Make sure are calling the right person from now on!

Security researcher HD Moore’s scanned about 3% of addressable Internet space looking for high-end videoconferencing systems–the type of systems present in many corporate boardrooms and meeting spaces.

The scan, which took about two hours using a handful of computers, discovered a quarter of a million systems that understood the H.323 protocol, widely used by Internet protocol (IP) communication systems. Using that list, Moore, the chief security officer for vulnerability-management firm Rapid7, used a module for the popular Metasploit framework to “dial” each server, connect long enough to grab the public handshake packets, and then dropped the connection.

“Any machine that accepted a call was set to autoanswer,” Moore says. “It was fairly easy to figure out who was vulnerable, because if they weren’t vulnerable, then they would not have picked up the call.”