Cisco reaching out to AusCERT 2011 conference and speakers, Microsoft included in VoIP security weakness demo At an upcoming conference in Australia, security firm HackLabs is expected to demonstrate how hackers perform VoIP attacks and identify weaknesses in Cisco and other manufacturers VoIP phones.Top 5 things to do before buying more security technologyHackLabs director Chris Gatford has not responded to questions about exactly what type of Cisco VoIP phones and systems will be subject to close examination for security weaknesses. The AusCERT 2011 presentation that HackLabs will do next week is described as “a one-day tutorial” of intensive, hands-on training in which “participants will learn how hackers perform VoIP Attacks and how to remediate common vulnerabilities. Attendees will learn how hackers can methodically gain entry access to an organization’s telephony systems to steal information and abuse services.”The conference session description says the HackLabs attacks will focus on Cisco phones, Cisco Call Manager and Microsoft Office Communicator. A spokesman for Cisco says the company has “reached out to the conference organizers and speakers for more details. At this point we have no information to suggest any undisclosed product vulnerabilities, but we will assess any new information and respond in line with our well-established process for the public reporting of security vulnerabilities,” which are identified here.The Cisco spokesman adds, “It’s important to note that the presenters’ public comments reference the importance of securing IP phones in line with the manufacturer’s installation and configuration recommendations, and we support this message and recommend it as best practice for our customers.” Demonstrations by security firms on how to attack VoIP phones in order to gain unauthorized use or attack the VoIP network and endpoints is nothing new. Many Black Hat Conference demonstrations in the past have focused on this as a topic.At AusCERT 2011 next week, HackLabs, which specializes in penetration testing, could stick to discussing “implementation mistakes” or might disclose new information about vulnerabilities that would require remediation of VoIP equipment in some way.Read more about wide area network in Network World’s Wide Area Network section. Related content news UK Cyber Security Council CEO reflects on a year of progress Professor Simon Hepburn sits down with broadcaster ITN to discuss Council’s work around cybersecurity professional standards, careers and learning, and outreach and diversity. By Michael Hill Sep 27, 2023 3 mins Government Government Government news FIDO Alliance certifies security of edge nodes, IoT devices Certification demonstrates that products are at low risk of cyberthreats and will interoperate securely. By Michael Hill Sep 27, 2023 3 mins Certifications Internet Security Security Hardware news analysis Web app, API attacks surge as cybercriminals target financial services The financial services sector has also experienced an increase in Layer 3 and Layer 4 DDoS attacks. By Michael Hill Sep 27, 2023 6 mins Financial Services Industry Cyberattacks Application Security news Immersive Labs adds custom 'workforce exercising' for each organizational role With the new workforce exercising capability, CISOs will be able to see each role’s cybersecurity readiness, risk areas, and exercise progress. By Shweta Sharma Sep 27, 2023 3 mins Security Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe