.23.0/24
195.191.52.0/23
195.200.92.0/23
195.200.205.0/24
195.200.238.0/23
195.211.68.0/22
195.216.252.0/24
195.225.46.0/23
195.225.62.0/23
195.234.26.0/23
195.242.118.0/23
195.242.174.0/24
195.244.22.0/23
195.245.108.0/23
195.250.33.0/24
195.250.47.0/24
204.52.208.0/24
212.25.64.0/19
212.25.96.0/19
212.29.192.0/19
212.29.224.0/19
212.48.64.0/19
212.68.128.0/19
212.76.96.0/19
212.116.160.0/19
212.117.128.0/19
212.143.0.0/16
212.150.0.0/16
212.179.0.0/17
212.179.128.0/17
212.199.0.0/17
212.199.128.0/17
212.235.0.0/18
212.235.64.0/18
213.8.0.0/16
213.57.0.0/16
213.137.64.0/19
213.151.32.0/19
213.173.32.0/19
217.21.64.0/20
217.21.80.0/20
217.22.112.0/20
217.65.32.0/20
217.132.0.0/16
217.194.192.0/20

FBI unveils International toll fraud organization

2009-06-14T07:13:00.004+03:00

A cross continent toll fraud operation was uncovered by FBI and national law enforcement agencies in Italy, Philippines and other countries.
The investigation has been ongoing since 2006 and relates to conduct ranging from October 2005 through December 2008.

The scam financiers, Pakistani nationals residing in Italy hired the services of professional crackers-for-hire and paid the amount of $100 for each PBX they could break into. Those financiers allegedly used the compromised systems to transmit over 12 million minutes of telephone calls valued at more than $55 million over the hacked networks of victim corporations in the United States alone.

Canadian IT company hit with $52,000 bill on toll fraud

2009-06-13T03:26:00.003+03:00

SG Magazine bring the same old story we've heard before. misconfigured PBX, voice mail system with default or easy to guess PIN codes, unneeded options turned on (dial out via voice mail system TUI) and one or more individuals eager to make calls to Bulgaria on the expense of the unsuspecting Winnipeg-based HUB Computer Solutions.

Canadian SMBs suffer huge losses on toll fraud

2009-06-12T04:26:00.003+03:00

The Hamilton Spectator reports that several small businesses on the Hamilton Mountain suffer huge loses due to voice mail toll fraud. now these cases are a few month old, but I'll still post it for reference.

The phreaker exploited weak/default PIN codes protecting the voice mail system and were able to dial in to the voice mail system and originate an outgoing international call, in similar to DISA or call forward exploits. it is also a reminder that toll fraud was here long before IPT.

These cases really sums up the recipe for a good toll fraud:

PBX and added value components configured in an insecure manner
Unneeded services and options are left on by default
Weak authentication meathods, default or easy to guess PIN codes
No monitoring of system utilization, call logs, abnormal events
And finally one or more indeviduals with the passion to call some exotic far away place or simply to make money on an unsuspecting PBX owner expense.

Sipera: VoIP Toll Fraud Continues To Escalate

2009-06-12T04:03:00.002+03:00

Sipera Systems which specializes in security solutions for IPT released a mini report with the conclusion that even with the growing awareness of VoIP and UC vulnerabilities not much is actually being done to mitigate these threates.
Sipera's Adam Boone highlights the primary security architecture shortcomings leading to toll fraud:

Telecom Connectivity Vulnerabilities: Many enterprises have moved to SIP trunking for low-cost telecommunications connectivity. Unfortunately, these enterprises often rely on Session Border Controllers for security of real-time VoIP and UC traffic, making them highly vulnerable to toll fraud. In production security architecture analysis, Sipera has identified nine common configuration errors, vulnerabilities and functional limitations that leave enterprises using SBCs for VoIP security exposed to toll fraud risk.
Application-Level Vulnerabilities: In many cases, application servers, voicemail systems, and other communication systems can be easily exploited by fraudsters because of weak passwords and authentication schemes. Furthermore, security policy enforcement mechanisms in such systems are often inadequate to stop fraudsters from using them to gain access to toll calling facilities.
End-Point Vulnerabilities: Weak security on user devices and inadequate authentication schemes enable fraudsters to exploit these devices to pose as authorized users and gain access to toll calling facilities.

MIT's IS&T found sniffing on campus traffic

2009-04-20T19:56:00.006+03:00

MIT Tech reported that the IS&T, the institute central IT department has been monitoring and recording all ingress and ingress network traffic on campus without an official policy or user notification. the monitoring practice was implemented on 1999 for security and network anomaly detection .

While there are some valid privacy issues here, I'm not going to address it here, you can find the gory details here.
There is something totally different that worries me - the graph showing the network traffic entering IS&T’s network security monitoring system, its a 1Gb interface and guess what...its fully utilized most of the time. Not so great for IDS and legal type applications.

