Comments on: Not Just SPIT but SPOG and SPOM http://voipsa.org/blog/2006/06/15/not-just-spit-but-spog-and-spom/ Collective thoughts and musings on the state of VoIP security today. Mon, 06 Oct 2008 20:15:48 +0000 http://wordpress.org/?v=2.6.2 By: Dustin D. Trammell http://voipsa.org/blog/2006/06/15/not-just-spit-but-spog-and-spom/#comment-154 Dustin D. Trammell Thu, 15 Jun 2006 20:21:56 +0000 http://voipsa.org/blog/2006/06/15/not-just-spit-but-spog-and-spom/#comment-154 Or, we could just stop all this rediculous segmentation of terminology and call all of it by what it is, SPAM. SPAM is SPAM is SPAM, whether it's delivered over communications protocol A or communications protocol B. What I find really amusing is that terms like SPIT have been created for classes of SPAM that currently don't even exist yet. As the broader IT industry, do we really need to differenticate SPAM over e-mail versus SPAM over VoIP, or even SPAM over IM? Overall, it's the same basic problem with the same basic symptoms, and inevitabley the same basic solutions (whitelist, blacklist, message-challenge, etc) that only marginally address the symptoms of the problem while everyone ignores the problems themselves which are inherent to the communications protocols that allow SPAM to be sent over them. http://en.wikipedia.org/wiki/Spam_%28electronic%29 Or, we could just stop all this rediculous segmentation of terminology and call all of it by what it is, SPAM. SPAM is SPAM is SPAM, whether it’s delivered over communications protocol A or communications protocol B. What I find really amusing is that terms like SPIT have been created for classes of SPAM that currently don’t even exist yet. As the broader IT industry, do we really need to differenticate SPAM over e-mail versus SPAM over VoIP, or even SPAM over IM? Overall, it’s the same basic problem with the same basic symptoms, and inevitabley the same basic solutions (whitelist, blacklist, message-challenge, etc) that only marginally address the symptoms of the problem while everyone ignores the problems themselves which are inherent to the communications protocols that allow SPAM to be sent over them.

http://en.wikipedia.org/wiki/Spam_%28electronic%29

]]> By: S.Meinardi http://voipsa.org/blog/2006/06/15/not-just-spit-but-spog-and-spom/#comment-150 S.Meinardi Thu, 15 Jun 2006 18:40:32 +0000 http://voipsa.org/blog/2006/06/15/not-just-spit-but-spog-and-spom/#comment-150 "SPIT is not a really problem in the wild today. This is partly because VoIP largely exists in islands today, and not in a fully interconnected network. It’s also partly because would-be SPITters have not yet come across the technology." I'm considering two facts: 1. I have an account on voxalot (www.voxalot.com); it's a free * pbx on line; it has a hidden rule so that if you call a number beginning with *xxx (where xxx is a prefix of a VSP allowing free connection), you can call a user of that VSP. I was able to call via voxalot my real VOIP italian and foreigner accounts. The list of prefixes (not all working, to be true) is maintained by sipbroker (www.sipbroker.com) 2. Yesterday I've read this news: http://www.vonmag.com/webexclusives/2006/06/13_Black_Hat_Tracks_VoIP.asp So, I agree with you (and with VOIP Security Workshop experts you talk about in your report) that SPIT is not a real problem TODAY. But I think it will be a big problem tomorrow: and tomorrow it's really near the corner, some weeks not months. “SPIT is not a really problem in the wild today. This is partly because VoIP largely exists in islands today, and not in a fully interconnected network. It’s also partly because would-be SPITters have not yet come across the technology.”

I’m considering two facts:
1. I have an account on voxalot (www.voxalot.com); it’s a free * pbx on line; it has a hidden rule so that if you call a number beginning with *xxx (where xxx is a prefix of a VSP allowing free connection), you can call a user of that VSP. I was able to call via voxalot my real VOIP italian and foreigner accounts. The list of prefixes (not all working, to be true) is maintained by sipbroker (www.sipbroker.com)

2. Yesterday I’ve read this news:
http://www.vonmag.com/webexclusives/2006/06/13_Black_Hat_Tracks_VoIP.asp

So, I agree with you (and with VOIP Security Workshop experts you talk about in your report) that SPIT is not a real problem TODAY. But I think it will be a big problem tomorrow: and tomorrow it’s really near the corner, some weeks not months.

]]>