[VOIPSEC] Who can prove us wrong?

Voiceline Patrick at Voiceline.dk
Wed Aug 1 11:48:57 PDT 2007

I understand your concern.... I am sure that you will find individuals out 
there who is will go to that extend for there own gain.

The fact is that we have a willing customer with global interest EMEA, 
Europe, North America and Asia. We also have a development agreement with a 
major vendor (Top 5 globally, but confidential for the time being) who will 
act as a research and development partner for the pilot project, with the 
previously mentioned customer. This vendor also has a department for VoIP 
security, from where they service, amongst others, the US NAVY. The problem 
is, that the hosted environment will be built primarily on this vendors 
hardware, so we se a potential credibility issue in letting them test there 
own solution - without us getting a vender neutral second opinion.

So - we are not soliciting anyone at this moment - we are scouting for 
potential research and development partners, and it will be a paid service. 
Some prefer cash and some prefer a long term upside, we are not ruling 
anything out for the right candidate.

However - it must be a major player in the field of VoIP security, with 
solid case references. And preferably someone that are willing and able to 
do more than "fiddle with toys"

Can you/anyone recommend such a company?

Regards Patrick

----- Original Message ----- 
From: "J. Oquendo" <sil at infiltrated.net>
To: "Voiceline" <Patrick at Voiceline.dk>
Sent: Wednesday, August 01, 2007 4:58 PM
Subject: Re: [VOIPSEC] Who can prove us wrong?

> On Wed, 01 Aug 2007, Voiceline wrote:
>> Dear VOIPSEC members,
>> We are looking for companies that specialise in security assessment and 
>> testing for carriers. We claim that no attacker can gain access to the 
>> matrix, with out the hardware device of a registered user etc.
>> Who can prove us wrong?
> What incentives does anyone have to help you "better your product".
> Think about that for a second. I secure my machine and I tell
> the community "Hey bet you you can't compromise my machines"
> under the notion that in you attempting to, I will on the
> other hand tweak my security to your skillset/attempts and
> or findings, make sure you can't then turn around and make
> a profit from your work.
> Are you soliciting for a paid security assessment of your
> products? If so I'm willing and game. I'll throw it atop
> my desk with the Sonicwall, Stonesoft Stonegates, and
> other toys I'm currently fiddling with. Based on what you've
> stated (buzzword) "our matrix" I can infer I can do some
> SIP packet injection on the network level but who knows.
> -- 
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> J. Oquendo
> echo @infiltrated|sed 's/^/sil/g;s/$/.net/g'
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
> "How a man plays the game shows something of his
> character - how he loses shows all" - Mr. Luckey

More information about the Voipsec mailing list