Sunday, January 27, 2008

SIP Fingerprinting in SVN

I finally added fingerprinting to svmap. This gives it the ability to guess what is running on a SIP network entity even if the user-agent header is missing. You're welcome to give it a try.
If you already have sipvicious:
$ svn update

If you don't:
svn checkout sipvicious-read-only

Any bug reports please send to me

Monday, January 21, 2008

Call Jacking: Phreaking the BT home hub


Vishing alarming rise

As phishers keep searching for new ways to dupe their victims into submission, they will start eying VoIP more and more. Check out this the register article where the FBI issued a new warning. Nothing really new from a security social engineering perspective.

image stolen from blogantivirus

Friday, January 11, 2008

VoIP Security Vulnerabilities - a SANS GIAC paper

The SANS Institute just posted an interesting paper by David Persky on VoIP security here. Although there is a growing number of papers and articles on VoIP security, but its very hard to find one that when stripped out of the marketing fluff, has any useful information at all. This paper on the other hand presents specific examples and has some real content.