Send VoiceOps mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://puck.nether.net/mailman/listinfo/voiceops
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of VoiceOps digest..."
Today's Topics:
1. Re: New SPA2100/2102/1001 exploit in the wild? (Ryan Delgrosso)
2. Re: New SPA2100/2102/1001 exploit in the wild? (Shripal Daphtary)
3. Re: New SPA2100/2102/1001 exploit in the wild? (Tim Bray)
----------------------------------------------------------------------
Message: 1
Date: Fri, 18 Oct 2013 17:33:04 -0700
From: Ryan Delgrosso <[email protected]>
To: "[email protected]" <[email protected]>
Subject: Re: [VoiceOps] New SPA2100/2102/1001 exploit in the wild?
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
So just some additional information on this since i know a few others
were seeing security issues with these devices.
I have recently discovered that cisco recently terminated the last 40
engineers responsible for maintaining the SPA codebase (SPA ATAs and IP
phones and the new SPA112/122). This was done to free up the budget to
build a replacement product that will work more closely with their
hosted call manager product and less with 3rd party sip which isnt due
for several years.
They will of course continue to sell the SPA products but you may have
issues if you need anything custom done or need factory provisioning.
I found the timing of these events slightly curious as well.
Take this for what you will and if anyone out there has more information
please feel fre to chime in.
On 10/14/2013 04:08 PM, Ryan Delgrosso wrote:
> Hey all,
> I am seeing my fraud-o-meter tick up as of yesterday and it all seems
> to be driven by accounts attached to these devices. We have taken
> measures to start locking this down but I am wondering if anyone out
> there is seeing similar.
>
> It looks like somehow legacy devices that have been deployed for 5+
> years are having accounts lifted out of them.
>
> Does anyone have info on this exploit, or if you are seeing this as
> well and want to compare notes feel free to ping me.
>
> Thanks,
> -Ryan
> _______________________________________________
> VoiceOps mailing list
> [email protected]
> https://puck.nether.net/mailman/listinfo/voiceops
------------------------------
Message: 2
Date: Fri, 18 Oct 2013 18:10:49 -0700
From: Shripal Daphtary <[email protected]>
To: "[email protected]" <[email protected]>
Cc: "[email protected]" <[email protected]>
Subject: Re: [VoiceOps] New SPA2100/2102/1001 exploit in the wild?
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
On that note. I just met with Cisco at the bsft connections show. And they told
me they were "recommitting" to the service provider market with an esbc nano
cube and handsets certicification on the bworks in 3 weeks.
Shripal
> On Oct 18, 2013, at 5:33 PM, Ryan Delgrosso <[email protected]> wrote:
>
> So just some additional information on this since i know a few others were
> seeing security issues with these devices.
>
> I have recently discovered that cisco recently terminated the last 40
> engineers responsible for maintaining the SPA codebase (SPA ATAs and IP
> phones and the new SPA112/122). This was done to free up the budget to build
> a replacement product that will work more closely with their hosted call
> manager product and less with 3rd party sip which isnt due for several years.
>
> They will of course continue to sell the SPA products but you may have issues
> if you need anything custom done or need factory provisioning.
>
> I found the timing of these events slightly curious as well.
>
> Take this for what you will and if anyone out there has more information
> please feel fre to chime in.
>
>> On 10/14/2013 04:08 PM, Ryan Delgrosso wrote:
>> Hey all,
>> I am seeing my fraud-o-meter tick up as of yesterday and it all seems to be
>> driven by accounts attached to these devices. We have taken measures to
>> start locking this down but I am wondering if anyone out there is seeing
>> similar.
>>
>> It looks like somehow legacy devices that have been deployed for 5+ years
>> are having accounts lifted out of them.
>>
>> Does anyone have info on this exploit, or if you are seeing this as well and
>> want to compare notes feel free to ping me.
>>
>> Thanks,
>> -Ryan
>> _______________________________________________
>> VoiceOps mailing list
>> [email protected]
>> https://puck.nether.net/mailman/listinfo/voiceops
>
> _______________________________________________
> VoiceOps mailing list
> [email protected]
> https://puck.nether.net/mailman/listinfo/voiceops
------------------------------
Message: 3
Date: Sat, 19 Oct 2013 12:42:21 +0100
From: Tim Bray <[email protected]>
To: [email protected]
Subject: Re: [VoiceOps] New SPA2100/2102/1001 exploit in the wild?
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1
On 19/10/13 02:10, Shripal Daphtary wrote:
> On that note. I just met with Cisco at the bsft connections show. And
> they told me they were "recommitting" to the service provider market
> with an esbc nano cube and handsets certicification on the bworks in
> 3 weeks.
What do you mean by `esbc nano cube` ?
It would be a shame if the SPA engineers have been terminated. Very
competent product which has been in the market relatively unchanged for
many years. Favoured by service providers for its secure provisioning
and robust SIP operations. They don't break or do weird stuff too often.
Tim
------------------------------
Subject: Digest Footer
_______________________________________________
VoiceOps mailing list
[email protected]
https://puck.nether.net/mailman/listinfo/voiceops
------------------------------
End of VoiceOps Digest, Vol 52, Issue 8
***************************************
