ToorCon Seattle (Beta) in Seattle was a new experiment by the ToorCon folks. It was essentially an informal and free invite-only conference, total attendance numbering around 150, with a single track of speakers each having 20 minutes to speak on their current (and potentially in-progress) research. The format was very similar to the format that the AHA! meetings take, so I was right at home speaking there. The conference talks [...]
One of the promises of VoIP is it’s cost-effectiveness. By overlaying the new breed of telephony networks on top of our existing data networks and the Internet, thereby leveraging a transport mechanism that we’re already maintaining and paying for, we rid ourselves of the high toll charges imposed on us by the traditional telephony services by allowing end-users to call each other, regardless of the distance, essentially for “free.” And [...]
I've been invited to speak during the Black Track at the Black and White Ball this September which is being held at the Ministry of Sound in London. I'll be presenting on some new research I've been working on involving VoIP and steganography. The presentation will be entitled "Real-time Steganography with RTP."
During the first 3 hour leg of my trip, I finished the slides for my talk. During the second, 8 hour leg of my trip, I managed to sleep for about 5 of them. I arrived at 7 am local time, took an hour to get through customs and get my baggage, another hour to take the train from the airport to the hotel area, and another two hours for [...]
I recently gave a presentation at ToorCon 8 in San Diego on the subject of VoIP attacks. You can find slides and video here. A writeup from Wired News can also be found here.
My presentation earlier today went very well. Other than a few technical difficulties with the A/V setup regarding my laptop audio and running out of time with about 4 slides and my conclusion left and having to rush through the end, I was very happy with it. Slides in various formats and video of my talk can be found here.
Apparently, some time a couple weeks ago, the ToorCon speaker schedule was updated. I'm now no longer up against Chris Eagle, but am now up against spoonm speaking about reversing with Ruby. I don't know if this change will help or hurt my talk's attendance... Both of them are excellent speakers with excellent topics, and my topic really is kinda blah unless your a telephony geek. I may end up [...]
I've been accepted to speak at ToorCon 8 later this month. My presentation is entitled "VoIP Attacks!" and will briefly cover some VoIP basics, various attacks against VoIP systems that are currently relevant, and then discuss mitigation techniques against those attacks and why many of the mitigation techniques have problems.
Today I've begun working for a new employer, TippingPoint, a division of 3Com. Essentially TippingPoint is a recent acquisition of 3Com's and has become 3Com's Security Research group. While working for TippingPoint, I'll be doing a number of different things, primarily working with the TippingPoint Security Research (TSR) team who do product vulnerability assessment and verify Zero Day Initiative submissions. I'll also be helping the Digital Vaccine team design IPS [...]
Upon beginning my new job, I’ve been thrown head-first into the world of Internet Telephony security, a sector that I’ve not really paid much attention to, much less followed. I’m currently in the process of getting acquainted with all of the various protocols and technologies involved, and in doing so I’ve signed up to the VoIPSec mailing list. After following the current discussion threads there for a few weeks, I [...]