Submission + - Asterisk Still Safe (digium.com)
Sam36 writes: "On Friday, the IC3 (FBI/NW3C/BJA) put out a security advisory on their
website that contained a fairly vaguely worded warning about Asterisk
systems being compromised and then being used as "vishing" (voice
phishing) platforms.....
...It turns out that we were correct on our first guess: this is not a new problem, and furthermore is a difficult vulnerability to exploit even on those systems that are unpatched...
...Unfortunately, the news of security risks spreads faster than the news of a non-issue — secure systems aren't "stories" so I expect it will be an uphill effort to update all the sites which copied or re- blogged the IC3 story initially. We would very much like to enlist the community to have you try to post where you can the link to the Digium blog above ..."
...It turns out that we were correct on our first guess: this is not a new problem, and furthermore is a difficult vulnerability to exploit even on those systems that are unpatched...
...Unfortunately, the news of security risks spreads faster than the news of a non-issue — secure systems aren't "stories" so I expect it will be an uphill effort to update all the sites which copied or re- blogged the IC3 story initially. We would very much like to enlist the community to have you try to post where you can the link to the Digium blog above