Archive for February 2007

Another review

February 28, 2007

Gary Audin from VoIP Loop wrote a nice follow-up review of our book entitled Attacking VoIP Security. In his writeup, he goes over several of the hacking scenarios we present throughout the chapters.

Teaching and Speaking at VoiceCon

February 27, 2007

We’ll be teaching a tutorial at VoiceCon next week:

Monday, March 5th
1:30 p.m. – 4:30 p.m.
IP Telephony Security Threats and Countermeasures

This tutorial will provide the latest information on security issues for IP Telephony implementations. The course is divided into two parts: Assessing the potential danger, and what you can do about it. Course participants will gain an appreciation for the nature of the security threats to IP-PBX gear, and will get concrete recommendations for how to handle this threat.

Also, we’ll be doing a panel session on Wednesday:

Wednesday, March 7th
1:00 p.m. – 2:15 p.m.
Voice-Oriented Attacks

You’ve heard all the clever new acronyms and slang like SPIT (spam over IP telephony) and VOIP phishing, and these attacks are becoming more of a concern. At the same time, however, attacks traditionally aimed at the data network are being tailored toward voice infrastructure–for example, denial of service attacks that tie up telephone trunks and block the call center. This session will familiarize you with voice-oriented attacks that you may not have encountered yet, but do need to think about preventing.
* What are the most serious voice-oriented attacks being seen “in the wild”? Which have only appeared as hackers’ “proof of concept,” but could soon go live?
* What avenues are used to attack voice-specific infrastructure, and how do you protect these?
* What types of equipment and technologies must you implement to stop voice-oriented attacks?
* What specific kinds of damage can these attacks cause?

If you’re attending VoiceCon, please stop by and say hello!  We’ll be also giving away a couple of copies of the book throughout the week.

Nice review from eWeek

February 20, 2007

Andrew Garcia over at eWeek had some nice things to say about our book:,1895,2096267,00.asp

As VOIP systems proliferate, so, too, must the measures taken to secure them. Luckily for IT administrators, several resources are available to help them do just that. In the book “Hacking Exposed VOIP: Voice over IP Security Secrets & Solutions,” for example, authors David Endler (director of security research at TippingPoint) and Mark Collier (chief technology officer of SecureLogix) bring to life the imminent threat of VOIP attacks, describing in detail how an attacker could discover, enumerate, probe and eventually co-opt an existing voice network

RSA Conference Presentation and Book Signing

February 1, 2007

Both of us will be presenting “Exploiting Voice over IP Networks” at the RSA conference next week, on Wednesday February 7th in San Francisco. We will be discussing some of the latest VoIP security research we performed for the book, and showing off some of the tools we released as well. We’ll try to give away a couple of books at the end as well. Here’s the info:

Session Track: Hackers & Threats II
Session Code: 2192
Scheduled Date: 2/7/2007
Scheduled Time: 9:10 AM – 10:20 AM
Session Title: Exploiting Voice Over IP Networks

Also, our publisher McGraw-Hill has organized a booksigning event at the RSA conference later that day from 12:30pm – 1:30pm at the RSA bookstore. Please stop by and say hello!

UPDATE: Here are our slides from the presentation!