The VoIP Toll Shift

One of the promises of VoIP is it’s cost-effectiveness. By overlaying the new breed of telephony networks on top of our existing data networks and the Internet, thereby leveraging a transport mechanism that we’re already maintaining and paying for, we rid ourselves of the high toll charges imposed on us by the traditional telephony services by allowing end-users to call each other, regardless of the distance, essentially for “free.” And [...]

By |2007-04-24T14:28:37+00:00April 24th, 2007|economics, telephony, voip|0 Comments

On Social Hacking Groups, Meetings, and AHA!

Since the early ’90s, when I first really started getting into information security and the hacking scene, I’ve always found immense value in social hacker meetings. Back then all I had was my local 2600 meeting, however today, depending on your place of residence, there may be many different types of meetings available to you ranging from black to white-hat orientations such as 2600, local-area DefCon groups, the regional *Sec [...]

By |2007-04-23T02:33:48+00:00April 23rd, 2007|AHA!, hack, security|0 Comments

Anatomy of an 0-day

Cody Pierce, a colleague of mine at TippingPoint's DVLabs, was recently profiled in an article by Dennis Fisher over at The article basically describes how Pierce went about discovering and disclosing an 0-day vulnerability in the Internet Help Control ActiveX component last April, which resulted in a patch from Microsoft last August. To do this, he built a custom fuzzer to test large numbers of ActiveX controls and separate [...]

By |2007-04-19T13:08:18+00:00April 19th, 2007|employment, security research|0 Comments

Upcoming Conferences

In a couple of weeks I'll be heading to Seattle for Microsoft's internal security conference, BlueHat, and ToorCon's invite-only conference, ToorCon Seattle (Beta). I've never been to BlueHat before, but that's not really surprising since most of my research targets, both now and in the past, have had absolutely nothing to do with Microsoft products. The primary reason I'm attending is that BlueHat takes place the two days before ToorCon [...]

By |2007-04-19T06:44:29+00:00April 19th, 2007|conference, hack, security, security research|0 Comments

Information Security Conferences, Workshops, and Training Calendar

I maintain a Google calendar entitled "Information Security Conferences, Workshops, and Training", and it contains dates for conferences, workshops, training, CFP deadlines, and related events. I inadvertently announced it to the InfoSec research community by way of a response to a recent post on the Daily Dave email list asking about such a calendar. Since then I've had a flood of responses suggesting additional events to add as well as [...]

By |2007-04-16T03:59:00+00:00April 16th, 2007|conference, security|0 Comments

Blog Migration

Today I migrated this blog from LiveJournal over to WordPress. I regularly contribute to another blog entitled Voice of VoIPSA as part of my involvement in the VoIP Security community and it is fueled by WordPress. Having contributed to that blog for some time now I've come to prefer the WordPress interface and management tools over what is provided by LiveJournal. While I still like LiveJournal for many of it's [...]

By |2007-04-01T22:07:50+00:00April 1st, 2007|administrivia|0 Comments

April Fools!

April Fools Day has always been a fun day for technology people, especially online. It seems to have become even more so for security people, as every April 1st the security mailing lists get hit with lots of April Fools advisories, fake tool releases, fake announcements from big projects and organizations like Metasploit and the EFF, fake RFC standards, and just an overall flood of craziness. Of course I have [...]

By |2007-04-01T20:08:20+00:00April 1st, 2007|advisory, CAU, humor|0 Comments