RSA Conference Presentation and Book Signing

Posted February 1, 2007 by hackingvoip
Categories: VoIP Security

Both of us will be presenting “Exploiting Voice over IP Networks” at the RSA conference next week, on Wednesday February 7th in San Francisco. We will be discussing some of the latest VoIP security research we performed for the book, and showing off some of the tools we released as well. We’ll try to give away a couple of books at the end as well. Here’s the info:

Session Track: Hackers & Threats II
Session Code: 2192
Scheduled Date: 2/7/2007
Scheduled Time: 9:10 AM – 10:20 AM
Session Title: Exploiting Voice Over IP Networks

Also, our publisher McGraw-Hill has organized a booksigning event at the RSA conference later that day from 12:30pm – 1:30pm at the RSA bookstore. Please stop by and say hello!

UPDATE: Here are our slides from the presentation!

Interview in NetworkWorld

Posted January 29, 2007 by hackingvoip
Categories: VoIP Security

Dave was recently interviewed in NetworkWorld about VoIP Phishing and other new VoIP threats. We cover VoIP Phishing in granular detail and include several examples in Chapter 15 of our book. You can read the full article here: NetworkWorld – Expert: Phishing and other social attacks threaten VoIP

    Nice Book Reviews

    Posted January 26, 2007 by hackingvoip
    Categories: VoIP Security

    Some rave new reviews of our book over the last couple of weeks:

    New Tool Released: Sip Rogue

    Posted January 23, 2007 by hackingvoip
    Categories: VoIP Security

    We finally posted our sip_rogue test/attack tool on our Hacking Exposed Website. This tool allows you to perform a variety of application level man-in-the-middle attacks. We described it in our book, but had to clean it up a bit before posting. Hopefully folks will find it to be useful.

    Sample chapter from Hacking Exposed VoIP

    Posted December 15, 2006 by hackingvoip
    Categories: VoIP Security

    We’re pleased to release a full electronic sample chapter from Hacking Exposed VoIP for your reading pleasure. Chapter 3 delves into enumeration of VoIP services in order to glean interesting information (e.g. user names, phone extensions, passwords, etc.) . Hope you enjoy!

    Compiling VLANping on FreeBSD

    Posted December 14, 2006 by hackingvoip
    Categories: VoIP Security

    Thanks to Justin Hohner for sending his changes to VLANping so that it would compile cleanly under FreeBSD. Here are the diffs:

    # diff -u orig/hack_library.h hack_library.h
    — orig/hack_library.h Wed Oct 25 18:46:09 2006
    +++ hack_library.h Tue Nov 7 23:21:20 2006
    @@ -33,6 +33,7 @@
    #include <stdlib.h>
    #include <stdbool.h>
    #include <fcntl.h>
    +#include <sys/time.h>

    int Str2IP ( char *str, int *ipNum );
    int DumpPacket ( char *psPacket, int packetSize );

    # diff -u orig/Makefile Makefile
    — orig/Makefile Wed Oct 25 21:04:23 2006
    +++ Makefile Wed Nov 8 02:02:58 2006
    @@ -1,5 +1,5 @@
    vlanping: vlanping.c vlanping.h
    – gcc -I../hack_library vlanping.c -lnet ../hack_library/hack_library.o -o vlanping
    + gcc -I../hack_library vlanping.c -lnet -L/usr/local/lib ../hack_library/hack_library.o -o vlanping

    rm -f vlanping

    # diff -u orig/vlanping.h vlanping.h
    — orig/vlanping.h Wed Oct 25 21:16:55 2006
    +++ vlanping.h Wed Nov 8 02:06:23 2006
    @@ -31,15 +31,12 @@
    #ifndef __VLANPING_H
    #define __VLANPING_H

    -#include <libnet.h>
    #include <stdio.h>
    #include <stdlib.h>
    #include <string.h>
    #include <stdbool.h>
    #include <sys/ioctl.h>
    #include <netinet/in.h>
    -#include <net/if.h>
    -#include <linux/sockios.h>

    #include <sys/socket.h>
    #include <netinet/in.h>
    @@ -54,6 +51,7 @@
    #include <sys/stat.h>
    #include <fcntl.h>

    +#include “/usr/local/include/libnet.h”
    #include “hack_library.h”

    #define __VLANPING_VERSION “vlanping – Version 1.0”

    At Long Last – The Book is Released!

    Posted December 7, 2006 by hackingvoip
    Categories: VoIP Security

    We’re pleased to announced that after over a year of research and writing, our book is finally released! You can grab a copy from here. We developed and released about 20 new security tools to go along with the book available at Please drop us a note at with your feedback.