Today, Bruce Schneier posted an essay to his blog arguing the case for full disclosure of software vulnerabilities, which I am also in favor of. It’s apparently a side-bar to an article in CSOOnline entitled “The Chilling Effect” which is about some of the growing issues surrounding vulnerability research in web software. There’s also two […]
I’ve been invited to speak at EUSecWest 2007, an information security conference in London on March 1st and 2nd. I’ll be giving an updated version of my VoIP Attacks! presentation.
I recently gave a presentation at ToorCon 8 in San Diego on the subject of VoIP attacks. You can find slides and video here. A writeup from Wired News can also be found here.
I’ve been accepted to speak at ToorCon 8 later this month. My presentation is entitled “VoIP Attacks!” and will briefly cover some VoIP basics, various attacks against VoIP systems that are currently relevant, and then discuss mitigation techniques against those attacks and why many of the mitigation techniques have problems.
Today I’ve begun working for a new employer, TippingPoint, a division of 3Com. Essentially TippingPoint is a recent acquisition of 3Com’s and has become 3Com’s Security Research group. While working for TippingPoint, I’ll be doing a number of different things, primarily working with the TippingPoint Security Research (TSR) team who do product vulnerability assessment and […]