tuesday and wednesday i attended a training titled "Practical VOIP/SIP Hacking" at the premiere of the future annual security conference deepsec in vienna. official site. the organisation was pretty professional, as to be expected for the business oriented pricing. the hotels network occassionally was a bit laggy, but that's probably not too surprising considering the demands of a bunch of workshops full of hackers doing network security stuff.

i really enjoyed it a lot. klaus really knows his sip and he addressed quite a range of typical configuration problems, possible exploits and how to fix them.

small hint for starters: never put openser on the internet in its default config, unless you want people to make free calls - you may be the one to pay the bill. other software of course mostly isn't much better, but default openser is literally configured as an open relay. cisco gateways are not much better, but since they are so expensive, will only ever be operated by real experts - haha

an excellent resource if you are interested in this field is also klaus's voip link collection.

i was definetely able to profit a lot for the system i am designing at work. stay tuned for some config samples as it becomes more and more production proofed.

SuperGenPass at labs.zarate.org

nice looking client side java script firefox password generator using and md5 hash of domain name and masterpassword.