From jpo at pobox.com Fri Nov 7 23:27:10 2008 From: jpo at pobox.com (Jason Ostrom) Date: Fri, 07 Nov 2008 17:27:10 -0600 Subject: [VOIPSEC] UCSniff VoIP v1.0 Tool Released! Message-ID: <4914CECE.80902@pobox.com> http://ucsniff.sourceforge.net Sipera VIPER Lab has finally released UCSniff. Have a great weekend. Jason From dyork at voxeo.com Mon Nov 10 00:37:38 2008 From: dyork at voxeo.com (Dan York) Date: Sun, 9 Nov 2008 19:37:38 -0500 Subject: [VOIPSEC] If you are out at VoiceCon this week in San Francisco... Message-ID: <0D1F997E-2692-4A51-8F47-B4DB9DE29C6A@voxeo.com> .... I am there too (currently flying cross-country). Feel free to drop me a note if you want to meet somewhere at the show. Jonathan Zar and I are also planning to meet and maybe even do a live BlueBox episode. Dan Sent from my iPhone From dtrammell at breakingpoint.com Tue Nov 18 00:05:44 2008 From: dtrammell at breakingpoint.com (Dustin D. Trammell) Date: Mon, 17 Nov 2008 18:05:44 -0600 Subject: [VOIPSEC] VoIPshield 10.08.08 and 11.11.08 Vulnerabilities Message-ID: <1226966744.3430.416.camel@localhost> Since I've been fairly vocal regarding VoIPshield's questionable advisory practices in the past, pointing out their blatant advisory duplication tactic that essentially turned a handful of single vulnerabilities into an exponential number of extraneous associated advisories, I felt it only fair to also point out that their last two batches of vulnerability advisories on 10.08.08 and 11.11.08 involved NO such chicanery[1]. Each vulnerability advisory from these two batches appear to be unique, valid vulnerabilities, with no advisory duplication. In fact, one advisory[2] might even could have been legitimately split into multiple advisories if the various ports involved did not all belong to the same service/application (not enough detail to be clear). Kudos to VoIPshield for cleaning up their act! Now, how do we convince them to also clean up the older advisories in their database of all the duplication and condense those down into individual advisories per vulnerability? (: [1] http://www.voipshield.com/research.php [2] http://www.voipshield.com/research-details.php?id=129 -- Dustin D. Trammell Security Researcher BreakingPoint Systems, Inc. From dr at kyx.net Tue Nov 25 05:23:46 2008 From: dr at kyx.net (Dragos Ruiu) Date: Mon, 24 Nov 2008 21:23:46 -0800 Subject: [VOIPSEC] CanSecWest 2009 CFP (March 18-20 2009, Deadline December 8 2008) Message-ID: <200811242123.46632.dr@kyx.net> Call For Papers ? ? The CanSecWest 2009 CFP is now open. ? ? Deadline is December 8th, 2008. CanSecWest CALL FOR PAPERS ? ? VANCOUVER, Canada -- The tenth annual CanSecWest applied ? ? technical security conference - where the eminent figures ? ? in the international security industry will get together ? ? share best practices and technology - will be held in ? ? downtown Vancouver at the the Sheraton Wall Centre on ? ? March 18-20, 2009. The most significant new discoveries ? ? about computer network hack attacks and defenses, ? ? commercial security solutions, and pragmatic real world ? ? security experience will be presented in a series of ? ? informative tutorials. ? ? The CanSecWest meeting provides international researchers ? ? a relaxed, comfortable environment to learn from ? ? informative tutorials on key developments in security ? ? technology, and collaborate and socialize with their peers ? ? in one of the world's most scenic cities - a short drive ? ? away from one of North America's top skiing areas. ? ? The CanSecWest conference will also feature the ? ? availability of the Security Masters Dojo expert network ? ? security sensei instructors, and their advanced, and ? ? intermediate, hands-on training courses - featuring small ? ? class sizes and practical application exercises to ? ? maximize information transfer. ? ? We would like to announce the opportunity to submit ? ? papers, and/or lightning talk proposals for selection by ? ? the CanSecWest technical review committee. This year we ? ? will be doing one hour talks, and some shorter talk ? ? sessions. ? ? Please make your paper proposal submissions before ? ? December 8th, 2008. ? ? Some invited papers have been confirmed, but a limited ? ? number of speaking slots are still available. The ? ? conference is responsible for travel and acommodations for ? ? the speakers. If you have a proposal for a tutorial ? ? session then please email a synopsis of the material and ? ? your biography, papers and, speaking background to ? ? secwest09 [at] cansecwest.com . Only slides will be needed ? ? for the March paper deadline, full text does not have to ? ? be submitted - but will be accepted if available. This ? ? year we will be opening up the presentation guidelines to ? ? include talks not in English (particularly Chinese) which ? ? we will offer to translate for the speaker if they are not ? ? a native English speaker. ? ? The CanSecWest 2009 conference consists of tutorials on ? ? technical details about current issues, innovative ? ? techniques and best practices in the information security ? ? realm. The audiences are a multi-national mix of ? ? professionals involved on a daily basis with security ? ? work: security product vendors, programmers, security ? ? officers, and network administrators. We give preference ? ? to technical details and new education for a technical ? ? audience. ? ? The conference itself is a single track series of ? ? presentations in a lecture theater environment. The ? ? presentations offer speakers the opportunity to showcase ? ? on-going research and collaborate with peers while ? ? educating and highlighting advancements in security ? ? products and techniques. The focus is on innovation, ? ? tutorials, and education instead of product pitches. Some ? ? commercial content is tolerated, but it needs to be backed ? ? up by a technical presenter - either giving a valuable ? ? tutorial and best practices instruction or detailing ? ? significant new technology in the products. ? ? Paper proposals should consist of the following ? ? information: ? ? ?1. Presenter, and geographical location (country of ? ? ? ? origin/passport) and contact info (e-mail, postal ? ? ? ? address, phone, fax). ? ? ?2. Employer and/or affiliations. ? ? ?3. Brief biography, list of publications and papers. ? ? ?4. Any significant presentation and educational ? ? ? ? experience/background. ? ? ?5. Topic synopsis, Proposed paper title, and a one ? ? ? ? paragraph description. ? ? ?6. Reason why this material is innovative or significant ? ? ? ? or an important tutorial. ? ? ?7. Optionally, any samples of prepared material or ? ? ? ? outlines ready. ? ? ?8. Will you have full text available or only slides? ? ? ?9. Language of preference for submission. ? ? 10. Please list any other publications or conferences ? ? ? ? where this material has been or will be ? ? ? ? published/submitted. ? ? Please include the plain text version of this information ? ? in your email as well as any file, pdf, sxw, ppt, or html ? ? attachments. ? ? Please forward the above information to secwest09 [at] ? ? cansecwest.com to be considered for placement on the ? ? speaker roster, or have your lightning talk scheduled. If ? ? you contact anyone else at our organization please ensure ? ? you also cc the submission address with your proposal or ? ? it may be omitted from the review process. cheers, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques Vancouver, Canada ?March 16-20 2009 ?http://cansecwest.com pgpkey http://dragos.com/ kyxpgp