Two attacks against VoIP

by Peter Thermos

This purpose of this article is to discuss two of the most well known attacks that can be carried out in current VoIP deployments. The first attack demonstrates the ability to hijack a user’s VoIP Subscription and subsequent communications. The second attack looks at the ability to eavesdrop in to VoIP communications. Although VoIP is implemented using various signaling protocols, this article focuses on attacks associated with the SIP (Session Initiation Protocol), an IETF standard (RFC 3261). The two attacks, among others such as DoS, have been discussed in various research papers but they haven’t been acknowledged publicly as active attacks.
» Read more

Ethics of Hacking

by Michelle Sellers

This paper will explore the ethics of hacking. There are two main types of hacking, ethical hacking and unethical hacking. For the purposes of this paper I will attempt to explain the differences between the two and argue my viewpoints on the topic. I will support my arguments with valuable resources, and explain how the typical ethical theories pertain to this topic. I will follow with ways to prevent being a victim of the crime of hacking.
» Read more

Automated Penetration Testing: Can IT Afford Not To?

In this white paper we provide an overview of penetration testing, discuss security vulnerabilities, and summarize the results and benefits of penetration testing realized by the IT executives interviewed. We also present the features and benefits of Core Security Technologies’ CORE IMPACT, a leading product in the penetration testing space.
» Read more