The Word: Cisco DRF is big deal.
THe DRF sub-system in the Cisco portfolio is a critical pice of the puzzle, the workaround for the solution absent the real patch is as follows: "Administrators can mitigate this vulnerability by disabling the DRF Master service. However, administrators should exercise caution when disabling the DRF Master service, as system backups will not occur while the service is stopped. Administrators are encouraged to perform a complete system backup before employing this workaround and use care when making configuration changes until the DRF Master service can be safely re-enabled." That is not really that feasible, thus patching should be immediate if not critical priority for any organization.

The Word: Microsft and Cisco are poised to go head-to-head in the coming years as the Unified communications market expands.
I personally think that Microsoft's approach offers many benefits over what Cisco can provide today. However, Microsoft is nowhere near ready to go head-to-head - yet. The question remains whether Cisco can quickly adapt to offset these advantages. As soon as Live Communicator becomes embedded with Vista Service Pack whatever, it is game over.

The Word: A clever hacker gets put into jail for exposing the irresponsability and ineptness of security at major service providers.
It is shamefull that Robert Moore, thee technical prime on the operation gets two years in jail; a sentence comparable to much greater crimes as we've seen. Ban the kid from the computers, keep the jail fro real criminals; his only crime to me is that he's exposed the irresponsability of service providers to protect their own infrastructure.
As Moore re-iterates, the absense of default password configured routers ans VoIP servers, the majority of their plan could not come to fruition. If the secuirty "gurus" at these service providers had any brains, they would have solved this problem in the pre-deployment network phase. Default password can be picked up with most opensourfce and commercial VoIP and data Vulnerability Assessement products. Let's just hope this turns on some lights in the security NOC's at the affected service providers. 

The Word: Simple yet elegant attack that easily breaks the "mighty" VLAN apart. People hide behind these VLAN's as if they are going to fix all their problems - bug mistake! VLAN's are only as strong as the weakest link in the overall infrastructure.
The VLAN hopping attack shows how a very simple exploit of the unauthenticated nature of Layer 2 protocols allows hackers to easily inject packets which are able to reach a forbidden section of the IP space in an enterprise. Amplifying the problme was the fact that a DHCP server was willingly giving out IP addresses to parties on the targetted corpsroate network, a secure solution would have defintiely implemtned static IP's with ACL's or an EAP authentication strategy if DHCP was a must.
In general, alot can be learned from this event: that VLAN's are only as strong as their configruation, that DHCP is dangerous if not properly managed and that hotel networks are no more safe than the next enteprrise network.
I congratulate the parties that publshied thier attack., howver it should be noted that this type of attack has been around for some time and proof of concept have been here even 5 years ago, bottom line is that this is not new! It is not some system ridden with holes because of its lack of maturity; VLAN technolgoy and security solutions built around them have been around for long time, security should be default - it is not. I strongly recommend anyone in charge of security of their Voice networks goes out and tries to hack them, do omsehting malicious and then show your complacents bosses the world of trouble they could be in with auditors.

The Word: Easy to use bot that allows you to easily send SPIT, run DoS attacks and crack SIP suthentication passwords.
Using freely available java libraries, one could create similar and more complex bot type applications. What is most frightening is the fact that IRC is an underground haven for hackers and freelance "maeler's", the talent pool is exreme and most of these folks are very ambitious and take pride in their hacking endeavours. All this is good, but the main question remains how can we protect legitimate networks from these bots? I would suggest active VoIP specific protection products that are good at mitigating SPIT, DoS and VoIP specific vulnerabilities - data products would be higly unlikely to have any effect against VoIP bots.

The Word: Two hackers gain access to multiple service providers VoIP networks and re-selling 10 million dollars equivalent of VoIP service.
Not only does this event demonstrate how irresonsable the security "gurus" at the supposedly invincible ISP's are, it highlights the complacency of a large population of network security administrators who rely on technolgies such a firewall's to address VoIP security. Perimter defense is dead; firewall's provide little or no protection against the real bad guys; DoS attacks, SPIT, worms, trojans, etc. These type of attacks require application level aware devices which have expertise in VoIP protocols, behaviour and anomolies.
Technology is only half the battle, there has to be an effective human element that complements these products. Unfortunately, as we have seen theere is still much too learn inside the ISP NOC's. I suggest that they abandon they "we are big, we are smart, we cannot be hacked" mentaily and focus on the rapid changing landscape of VoIP security and its direction into the future.