Doug on IP Comm – An independent voice on VoIP, telecom, and IP Communication

VoIP security passe’ at DEFCON 17

Posted on: June 22, 2009

VoIP security issues seem to be passe’, judging from the latest lineup updates for DEFCON. Only two sessions  have VoIP clearly incorporated into their presentations — it’s a far cry from the days when Phil Zimmermann would pop up to plug Zfone and everyone was explaining their latest ‘sploits.

First making its guest appearance in Las Vegas at the end of July is  The Middler 2.0, a man-in-the-middle tool with an expanded portfolio. The tool can now work its mischief on VoIP, producing the opportunity to interactively redirect calls, join them, or take them over; version 1.0 of The Middler does such “fun” things as grabbing cookies and passwords.

Sipera’s VIPER lab lads have moved UCSniff beyond voice into video.  UCSniff 3.0 now has enhanced video eavesdropping features and there are free complementary assessment tools, VideoJak and videosnarf.  The VideoJak tool can be used against a video phone and other IP video security and surveillance — you know all those movies where the video surveillance footage gets bypassed? Yah… exactly…

To be fair, VIPER lab presenters hint at a new tip gleaned from VoIP pentesting of enterprise networks to enhance one’s ability to target specific VoIP users clandestinely with “Other VoIP goodness may follow this,” but video seems be the Bigger News.

Advertisements

2 Responses to "VoIP security passe’ at DEFCON 17"

what exactly is defcon?
-Jack

DEFCON (www.defcon.org), annual “hacker” event in Las Vegas.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: