October 10, 2007

Fake caller ID: Fun, Legal and Easy

 

 

Note:  He is right, you can't trust caller ID these days.  I do know that is someone sends no caller ID then I don't answer.  It's usually a telemarketer or some congressmen trying to give me an award for donating money to there party or associations.  In our current environment I am not sure how long that will last.  If you are trying to get in touch with your local press try changing it to some major organization's ID and see if your call gets picked up faster?  I bet it would.

He cited some legislation that was put through in 2007 and is currently stuck in the Senate.  "The law would outlaw causing "any caller identification service to transmit misleading or inaccurate caller identification information" via "any telecommunications service or IP-enabled voice service." Law enforcement is exempt from the rule."

Here is an excerpt from the article: 

 

Continue reading "Fake caller ID: Fun, Legal and Easy" »

June 18, 2007

VoIP Security Fundamentals

Note:  Computer Weekly has a great Monday morning article about VoiP security and how a PBX can affect it.

Voice over IP (VoIP) security is a challenge for IT staff because IP telephony (IPT) brings with it not only the security problems of data networks but also new threats specific to VoIP. In this fundamentals guide, learn about network security threats and emerging IP telephony threats, and how to secure your VoIP systems and endpoints from them.

Continue reading "VoIP Security Fundamentals" »

May 21, 2007

EP-880 VoIP Phone Uses Frequency Domain Scrambling Technology

Note:  If this phone is SIP compliant then we might need to pick a couple up for "testing".



Everpeace Technology has released the EP-880, an encrypted VoIP phone that integrates frequency domain scrambling technology and can block phone-tapping devices. It supports the PSTN network and standard PBX systems. 

Continue reading "EP-880 VoIP Phone Uses Frequency Domain Scrambling Technology" »

May 08, 2007

Next Alarm Announces Support for Two-Way Voice Monitoring

Next Alam is announcing at The Cable Show in Las Vegas support for two-way voice monitoring.  Next Alarm's two-way voice service, unlike that of other alarm companies, is compatible with VoIP (Voice over Internet Protocol) and digital phone service.  Next Alarm offers this feature for a minimal surcharge.  The feature doesn't require a phone line and is available at a very reasonable price.

Continue reading "Next Alarm Announces Support for Two-Way Voice Monitoring" »

April 05, 2007

Don't use WEP for Wi-Fi security (LOL)

Note:  3 Seconds is not much time.  Forget War Driving, now we will have "War Walking".  I run everything over WPA and only run sensitive data over a hardline.
 
The Wi-Fi security protocol WEP should not be relied on to protect sensitive material, according to three German security researchers who have discovered a faster way to crack it. They plan to demonstrate their findings at a security conference in Hamburg this weekend.
 
Mathematicians showed as long ago as 2001 that the RC4 key scheduling algorithm underlying the WEP (Wired Equivalent Privacy) protocol was flawed, but attacks on it required the interception of around 4 million packets of data in order to calculate the full WEP security key.

Continue reading "Don't use WEP for Wi-Fi security (LOL)" »

February 25, 2007

Interview With Encryption Advocate Phil Zimmermann Regarding VoIP

Note:  Very well executed interview about privacy, encryption and policy.  Usually I would give my opinion on a subject like this but I need to look deeper into this subject because it really goes to some core beliefs.  It is a very fine balance we must maintain in our wonderful free society.  I see where the government sees that it needs certain tools to help do their job of keeping us safe.  But on the other end this is AMERICA, the land of the free.  At a point I would say we are better off being free and maybe a little less safe and still have our basic privacy.  A free society is only as free as they assert imho. 
 
 
 
Phil Zimmermann has been an advocate of using technology to protect privacy for many years. He created Pretty Good Privacy, an email encryption program, as a tool to protect human rights. He figured that encryption was a way for people in totalitarian countries to escape government spying. He released it for free in 1991, but the U.S. government accused him of violating export control laws, which at the time restricted the use of strong encryption because it could help criminals evade law enforcement.

Continue reading "Interview With Encryption Advocate Phil Zimmermann Regarding VoIP" »

February 15, 2007

A Guide to Understanding the VoIP Security Threat

Note:  VN has a good article about VoIP Security threats how what to make of them.

"At its heart, a VoIP system is a data network. This means VoIP deployments are vulnerable to the same internal and external threats that plague any enterprise data local area network (LAN) or wide area network (WAN).

