Wednesday, May 18, 2011

Cisco shoots down talk of phone flaws

Cisco is coming out in support of an upcoming presentation on hacking techniques for voice over IP (VoIP) systems.

Security testing firm HackLabs is planning to hold a one day tutorial on security testing for VoIP systems, which will include sections discussing Cisco router communications platforms. The tutorial will take place on Thursday at the AusCERT security conference.

Though news of the session initially lead to speculation that researchers would be disclosing 'zero day' security flaws in Cisco's VoIP systems, a company spokesperson told V3.co.uk that it does not believe any new flaws will be reported.

"We have spoken with both the conference organizers and presenters ahead of the upcoming AusCERT 2011 tutorial on VoIP Security Testing," the Cisco routers spokesperson said.

"They have confirmed that no new security vulnerabilities will be revealed."

The spokesperson noted Cisco's history of working with researchers and said that in this case, it even supports the aim of the HackLabs tutorial.

"We understand their presentation will reference the importance of securing IP phones in line with the manufacturer's installation and configuration recommendations," the spokesperson said.

"We support this message and recommend it as a best practice for our customers."

Though Cisco is best known for its network infrastructure and enterprise hardware platforms, the company has long been involved in cyber security initiatives and research operations.

At this year's RSA conference, the company introduced a software architecture designed to support reputation-based security measures, while the 2010 RSA show saw Cisco researchers give an overview of the notorious Zeus malware.

No comments:

Post a Comment