Monthly Archives: November 2007

VoIP makes the SANS Top 20 Internet Security Risks of 2007 (again)

The SANS Institute just released its Top 20 Internet Security Risks of 2007 Annual update. Yet again this year, VoIP made the list, with a collection of just some of the VoIP vulnerabilities that were disclosed this past year. Check it out. For those of you who don’t want to read the entire document, a decent executive summary is available here.

ISC2 elections now underway – if you are a CISSP, please vote!

200711211358Just a note that if any of you out there are CISSP-certified, the elections for the Board of Directors for the ISC2 is happening right now through November 30th. Visit the ISC2 website, login to the members section and vote for up to 5 candidates (of the 12 running). If you find value in the CISSP, as I do, and would like it to retain its value, I encourage you to spend a few minutes reading through the bios and voting in the election. Ultimately, the direction of the ISC2, and the value of the CISSP certification, is in our hands as certification-holders and ISC2 members.

Technorati Tags: ,

McAfee Predicts 50% Rise in VoIP Attacks for 2008

McAfee recently published their top ten threat predictions for 2008. Among the other threats, attacks against VoIP systems were predicted to rise by 50% in 2008:

VoIP attacks should increase by 50 percent in 2008. More than twice the number of VoIP-related vulnerabilities were reported in 2007 versus the previous year – several high-profile “vishing” attacks, and a criminal phreaking (or fraud) conviction – so it’s clear that VoIP threats have arrived and there’s no sign of a slowdown.

Colossus Redux

Bletchley Park is the UK’s mecca for people interested in the history of code breaking, and in particular the codes of World War 2. Bletchley Park (in WW2 known as “Station X”) was the home of the code breakers, and where early computing pioneers like Alan Turing worked on the science of breaking cyphers.

This week, a team of volunteers led by Tony Sale completed a 14 year project to rebuild Colossus, one of the code-breaking computers used at Bletchley Park. After the war the machines were dismantled and even the plans destroyed by order of the military, so the Colossus had to be painstakingly remembered and reconstructed, with the help of some of the original engineers that built it. Tony Sale has had a long association with Bletchley Park, and also with remembering and rebuilding the most important antique computers in the British history of computing.

Although the Colossus was somewhat single-minded in its operation, its use of valves as electronic switches paved the way for the general-purpose computers of the 1940s and 50s, and of course the work they did at Bletchley paved the way for the use of encryption technologies that we use today in data and voice applications across the Internet.

Link: report on the Colossus rebuilt.

List of VoIP Security training courses…

Over on his own VoIP Security Weblog, Mark Collier recently posted a nice list of VoIP security training courses. In looking at his list I think there might be one or two other ones we’ve mentioned on Blue Box that I’ll have to dig up… but overall it’s a good list. Thanks, Mark, for putting it together!

This kind of list should really have a home somewhere on the VOIPSA web side under, say, the Resources page. We’ll have to see about putting a page up. Anyone out there interested in being the maintainer of such a page?

Technorati Tags: , ,

Malware tries to entice Skype users with chat msg about lost girl…

Last week I meant to write about this, but Skype is advising people about some malware that is floating around that tries to entice Skype users to click a link that will then infect your computer. The rather despicable fashion the malware uses is to send a chat message that says “Please help me find this girl” referring to Madeleine McCann. Facetime Security Labs has a lengthy writeup that goes into all sorts of details about the particular worm variant. It propagates via IM, so it’s not anything particularly tied into VoIP, but obviously just something people should be concerned about.

Technorati Tags: