IT underground
Monday, February 27th, 2006Last week I went to IT Underground in Prague. It was pretty awsome, much better then expected !
There was 1 talk that totally blew me away, Shawn Merdinger’s talk about voip security. This wasn’t your normal “SIP is insecure because you can do all these things to it that you can do to pretty much any other cleartext protocol” talk. It was about bugs in wireless voip phones. Basicly the whole thing was packed with really neat 0day (like connecting to a wireless voip phone and making free calls)
Pretty much all the talks were good tho. One I didn’t see, but later read about in the proceedings was about fooling ids’s like snort when exploiting some msrpc bug. It turns out msrpc allows for rpc fragmentation. I can’t wait for the snort guys to implement msrpc fragmentation reassembly (you can probably guess why :) Anyways, Wish I saw it, it looked good.
Oh, also the cocktails at the bar in the hotel were good, think I had like 10 of those or something.