Can you find a way to eavesdrop Skype? NSA may be willing to pay if you do

2009-02-15T23:22:00.002+02:00

According to "The register" NSA is willing to pay billions of dollars to anyone that can offer an eavesdropping solution that will allow the agency to listen on P2P voice calls and IM messages.
Now since Skype isn't making big bucks for parent company eBay, selling a key escrow that will allow NSA to use less computational resources to decrpyt the information might be an easy to generate extra revenue.

Greeting of prosperity in the Chinese year of Ox - gung hei faat choih 恭喜發財

2009-01-25T21:52:00.004+02:00

Wishing gung hei faat choih 恭喜發財
Good luck, success and prosperity in the new Chinese year of the Ox

Happy New Year

2008-12-31T23:31:00.000+02:00

I would like to wish you happy new year,
May this New Year bring newly found prosperity, love, happiness and delight in your life.

Exploited Asterisk servers are to blame for recent vishing attacks

2008-12-06T15:08:00.005+02:00

Recent vishing attacks have been conducted by criminal taking advantage of a known bug in older Asterisk PBX systems. According to an FBI advisory published on The Internet Crime Complaint Center the attackers exploited the known bug to gain unauthorized access to numerous Asterisk PBX systems and later used these systems as mass auto-dialers. The attackers generated thousends of calls to victims in which they attempted to extract sensitive information from the victims.
PCWorld has more information

FEMA phones hacked

2008-08-23T13:36:00.003+03:00

According to EILEEN SULLIVAN with AP, unauthorized calls to the middle east were placed over the FEMA phone system causing an estimated damage of $12,000 in call charges to organization - A part of homeland security Dept.
The organization is blaming the undisclosed contractor/integrator of the newly installed voicemail system for not securing the system.
I'm just guessing here, but it sounds like someone left an unprotected DISA access or didn't enforce user PIN codes policy allowing the phreaker to user default vendor PIN codes to configure call forward to the middle eastern destination number.

Trojan on http://i7san.jeeran.com/dsc[x].jpg

2008-07-13T11:27:00.004+03:00

Recently some blogs and minor websites embed pictures from the following source: http://i7san.jeeran.com/dsc[x].jpg where x is a varying number. the picture contains malicious vbs code. it is recommended not to stop the browser from downloading the picture, not to allow unknown vbs code to run and notify the site owner.

Yet another Windows Live Messenger scam

2008-07-06T17:39:00.004+03:00

If you have received an instant message from one of your contact with a link to x.imagecrisp.info or x.imagecroco.info with x being your contact name, kindly disregard this message and most importantly do not enter your password and windows live credentials on that web site!

Most likely that your contact's account has been compromised and those messages are sent without his knowledge.

If you have already entered your credentials in the rouge web site, change your Windows Live password as soon as possible. Although not tested, the logic is that bad agent will no longer have your password and won't be able to send messages on your behalf.

Deletefinder.com scam

2008-04-28T20:59:00.002+03:00

As I'm starting to see some of my MSN contacts getting affected by a new scam, I would like to warn all readers not to submit any details to www.deletefinder.com web site.
This site claims to "...easily find out who deleted you from MSN Messenger..." if you just submit your MSN user and password. I think it goes without saying that you should not reveal your credentials to untrusted parties with invalidated identity.
You may also get promotion messages for this service from a "trusted" MSN contact, disregard it as this contact has been hijacked.

יוסי בן הגיא yossi ben hagai

2008-04-21T22:03:00.003+03:00

http://www.pc.co.il/Index.asp?CategoryID=72&VolID=531#art16565

http://quotes.walla.co.il/?w=/134/1193411

http://www.wallatrade.co.il/ts.cgi?tsscript=item&path=124&id=1193411&page=info

http://career.themarker.com/tmc/article.jhtml?ElementId=is20071111_200020&layer=career&layer2=coupon&layer3=misc

http://www.thecom.co.il/article.php?id=4738

http://www.cfb.co.il/SmarTrade/Ext/Section/Articles/ExtSecArticle_Print/1,1733,,00.html?articleId=590929

http://www.thecom.co.il/article.php?id=4738&prt=1

Back in Israel

2007-09-01T16:55:00.000+03:00

I've had a nice time in Hong Kong, but it's always good to be back home. My schedule was very tight so haven't had the chance to take some photos of the city, so on the last day i took a picture of the office view - showing what i believe to be the 'Kowloon' island and the old runway.

First time in Hong Kong

2007-08-26T18:57:00.000+03:00

I've landed at Hong Kong airport a few hours ago. I'm here on a short term business trip but i'll try to find the time to take some picture and notes of this unique country.

My new LinkedIn account

2007-08-09T07:15:00.000+03:00

I Finally gave in and created a LinkedIn account.
It's available on: http://www.linkedin.com/in/yossibenhagai