"Intelligence gathering by harvesting voice conference details and tapping into calls" (21 Nov 2011) I have been putting code snippets and techniques since 2009 and wanted to present this as lightning talk at CanSecWest12. Unfortunately, visa issues prevent me from presenting both "PostScript:um you've been hacked" and this "Intelligence gathering by harvesting voice conference details and tapping into calls". Topic synopsis, Proposed paper title, and a one paragraph description. Category: data harvesting, intelligence gathering, espionage, data management, enterprise (security) policies Title: "Intelligence gathering by harvesting voice conference details and tapping into calls" Abstract: Voice conferencing is a core platform making enterprises more efficient and driving them forward. Voice conferencing is usually outsource to 3rd party providers and can be implemented/managed in-house. No matter how it's being implemented, the security of the data exchanged over the conference lines represents a concern for the enterprises. This is why security PINs are being used. However, the importance of these security details (like conference ID and conference PIN) is not very well understood and this is one can find these kind of details floating around - on the web, in details of shared/open calendars of Exchange/AD, etc. In this talk, I will try to present various pieces of the puzzle, how to make use of them and ideas on how to (partially) automate all of this for a fast, semi-automated and distributed intelligence gathering. I will try to summarize few hints which can perhaps make life more secure. Reason why this material is innovative or significant or an important tutorial. I find this material both significant and innovative because it tackles a topic about: data management, policies and human factor (behaviour, negligence, lack-of-understanding, etc.) related to a technology that is widely deployed and frequently used in an enterprise's every day life. Optionally, any samples of prepared material or outlines ready. N/A yet Will you have full text available or only slides? Only slides Language of preference for submission. English Please list any other publications or conferences where this material has been or will be published/submitted. N/A UPDATE (3 Feb): In the light of recent events like "Anonymous gain access to FBI and Scotland Yard hacking call" (http://www.bbc.co.uk/news/world-us-canada-16875921), my talk proposal (lightning talks section) would be even more appropriate. For the curios ones, I am not affiliated with Anonymous, nor I have been contacted by them. These techniques are not new, and surely have been used by dudes and will be used (until proper mechanism are in place - I have a section in my talk about this).