The VoIP Toll Shift

One of the promises of VoIP is it’s cost-effectiveness. By overlaying the new breed of telephony networks on top of our existing data networks and the Internet, thereby leveraging a transport mechanism that we’re already maintaining and paying for, we rid ourselves of the high toll charges imposed on us by the traditional telephony services […]

On Social Hacking Groups, Meetings, and AHA!

Since the early ’90s, when I first really started getting into information security and the hacking scene, I’ve always found immense value in social hacker meetings. Back then all I had was my local 2600 meeting, however today, depending on your place of residence, there may be many different types of meetings available to you […]

Anatomy of an 0-day

Cody Pierce, a colleague of mine at TippingPoint’s DVLabs, was recently profiled in an article by Dennis Fisher over at SearchSecurity.com. The article basically describes how Pierce went about discovering and disclosing an 0-day vulnerability in the Internet Help Control ActiveX component last April, which resulted in a patch from Microsoft last August. To do […]

Upcoming Conferences

In a couple of weeks I’ll be heading to Seattle for Microsoft’s internal security conference, BlueHat, and ToorCon’s invite-only conference, ToorCon Seattle (Beta). I’ve never been to BlueHat before, but that’s not really surprising since most of my research targets, both now and in the past, have had absolutely nothing to do with Microsoft products. […]

Black and White Ball

I’ve been invited to speak during the Black Track at the Black and White Ball this September which is being held at the Ministry of Sound in London. I’ll be presenting on some new research I’ve been working on involving VoIP and steganography. The presentation will be entitled “Real-time Steganography with RTP.”

Information Security Conferences, Workshops, and Training Calendar

I maintain a Google calendar entitled “Information Security Conferences, Workshops, and Training”, and it contains dates for conferences, workshops, training, CFP deadlines, and related events. I inadvertently announced it to the InfoSec research community by way of a response to a recent post on the Daily Dave email list asking about such a calendar. Since […]

Blog Migration

Today I migrated this blog from LiveJournal over to WordPress. I regularly contribute to another blog entitled Voice of VoIPSA as part of my involvement in the VoIP Security community and it is fueled by WordPress. Having contributed to that blog for some time now I’ve come to prefer the WordPress interface and management tools […]

April Fools!

April Fools Day has always been a fun day for technology people, especially online. It seems to have become even more so for security people, as every April 1st the security mailing lists get hit with lots of April Fools advisories, fake tool releases, fake announcements from big projects and organizations like Metasploit and the […]