Last Hope Launches Security Season
Over the weekend, 2600's The Last HOPE (Hackers On Planet Earth) conference launched what this reporter dubs "Security Season." Be prepared for an onslaught of computer security stories featuring oh-so-clever hackers between now and the wrap-up of DEFCON 16 in mid-August.
At the conference, hacker celebrity Kevin Mitnick appeared to plug his coming tell-all book and demonstrated a script for Digium's Asterisk IP PBX to show Caller ID information for someone calling even if the phone's Caller ID is set to "private."
Other presentations at the conference went much deeper into VoIP security. Blake Cornell and Jeremy McNamara discussed how a number of foreign governments and ISPs are blocking VoIP services in attempt to protect a telephone monopoly and/or to censor information. The duo will release a pair of tools to determine if an ISP is blocking SIP and to scan entire netblocks to determine if any Asterisk IAX2 services are available. Details were also provided as to how Asterisk and VoIP providers who support IAX2 can provide virtually un-blockable VoIP services in a country that is actively blocking SIP-based VoIP services.
Sessions also touched upon the ability to use VoIP as a low cost method to probe phone networks around the world and incidents last year where a group of Italian VoIP hackers exploited VoIP vulnerabilities.