Enterprises pondering voice over Internet protocol (VoIP) primarily focus on the technology's cost benefits. Yet, in their zeal to converge voice and data networks and shave telephony costs, many organizations are failing to adequately consider VoIP's single drawback: security.
"

Continue reading "A Guide to Understanding the VoIP Security Threat" »

February 06, 2007

BorderWare Releases New Class of Enterprise VoIP Security

Note:  I came across this product today.  I like how they explain their approach using a self-proclaimed "non-proprietary solution" and open source operating system.  It seems the more we look at true security on our networks, the only way I can see us truly securing hardware is using a open source model so we can have alot of eyeballs examining the code and releasing patches faster so it stays secure.  People need to realize that securing a network is a goal and moving target.  The second you rest on your laurels and think you are secure thats the moment your most vulnerable because you have taken your eye off the ball.  Anyways here is the release we found:

"BorderWare Technologies has announced what it is calling a new approach to securing and servicing VoIP that is cost effective and highly scalable to meet the needs of today's service provider and enterprise markets. As VoIP security evolves, service providers and enterprises are realizing the need to secure their converged applications including VoIP, Video and other real-time applications, to protect from attacks such as toll fraud, service disruptions and Spam over Internet Telephony (SPIT)." 

Continue reading "BorderWare Releases New Class of Enterprise VoIP Security" »

January 29, 2007

VoIP security: Scenarios, challenges, and counter measures

VoIP combines the worst security vulnerabilities of IP networks and voice networks. This article discusses vulnerabilities, challenges and countermeasures in securing a VoIP network from the application right down to the hardware.

Continue reading "VoIP security: Scenarios, challenges, and counter measures" »

January 26, 2007

NEC Develops Technology to Prevent IP Phone SPAM called VoIP Seal

Note: Thank you NEC for getting started on this problem early in the game. 

NEC Corporation announced the development of new technology for the prevention of Spam over Internet Telephony (SPIT). VoIP SEAL, the new technology, which defends against the threat of rapidly increasing spam IP phone calls, is expected to contribute significantly to the realization of safe voice over internet protocol (VoIP) phone networks in the future. VoIP SEAL will be exhibited at NEC's booth at the 3GSM World Congress 2007, taking place in Barcelona, Spain from February 12 - 15.

Continue reading "NEC Develops Technology to Prevent IP Phone SPAM called VoIP Seal" »

January 22, 2007

VoIP Security Blogger, Mark Collier, Offers VoIP Security Trends and Predictions for 2007

Mark Collier, a voice over IP (VoIP) security scientist, author, and blogger, today announced the release of his “VoIP Security Trends and Predictions for 2007.” Mr. Collier’s prognostications have been posted to his popular VoIP security blog at: www.voipsecurityblog.com. Mr. Collier is CTO of SecureLogix Corporation, an enterprise telephony management and security company.

Continue reading " VoIP Security Blogger, Mark Collier, Offers VoIP Security Trends and Predictions for 2007" »

January 12, 2007

VoIP Scams, Phishing, And Denial Of Service Attacks and What You Can Do

VoIP-News is running a nice little informative piece discussing some of the general voip security issues that exist and some basic solutions people can take to minimize their exposure.  Below is an excerpt from the article:

"While enterprise VoIP offers many cost, efficiency and productivity benefits, it also opens the door to external threats. That's because VoIP is, at its heart, a data networking technology, making it a prime target for hackers, data thieves and other types of online troublemakers." 

Continue reading "VoIP Scams, Phishing, And Denial Of Service Attacks and What You Can Do" »

January 06, 2007

New Security Threats For VoIP

Panda Software looks at some scary security threats posed by VoIP. The top part of the article in IT-Observer looks at new ways that VoIP might be used for denial-of-service attacks, but the author, Fernando de la Cuadra, dismisses those threats as unlikely (too quickly, I think). The article then goes on to deal with possible threats posed by social engineering.

Continue reading "New Security Threats For VoIP" »

December 22, 2006

Don’t fall for these methods of VoIP abuse

Note: Interesting little article I found about VoIP abuse and spamming.

Voice over IP (VoIP) technology provides many advantages to companies and individuals over both traditional telephone services and traditional IP communications. But, like other technologies, it also brings with it the potential for abuse. And as more people implement VoIP, we can also expect more frequent exploitation of this potential.

Continue reading " Don’t fall for these methods of VoIP abuse" »

December 11, 2006

Encrypted Internet Telephony is Only Safe Option

Note:  Good article. I think Dirk brings up some valid points.  With the mass adoption of VoIP we must still understand its just another technology that has its strengths and weaknesses.  If you using an IP telephony phone system your general network security policy should cover it also.  .02
 
We can safely say that it's unsafe: the Voice over Internet Protocol (VoIP) that enables telephony over the internet. Hackers can choose between a variety of widely available programs to pluck conversations out of the data stream and then manipulate them.  IT experts also expect a rapid increase in spam over Internet Telephony (SPIT) in coming years - spam mails being read aloud by a text-to-speech computer calling on the telephone. While there are a variety of effective security concepts, they are rarely put to use.

Continue reading "Encrypted Internet Telephony is Only Safe Option" »

December 05, 2006

VoIP Blogger Mark Collier Releases New Book on VoIP Hacking

 

Note:  We are ordering this book today.  I am very interested in some of the Asterisk specific vulnerabilities.  Glad to see this type of books coming out.

Mark Collier is excited, and he has every reason to be.  His new book, Hacking Exposed VoIP, is hitting the shelves, and it even has its very own companion website. Besides maintaining his own blog, Mark is CTO for SecureLogix Corporation, responsible for all product and services R&D.   The book, published by McGraw-Hill, is available for pre-order.

Continue reading "VoIP Blogger Mark Collier Releases New Book on VoIP Hacking" »

December 04, 2006

Security expert taps VoIP as new malware target

Voice over IP technology could become the new malware battle zone, according to Enrique González-Ochoa, a researcher with Panda Software’s surveillance department in Spain. The security expert thinks VoIP threats will become more prominent in the near future.

Continue reading "Security expert taps VoIP as new malware target" »

November 16, 2006

VoIP Makes List of Top 20 Internet Attack Targets

Note: Like Duh... 
 
VoIP systems are highly susceptable to outside attacks, according to the SANS Institutes's 2006 list of Top-20 Internet Security Attack Targets . The list, released this week, is an annual breakdown of the the Internet's most attacked targets, and covers everything from operating systems and network devices to security policies.  

Continue reading "VoIP Makes List of Top 20 Internet Attack Targets" »

November 14, 2006

VoIP Security Gets Noisy

Analyst says it’s time for service providers to inform businesses about VoIP’s real risks.  It is one of the most potent threats to the corporate network, but Internet voice remains perhaps the least understood and most poorly defended security gap in the enterprise, according to a security analyst, and security specialists are aiming business users at the wrong targets.

Continue reading "VoIP Security Gets Noisy" »

September 29, 2006

US experts launch VoIP security partnership

Editor's Note:  I love seeing this type of corporate funding of research.  People need to understand that in situation where federal funding for these areas is not available that having corporation come in an fund the research and have some claim on the IP is not a bad thing.  Ususally in these situations some of the research aways makes it to the public domain in some form.
 
A group of US academics and industry experts has been created to explore security issues surrounding VoIP technology, it was announced today. The collaboration sees Georgia Tech Information Security Center (GTISC) partnering with BellSouth and Internet Security Systems (ISS).

Continue reading "US experts launch VoIP security partnership" »

August 30, 2006

Paris Hilton accused of voice-mail hacking

Note:  This is too much. I almost fell out of my seat after reading this. I am amazed in the fact that Cingular Wireless LLC and T-Mobile would use simple CallerID to authenticate customers when accessing voicemail. Another amusing fact was the SpoofCard.com admits to using Asterisk as there base for delivering this service. Also the fact that some hacker most likely employed by the some party involved is using such cutting edge technology to sling dirt at the celebrity victim (Boo Hoo).  Please post your comments.  I would like to hear your thoughts about this.....if you care.
 
 
 
"The feud between celebrities Paris Hilton and Lindsay Lohan has taken a turn for the geeky, with a small fake Caller ID seller accusing Hilton of hacking into voicemail accounts on an un-named mobile phone network."

Continue reading "Paris Hilton accused of voice-mail hacking" »

August 15, 2006

PGP Founder Phil Zimmermann and BorderWare Join Forces to Secure VoIP

BorderWare Technologies Inc., and PGP (Pretty Good Privacy) founder Phil Zimmermann, industry leaders in IP communications security, privacy and compliance solutions, today announced an agreement to make BorderWare the first commercial licensee of Zfone, secure VoIP media encryption software, created by Zimmermann.

Continue reading "PGP Founder Phil Zimmermann and BorderWare Join Forces to Secure VoIP" »

August 05, 2006

VoIP Abuse at BlackHat, Zimmermann to kick off DEFCON

VoIP security is a key theme in this week's Las Vegas events. In a last minute change to DEFCON scheduling, Phil Zimmermann will give an update on his Zfone secure VoIP software.  Zimmermann, the creator of the Pretty Good Privacy (PGP) e-mail software encryption tool, noted that there's a lot of demand for a secure VoIP client these days. "News about government eavesdropping tends to generate interest [in Zfone]," he said in off-the cuff remarks made in the BlackHat press room. "I prefer to talk about the need to secure enterprise communications from criminal elements." However, he referred to Zfone as a "psychic drain" due to the amount of time and energy it is taking.

Continue reading "VoIP Abuse at BlackHat, Zimmermann to kick off DEFCON" »

April 06, 2006

Why VoIP Needs Crypto?

There are basically four ways to eavesdrop on a telephone call.

Continue reading "Why VoIP Needs Crypto?" »

Powered by: Dal