Slashdot Mirror


Flaws Threaten VoIP Networks?

jdkane writes "CNET News reports that security flaws have been found in products that use VoIP and text messaging, including those from Microsoft and Cisco Systems. What's interesting, in Microsoft's case, is that the Internet Security and Acceleration Server product that's also affected is designed to help protect companies' networks from online attacks. Specifically, a filter used in the server that secures VoIP communications is vulnerable to the flaw."

7 of 159 comments (clear)

  1. Not to defend Microsoft by silconous · · Score: 3, Interesting

    But Cisco is just as vulnerable and wider spread as IOS 11.3 and greater is flawed

  2. Great quote by fiendo · · Score: 5, Interesting
    "It is kind of the same situation that we have seen--a certain level of human error is going to be present and that is true even for security software," said Stephen Toulouse, security program manager for Microsoft.

    Wow that ought to really bolster a customer's confidence: NOt only are you saying this type of mistake is common in your experience, your excuse is "Hey we're only human"! Uh isn't that why you're supposed to have quality assurance?

    --
    I went to the city because I wished to live without deliberation.
  3. Re:Imagine That by bfree · · Score: 5, Interesting

    Vulnerable (updates available): Cisco and Microsoft
    Unknown: Avaya, Fujitsu, Hewlett-Packard, Lucent and Nortel
    Safe: Apple, Hitachi, NetBSD, Red Hat and Symantec
    Is that a point for Security through open source as the two open products are already in the safe pile?

    --

    Never underestimate the dark side of the Source

  4. Re:Imagine That by Alien+Being · · Score: 3, Interesting

    "...where could you find a reporter who would care?"

    Nation Public Radio (WBUR 90.9MHz to you fellow Bostonians) for one. Believe it or not, the great unwashed masses are starting to become aware of the problem with Microsoft.

  5. What about Open H.323 by Anonymous Coward · · Score: 3, Interesting

    What about Open H.323.
    Anyone know whether that project is going to be
    suffering the same vunerability ?

  6. meh... by netwiz · · Score: 4, Interesting

    just a buffer overflow. I'm not really surprised; sooner or later this was going to happen. I'm just surprised that it popped up in Cisco's case.

    Altho, as I think about it, I get the feeling that Cisco got a bunch of network multimedia handling code from MS. I remember back in '98 or '99, they announced a software partnership w/ MS, causing much hand-wringing on /. to the effect that we might see NT-based routers. IOS is too heavily leveraged in Cisco's products, but the actual processes and services that run on it could come from anybody.

    The fact that this looks to a few vendors (MS and Cisco being the biggies), and knowing how MS looks to diversify only makes me wonder how much of MS's wonderful code has managed to worm it's way into the other devices I use...

    Hmm... Maybe this had something to do w/ all the dreadful STP and bridging issues I had on the Catalyst 8540 platform...

  7. Expect such flaws in 2.6 soon by kris · · Score: 3, Interesting

    The current H.323 flaw is based on bugs on the ASN.1 parser used in these products. The big bugs in almost all SNMP implementations a year ago or so also was based in ASN.1 parsing failures. Many openssl bugs are based in ASN.1 parsing failures.

    The linux kernel 2.6 just got ASN.1 parsing INSIDE THE KERNEL in order to implement AUTH_KERB as part of the NFS/Kerberos client. Expect ASN.1 parsing based bugs inside the Linux kernel real soon now.