One of the promises of VoIP is it’s cost-effectiveness. By overlaying the new breed of telephony networks on top of our existing data networks and the Internet, thereby leveraging a transport mechanism that we’re already maintaining and paying for, we rid ourselves of the high toll charges imposed on us by the traditional telephony services by allowing end-users to call each other, regardless of the distance, essentially for “free.” And [...]
Since the early ’90s, when I first really started getting into information security and the hacking scene, I’ve always found immense value in social hacker meetings. Back then all I had was my local 2600 meeting, however today, depending on your place of residence, there may be many different types of meetings available to you ranging from black to white-hat orientations such as 2600, local-area DefCon groups, the regional *Sec [...]
Cody Pierce, a colleague of mine at TippingPoint's DVLabs, was recently profiled in an article by Dennis Fisher over at SearchSecurity.com. The article basically describes how Pierce went about discovering and disclosing an 0-day vulnerability in the Internet Help Control ActiveX component last April, which resulted in a patch from Microsoft last August. To do this, he built a custom fuzzer to test large numbers of ActiveX controls and separate [...]
In a couple of weeks I'll be heading to Seattle for Microsoft's internal security conference, BlueHat, and ToorCon's invite-only conference, ToorCon Seattle (Beta). I've never been to BlueHat before, but that's not really surprising since most of my research targets, both now and in the past, have had absolutely nothing to do with Microsoft products. The primary reason I'm attending is that BlueHat takes place the two days before ToorCon [...]
I've been invited to speak during the Black Track at the Black and White Ball this September which is being held at the Ministry of Sound in London. I'll be presenting on some new research I've been working on involving VoIP and steganography. The presentation will be entitled "Real-time Steganography with RTP."
I maintain a Google calendar entitled "Information Security Conferences, Workshops, and Training", and it contains dates for conferences, workshops, training, CFP deadlines, and related events. I inadvertently announced it to the InfoSec research community by way of a response to a recent post on the Daily Dave email list asking about such a calendar. Since then I've had a flood of responses suggesting additional events to add as well as [...]
Today I migrated this blog from LiveJournal over to WordPress. I regularly contribute to another blog entitled Voice of VoIPSA as part of my involvement in the VoIP Security community and it is fueled by WordPress. Having contributed to that blog for some time now I've come to prefer the WordPress interface and management tools over what is provided by LiveJournal. While I still like LiveJournal for many of it's [...]
April Fools Day has always been a fun day for technology people, especially online. It seems to have become even more so for security people, as every April 1st the security mailing lists get hit with lots of April Fools advisories, fake tool releases, fake announcements from big projects and organizations like Metasploit and the EFF, fake RFC standards, and just an overall flood of craziness. Of course I have [...]