Want a job in VoIP security? Jason Ostrom, who recently joined Sipera Systems as director of their VIPER Lab, passed along word to us that they are looking to hire two new positions related to VoIP security: VIPER Security Consultant VIPER Vulnerability Research Engineer Job descriptions and information about applying can be found over on Sipera’s “Careers in VoIP Security” page. …
Blogs / Voice of VOIPSA
Voice of VOIPSA
Authors:
View all »
Latest posts
-
Sipera looking to hire a few good VoIP security researchers…
http://voipsa.org/blog/2008/07/01/sipera-looking-to-hire-a-few-good-voip-security-researchers/ -
Avaya, Cisco and Nortel VoIP security vulnerabilities to be announced today
http://voipsa.org/blog/2008/06/25/avaya-cisco-and-nortel-voip-security-vulnerabilities-to-be-announced-today/News reports are coming out now (FierceVoIP, Network World and others) that in about 30 minutes or so, Avaya, Cisco, Nortel and VoIPShield Systems will be jointly announcing VoIP security vulnerabilities - and corresponding fixes. …
-
Nortel launches Voice Security Technology Blog
http://voipsa.org/blog/2008/06/19/nortel-launches-voice-security-technology-blog/I recently learned that Nortel has launched their “Voice Security Technology Blog“. Their initial post outlines their goals for the blog. They only have two posts up so far but we’ll be interested to watch the blog and see what they do with it. …
View all »
336 blog reactions
-
tcpdump packet capture showing a Skype username and password (iskoot passing credentials in the clear).
http://webtown.typepad.com/webtown/2008/07/tcpdump-packet.ht...Dameon has now posted a tcpdump packet capture showing a Skype username and password ( http://www.phoneboy.com/2244/proof-of-iskoot-passing-credentials-in-the-clear ). If it were SSL-encrypted there is no way he should be seeing this.". source.
-
Global exposure of skype passwords leads to chat interception...
http://webtown.typepad.com/webtown/2008/07/global-exposure.h...their mobile over WiFi is effectively allowing their Skype credentials to be seen by anyone who can intercept their traffic (i.e. is either on the local WiFi network or is between them and iSkoot’s servers). Yes, Skype chats can also be intercepted" source. I wonder how the guys from the 3 skype phone have solved such matters... Related : iSkoot Transmits Your Data In The Clear My take : image you are company using skype and iskoot or other things that link skype via your devices to your
-
Padding the Numbers: Vulnerability Duplication
http://dtrammell.wordpress.com/2008/06/26/padding-the-number...have been guilty of this to varying degrees in the past, but none have been quite so blatant about it as VoIPShield Labs, the research division of VoIPShield Systems, Inc. Coinciding with a product launch at the beginning of April, they released just over forty vulnerability advisories to the public (claiming having upwards of one hundred). At the initial announcement many were fairly impressed, however after taking a cursory look at the advisories themselves, it seemed fairly obvious to me that an attempt was being made to pad these
-
Padding the Numbers: Vulnerability Duplication
http://dtrammell.wordpress.com/2008/06/26/padding-the-number...I did give them the benefit of the doubt, as this type of thing is regularly pulled by clueless marketing types and sometimes the researchers involved don’t have direct control over distribution of the information. Unfortunately, a few days ago they did it again, releasing another huge batch of vulnerability advisories riddled with duplications. The problem with these advisories, at their core, is that they are not actually vulnerability advisories at all. They do involve vulnerabilities, and some of the
-
Blue Box: The VoIP Security Podcast
http://www.blueboxpodcast.comSkypefind Cross Zone Scripting Vulnerability with discussion in The Register The Register: Skype Trojan wiretap plan leaks onto the net PC Pro: VoIP stumps spooks Skype Journal: The Bavarian Intercept Proves Skype is Secure Voice of VoIPSA: More ETSI Security Workshop presentations now available online Voice of VOIPSA: Breaking Ciphers on a 5.8MHz Pentium Voice of VOIPSA: Raising a RUCUS at IETF 71 SearchUC: Early adopters of unified communications need to ask about security CNN: Third undersea cable cut in Mideast
-
Blue Box: The VoIP Security Podcast
http://www.blueboxpodcast.comDesign flaw in wireless VoIP handsets endanger the enterprise followed by Cisco confirms vulnerability in 7921 WiFi IP phone Voice of VOIPSA: Slides about P2PSIP security new available Voice of VOIPSA: RUCUS mailing list & BOF Voice of VOIPSA: End-to-end VoIP security using DTLS-SRTP Also a whole bunch on SIP Identity SIP Torture Tests for IPv6 now out in RFC 5118 SIP Usage Scenarios Similar to SPIT SPEERMINT Security BCPs
-
Blue Box #79: Asterisk vulnerabilities, VoiceCon/VON coverage, eavesdropping, FBI, ZFone, P2P, VoIP security news and more
http://www.blueboxpodcast.com/2008/06/blue-box-79-ast.htmlMANY thanks for all the offers of audio production assistance Dan met with Craig Bowser down at VoiceCon, also David Endler, Mark Collier, etc. Jonathan met with Dean Elwood, Martyn Davies, etc. Four Asterisk vulnerabilities The Economist: Bugging The Cloud Forbes: How to Make Your Phone Untappable VoIP News: VoIP: Who Might Be Spying on Your Communications? (Hint – It’s Not Just the NSA VoIP News: Listen Up: 17 Signs That You Are Being Wiretapped
-
Returning into the light...
http://dyork.livejournal.com/283165.html, I expected that I'd be doing less writing in the next month across all my various blogs. That expectation certainly came true. I wrote practically nothing here, on Disruptive Conversations or on the Voice of VOIPSA
-
Blue Box: The VoIP Security Podcast
http://www.blueboxpodcast.comnew listeners - and to all those listeners who have been here for so long! new comment line +1-415-830-5439 SE 22 with Jonathan Rosenberg Asterisk AST-2007-027: Database matching order permits host-based authentication to be ignored Voice of VOIPSA: Trixbox contains ‘phone home’ code to retrieve arbitrary commands to execute trixbox CE audit tool official statement and fixes Audit Tool Change Plan Audit tool ‘fix’ being pushed out tonight ComputerWorld: VoIP vulnerabilities increasing, but not exploits CRN: Top 9 VoIP Threats and Vulnerabilities
-
VoIP Survivor
http://voipsite.blogspot.com/2008/05/voip-survivor_15.htmlto crash, or flooding it with irrelevant requests to take up 100% of its processing time, an attacker can practically stop a service. This happens once in a while - the attack on the internet’s root DNS servers last year is an example. A lot of VoIP products out there have vulnerabilities that can be exploited mainly by DOS attacks. Denial of service is a technique that can be used against commercial services by competitors or people who strongly disagree with the service or what it stands for.
Top Tags
What this blog is about
- asterisk
- australia
- conferences
- government
- ietf
- legislation
- regulation
- sip
- security
- skype
- spam
- standards
- voip
- voip security
- acma
- asterisk security
- itexpo
- nortel
- platform security
- rucus
- sip security
- spit
- voice
- voice security
- voip attacks in the news
- voip legislation
- voip security research
- voip vulnerabilities
- voipsa
- voipsecurity
