Archive for the ‘voip’ Category

ToorCon Seattle (Beta)

May 16, 2007

ToorCon Seattle (Beta) in Seattle was a new experiment by the ToorCon folks. It was essentially an informal and free invite-only conference, total attendance numbering around 150, with a single track of speakers each having 20 minutes to speak on their current (and potentially in-progress) research. The format was very similar to the format that the AHA! meetings take, so I was right at home speaking there. The conference talks were held on a single day, during the day, in a night club called the Last Supper Club.

The badges for this conference were really unique and interesting in that they looked like chocolate bars. The badges themselves were wrapped in a paper candy-bar wrapping themed after a Wonka bar, and the conference being invite-only, some of the bars had golden tickets in them which ensured your invite to next year’s conference. I don’t know what the ratio of bars with golden tickets to bars without were, but I was lucky enough to have gotten a bar with a golden ticket.

Finally, here are my comments for the various talks that I attended:



The VoIP Toll Shift

April 24, 2007

One of the promises of VoIP is it’s cost-effectiveness. By overlaying the new breed of telephony networks on top of our existing data networks and the Internet, thereby leveraging a transport mechanism that we’re already maintaining and paying for, we rid ourselves of the high toll charges imposed on us by the traditional telephony services by allowing end-users to call each other, regardless of the distance, essentially for “free.” And not just within our corporate walled gardens either; Skype, for example, has built the core of their business around providing a basic service of free phone calls between end-user consumers.

With the traditional telephony business model, the further away from the party you are calling, the higher the toll charge to call them. Even local calling within your local geographic area carries a cost, although now days that cost is generally a monthly flat-rate. The core business is built on these toll-ridden services, and “toll-free” calls are the exception to the norm. These so-called “toll-free” calls aren’t really toll-free at all however, they are only free to the party making the call; the recipient of the call pays the premium to provide this “free service” to their callers. The bottom line is, the consumer is usually being charged something throughout the entire spectrum of services. With VoIP and the new era of telephony, this is all changing…


Black and White Ball

April 16, 2007

I’ve been invited to speak during the Black Track at the Black and White Ball this September which is being held at the Ministry of Sound in London. I’ll be presenting on some new research I’ve been working on involving VoIP and steganography. The presentation will be entitled “Real-time Steganography with RTP.”

EUSecWest 2007

March 2, 2007

During the first 3 hour leg of my trip, I finished the slides for my talk. During the second, 8 hour leg of my trip, I managed to sleep for about 5 of them. I arrived at 7 am local time, took an hour to get through customs and get my baggage, another hour to take the train from the airport to the hotel area, and another two hours for them to have my room ready. While waiting for my room, I discovered that I was speaking that afternoon at 4 pm. Once my room was ready there was no longer time for a nap, so I gave my “VoIP Attacks!” talk exhausted and fueled entirely by RedBull. It gives you wings indeed.


VoIP Attacks!

October 5, 2006

I recently gave a presentation at ToorCon 8 in San Diego on the subject of VoIP attacks. You can find slides and video here.

A writeup from Wired News can also be found here.

VoIP Attacks!

October 2, 2006

My presentation earlier today went very well. Other than a few technical difficulties with the A/V setup regarding my laptop audio and running out of time with about 4 slides and my conclusion left and having to rush through the end, I was very happy with it.

Slides in various formats and video of my talk can be found here.

ToorCon 8 Speaker Lineup Changes

September 26, 2006

Apparently, some time a couple weeks ago, the ToorCon speaker schedule was updated. I’m now no longer up against Chris Eagle, but am now up against spoonm speaking about reversing with Ruby. I don’t know if this change will help or hurt my talk’s attendance… Both of them are excellent speakers with excellent topics, and my topic really is kinda blah unless your a telephony geek. I may end up speaking to a mostly empty room…

ToorCon 8

September 6, 2006

I’ve been accepted to speak at ToorCon 8 later this month. My presentation is entitled “VoIP Attacks!” and will briefly cover some VoIP basics, various attacks against VoIP systems that are currently relevant, and then discuss mitigation techniques against those attacks and why many of the mitigation techniques have problems.

New Employer: TippingPoint

March 6, 2006

Today I’ve begun working for a new employer, TippingPoint, a division of 3Com. Essentially TippingPoint is a recent acquisition of 3Com’s and has become 3Com’s Security Research group. While working for TippingPoint, I’ll be doing a number of different things, primarily working with the TippingPoint Security Research (TSR) team who do product vulnerability assessment and verify Zero Day Initiative submissions. I’ll also be helping the Digital Vaccine team design IPS signatures to match said vulnerabilities and will be doing other various forms of original research. This also means I’ve moved from Dallas to Austin. Exciting (:

Does backwards compatibility stifle innovation and progress?

September 1, 2005

Upon beginning my new job, I’ve been thrown head-first into the world of Internet Telephony security, a sector that I’ve not really paid much attention to, much less followed. I’m currently in the process of getting acquainted with all of the various protocols and technologies involved, and in doing so I’ve signed up to the VoIPSec mailing list. After following the current discussion threads there for a few weeks, I see a recurring problem that I’ve seen in other growth sectors before, and unfortunately will probably see again.