The sky is (not) falling (this summer)

Doug Mohney — Wed, 23 Jul 2008 16:14:13 -0400

Last weekend, The Last HOPE conference kicked off hacker awareness month. Between now and mid-August, prepare to hear about plenty of scary security stuff that may or may not affect you in the slightest.

VoIP and voice security seem to be almost passé for the corporate-focused Black Hat conference in Las Vegas (No session on VoIP) and its irregular weekend party/knowledgefest DEFCON (one session). Compare that to three VoIP sessions at Last HOPE, plus Kevin Mitnick's quickie workaround to crack Caller ID blocking and it's very quiet when compared to dramatic announcements at previous events in past years.

The sole VoIP attack session at DEFCON discusses VoIPER, a toolkit to automatically and extensively test VoIP devices. VoIPER has been thrown at IP desk sets, softphones, and servers to find vulnerabilities. It's open source and you can take a look at the code at http://sourceforge.net/projects/voiper.

Is the quiet a good thing? I'm not sure if this means VoIP security has become seriously boring or if there's a lot of behind-the-scenes activity we'll hear about in a more dramatic fashion next year. Certainly there's bound to be some UC security activity to be discussed in the months ahead.

But for now, I'd say that it's a good time to enjoy the rest of the summer--unless you have to worry about all the other security headaches bound to be pouring out of Black Hat and DEFCON in a couple of weeks.

- Doug