Cisco at BlackHat - VoIP Zero Day Potential
This from Blackhat via SearchSecurity.com.
Note. Hendrik Scholz mentioned here stopped by and commented, mentioning his talk. I just managed to find a bit of time to catch up and add a lttle more information here
Possible Cisco zero-day exploit revealed at Black Hat
Update: LAS VEGAS -- Controversy looms for Cisco once again at Black Hat, as information revealed Wednesday could lead to another significant zero-day vulnerability and exploit.
Hendrik Scholz, lead VoIP developer and systems engineer with Freenet Cityline of Germany, saved the best for last during his Black Hat USA 2006 presentation Wednesday on SIP stack fingerprinting and attacks. His final slide appeared to featured limited details on an undisclosed flaw related to Session Initiation Protocol (SIP) in Cisco Systems Inc. PIX series of firewalls and security appliances.
According to Mike Caudill and Jeffrey Lanza, incident managers with Cisco's Product Security Incident Response Team (PSIRT), the networking giant is unsure whether the details describe a vulnerability or a misconfiguration.
Technorati Tags: BlackHat, VoIP, VoIP security, Cisco, Hendrik Scholz
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine