Domain: voipsa.org
Stories and comments across the archive that link to voipsa.org.
Comments · 8
-
Re:What about encrypted communications?
Yes, there were stories about Skype Encryption being Broken.
How true this is remains debatable because no one has yet demonstrated decoding a voice message.
Some reports suggest that the most you can do is determine that the content IS Skype, but not what is in it.With enough computer power it might be easier to just decode the packet stream by brute force.
-
Security Vuln
The issue here is not just the fact that it is phoning home - it is the method in which it is done. This has been reported as a security vulnerability to the voipsec mailing list. http://voipsa.org/pipermail/voipsec_voipsa.org/2007-December/002522.html
-
FYI - The Dept of Justice complaints are onlineIf you would like to better understand this case, the US Department of Justice has made the information available online:
- News release announcing the arrests
- Complaint filed against Edwin Pena
- Complaint filed against Robert Moore
Dan York
Best Practices Chair, VoIP Security Alliance (VOIPSA)
Producer & Co-host, Blue Box: The VoIP Security Podcast -
Some resources to learn more about VoIP Security
penciling_in asks: "... This leaves me begging the question: What other not-so-publicized VoIP security issues should companies be watching out for?"
There are a wide range of security issues related to VoIP, although many if not most of them actually are the standard threats relating to the underlying data networks. One place to learn more is the VoIP Security Alliance which last fall released a threat taxonomy that outlined threats to VoIP.
You may also find of value our weekly podcast on the subject, "Blue Box: The VoIP Security Podcast", available at http://www.blueboxpodcast.com/. We provide detailed show notes with links to all the various VoIP security-related articles and items we talk about, many of which you may find useful to learn more on the subject.
There is also a wealth of information available in the VOIPSEC e-mail discussion list (that is hosted by VOIPSA).
Regards, Dan
-
Some resources to learn more about VoIP Security
penciling_in asks: "... This leaves me begging the question: What other not-so-publicized VoIP security issues should companies be watching out for?"
There are a wide range of security issues related to VoIP, although many if not most of them actually are the standard threats relating to the underlying data networks. One place to learn more is the VoIP Security Alliance which last fall released a threat taxonomy that outlined threats to VoIP.
You may also find of value our weekly podcast on the subject, "Blue Box: The VoIP Security Podcast", available at http://www.blueboxpodcast.com/. We provide detailed show notes with links to all the various VoIP security-related articles and items we talk about, many of which you may find useful to learn more on the subject.
There is also a wealth of information available in the VOIPSEC e-mail discussion list (that is hosted by VOIPSA).
Regards, Dan
-
Some resources to learn more about VoIP Security
penciling_in asks: "... This leaves me begging the question: What other not-so-publicized VoIP security issues should companies be watching out for?"
There are a wide range of security issues related to VoIP, although many if not most of them actually are the standard threats relating to the underlying data networks. One place to learn more is the VoIP Security Alliance which last fall released a threat taxonomy that outlined threats to VoIP.
You may also find of value our weekly podcast on the subject, "Blue Box: The VoIP Security Podcast", available at http://www.blueboxpodcast.com/. We provide detailed show notes with links to all the various VoIP security-related articles and items we talk about, many of which you may find useful to learn more on the subject.
There is also a wealth of information available in the VOIPSEC e-mail discussion list (that is hosted by VOIPSA).
Regards, Dan
-
Locks only keep honest people honest
Let's face it: you can add all the security you want, but a determined thief/hacker/criminal will always find a way in. Always. Protect yourselves as much as you can, yes. Just don't expect anything to be 100% secure forever.
Looking at the VOIPSA Wiki, there is a section entitled "Social Threats." Naively I assumed this section would cover things like social engineering, telemarketing, etc. Instead it has such gems as "Modern interactive communication systems can include more than two people in a session and people can move fluidly from role-to-role, including: initiating contact; joining communication in progress; accepting contact; terminating communication in progress; refusing contact." This needs to be explained?
-
No discussion about this, w/out VoIPsec list
Please visit the VoIPsec archives, before assuming that any one article could cover it all. There you could find links and comments from some of the most pertinent contributors to this subject.