Tags › voip security
Blackhat Europe Briefings Day 2
Published on Mar 29, 2008 in conferences, voip security
Second day talks that I attended to were: The URI abuse talk. This was a talk which lists different attack vectors that apply to URI’s. The speakers demoed a Picasa vulnerability that relies on DNS rebinding to be able to expose images from your Picasa to the evil hacker and his little brother. Then they talked about an iPhoto format string vuln that can be exploited via the photo:// URI. More information about this can be found at the speaker’s blog.…
Read more »Blackhat Europe Briefings Day 1
Published on Mar 28, 2008 in conferences, voip security
These are some of the talks I’ve been @ : Keynote by the Angel of Doom was on Digital Security and why it will fail. His conclusion is that we are in the right business and that we got job security. He gave ideas about how security solutions that do not take the big picture into perspective are bound to fail. Had a chat with him during lunch, very interesting conversation.…
Read more »Blackhat Europe && Twitter
Published on Mar 27, 2008 in conferences, voip security
The briefings started today and till now its been a very interesting experience. I’ll be updating my twitter account on BH Europe at: http://twitter.com/sandrogauci…
Read more »Using OSSEC to detect attacks on an Asterisk box
Published on Mar 15, 2008 in voip security, security tools, asterisk
This post is an echo on the previous post which describes how to configure snort to detect SIP attacks. This time we look at detecting attacks at the PBX’s end rather than by monitoring network traffic. OSSEC allows us to do just this - it is a host intrusion detection system that can do matching on log files and actively react to attack. By default OSSEC does not have support for Asterisk.…
Read more »Detecting SIP attacks with Snort
Published on Feb 17, 2008 in voip security, sip security
Update: Put the snort rules here for easy download. Protecting the network from VoIP threats is only half of the story. The rest involves detecting that your system is under attack. Intrusion Detection Systems such as Snort can be configured to help with this task. Currently the one can find some SIP related rules in the latest Community Snort Rules. These rules are able to detect attacks (generated with tools like svwar and svcrack) that create a large number of INVITE or REGISTER SIP requests as well as “401 Unauthorized” SIP responses.…
Read more »Vishing alarming rise
Published on Jan 21, 2008 in cyber crime, voip security
As phishers keep searching for new ways to dupe their victims into submission, they will start eying VoIP more and more. Check out this the register article where the FBI issued a new warning. Nothing really new from a security social engineering perspective. image stolen from blogantivirus…
Read more »VoIP Security Vulnerabilities - a SANS GIAC paper
Published on Jan 11, 2008 in voip security
The SANS Institute just posted an interesting paper by David Persky on VoIP security here. Although there is a growing number of papers and articles on VoIP security, but its very hard to find one that when stripped out of the marketing fluff, has any useful information at all. This paper on the other hand presents specific examples and has some real content.…
Read more »its the end of the world as we know it
Published on Nov 21, 2007 in voip security, sip security
Here are some apocalyptic scenarios related to VoIP and SIP: SIP’s Insecurity Blanket Report Finds VOIP Services Susceptible to Major Attacks Through SIP VoIP security industry – guilty as charged Not exactly positive reports on VoIP - what they’re effectively saying is that VoIP’s increase in the phone market is a ticking bomb that will have great repercussions from a security point of view. But IMHO, one thing’s for sure - with big vendors like Microsoft, entering the market .…
Read more »Another interview with Robert Moore
Published on Sep 26, 2007 in voip security, cyber crime, default passwords
Information Week published an interview with the notorious VoIP hacker who was charge with fraud last year. The main point that came out of the interview is that the password is the weakest link. He mentions two VoIP vendors - Cisco and MERA and how he felt comfortable with breaking into these systems because of default or easily guessable passwords. In a previous interview we learned that he mainly attacked H323 devices rather than SIP boxes, however the attacks that the attacker pulled off are quite similar to what you can do with SIPVicious tools.…
Read more »