[VOIPSEC] FYI: New cross-site scripting attack targets VoIP (new?)
Eric Xu
Eric.Xu at telus.com
Thu Oct 18 12:04:34 CDT 2007
FYI: New cross-site scripting attack targets VoIP <http://www.networkworld.com/news/2007/101707-voip-threat.html?netht=101807dailynews1&&nladname=101807dailynews>
Security researchers have found a way to execute cross-site scripting attacks through VoIP clients, introducing a dangerous new threat almost no one is guarding against, according to vendor Secure Computing.
Some points for discussion:
It is interesting that the news indicated that, "Security researchers discovered the flaw on Oct. 8 and posted a proof of concept code on the Internet describing the vulnerability, which they found in a Linksys VoIP product."
It would be ideal to see more technical details. Any clue about URL of the POC post?
Sounds like a A "new" one (CSS) applied to VOIP threat model. Any comments?
Thanks,
Eric Xu
More information about the Voipsec
mailing list