I'm at the IPTComm conference at Columbia University in NY. In his opening remarks, Henning Schulzrinne revealed that the university had just experienced its first SPIT (SPAM over Internet Telephony) attack to its VoIP phone system. Some attacker got access to the proxy and then proceeded to "war-dial" to all the phone extensions. There are few real examples of this type of attack so far, but clearly hacker are starting to get interested in VoIP systems.