Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Ken.

« Breaking News: MuniFi and AT&T Ally in FMC Market | Main | News Wrap up for for the week ending 7/23/06 »

Blackhat coming soon

Recalling the big uproar last year at Black Hat, this story caught my eye in the news.

Cisco to be under scrutiny again at Black Hat
Though some high-profile researchers not slated to present

July 19, 2006 (IDG News Service) -- Cisco Systems Inc.'s products will again come under scrutiny at this year's Black Hat USA 2006 conference, which kicks off later this month in Las Vegas.

Conference organizers say that 15 new exploits will be discussed at this year's event and that two of them target NAC (Network Admission Control) and VoIP vulnerabilities that affect products from a number of vendors, including Cisco.

Security researchers, no longer as focused on digging up bugs in core Windows components, are looking for green fields, said Black Hat Director Jeff Moss.

Last year, Cisco sued Black Hat conference organizers after security researcher Michael Lynn demonstrated a method for running unauthorized code on a Cisco router. It was a difficult technical achievement that had been considered impossible by some, but Cisco saw it to be a dangerous disclosure of information that could be used to harm the Internet's infrastructure.
Cisco has been working much closer with the Black Hat team and was listed as a sponsor of the event this year. It's unlikely we'll see the sort of controversy around Cisco we saw last year.

This year, I can't attend Black Hat, but I'll be watching for the outcome of another presentation mentioned in the article -

A second presentation, given by researchers at 3Com Corp. and SecureLogix Corp. will examine the SIP (Session Initiation Protocol) used by VoIP systems. "In it, we describe and demonstrate many real-world VOIP exploitation scenarios against SIP-based systems (Cisco, Avaya, Asterisk, etc.)," the presenters wrote in a description of their talk. That description can also be found on the Black Hat site.

With the rapid and continuing increase of SIP utilization in networks, groups like Black Hat will focus more on findng the genuine, exploitable vulnerabilities that exist in any communications protocol.


Technorati Tags: , ,

 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Ken Camp on July 22, 2006 5:17 PM |

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Ken Camp's Bio:

Ken Camp has more than 25 years of experience in information technology. Ken spent 17 years with AT&T and Lucent Technologies successfully designing and implementing voice and data networks. He later worked in the security marketplace and played a key role in early IPSec VPN deployments. As an independent consultant, Ken's primary focal areas include network performance improvement, security practices and the design and deployment of integrated voice and data solutions. He may be contacted at: ken_camp@realtimepublishers.net

line

Blog Roll