I finally added fingerprinting to svmap. This gives it the ability to guess what is running on a SIP network entity even if the user-agent header is missing. You're welcome to give it a try. If you already have sipvicious: $ svn update
If you don't: svn checkout http://sipvicious.googlecode.com/svn/trunk/ sipvicious-read-only
As phishers keep searching for new ways to dupe their victims into submission, they will start eying VoIP more and more. Check out this the register article where the FBI issued a new warning. Nothing really new from a security social engineering perspective.
The SANS Institute just posted an interesting paper by David Persky on VoIP security here. Although there is a growing number of papers and articles on VoIP security, but its very hard to find one that when stripped out of the marketing fluff, has any useful information at all. This paper on the other hand presents specific examples and has some real content.