[VOIPSEC] Voipsec Digest, Vol 10, Issue 15

Smith, Donald Donald.Smith at qwest.com
Mon Oct 17 10:15:50 CDT 2005 

We have seen malware that collected game license codes for resale.
I don't know what the stolen codes were sold for but given the initial cost of the game in the $30 range it had to be much less then that.
 
So if the soft phone required a license code it is likely to become a valuable asset (worth harvesting from infected machines). Any stored information that further enabled the VoIP service would also be valuable and worth harvesting.
 
 
 
 
donald.smith at qwest.com giac

________________________________

From: Voipsec-bounces at voipsa.org on behalf of Chris Sutton
Sent: Mon 10/17/2005 5:35 AM
To: Voipsec at voipsa.org
Subject: Re: [VOIPSEC] Voipsec Digest, Vol 10, Issue 15



Heya,

Just a couple of points:

1) Unless you are using QoS somewhere such as on you gateway router,
VOIP traffic will always be affected by other 'normal' data traffic.
Esp. load.
2) I know you are talking specifically about softphones here, but the
fundamental design of VOIP is NOT to separate voice and data.  In fact
voice travels as conventional data over IP (sorry I know this sounds
obvious).  If you want to separate voice and data...well that's what
PSTNs achieve!
3) I am currently working in a UK voip company, and the scariest thing
about softphones is that unlike cisco's and snom's, pc's are inherently
vulnerable to attack from ANY kind of virus just like any other pc
application
4) Not to mention skype allows you to randomly search for any other user
by name and lets you call them for free! Stalker heaven I'm sure! Sure
you can do the same using the phone book, but not so easily.

Thanks,
Chris


----------------------------------------------------------------------

Message: 1
Date: Sat, 15 Oct 2005 19:46:43 +0300
From: Ari Takanen <art at codenomicon.com>
Subject: Re: [VOIPSEC] Softphone Security
To: "Porter, Thomas (Tom)" <tporter at avaya.com>
Cc: voipsec at voipsa.org
Message-ID: <20051015164643.GH18585 at codenomicon.com>
Content-Type: text/plain; charset=us-ascii

Hello all,

I would add:

5. Malware that affects the VoIP software will affect all other
   applications on the PC and data services available to that PC (a
   separated VoIP phone would not require access to file services,
   databases, intraweb, ...)

6. Any special permissions that the VoIP application has over firewall
   rules will apply to all applications on that desktop
   (e.g. peer-to-peer software will use SIP for bypassing the security
   policy, which interestingly relates to earlier discussion on
   analyzing the real data content inside the RTP streams)

7. Reliability problems (robustness, load, stress) in data services
   will not disturb voice, and vice versa.

I hope this was relevant to you.

/Ari Takanen
 Codenomicon Ltd. - Robustness and Security Testing Tools
 http://www.codenomicon.com


On Fri, Oct 14, 2005 at 04:26:27PM -0400, Porter, Thomas (Tom) wrote:
> If anyone has thoughts or experiences w/ softphone security, I'd be
interested in hearing them...
>
> >From my POV, the threats that are particular to softphone use
include:
> 1.    Many softphones contain advertising software that "phones home"
with private user information.
> 2.    Softphones require that PC-based firewalls open a number of high
UDP ports as part of the media stream transaction
> 3.    Malware that affects any other application software on the PC
can also interfere with voice communications
> 4.    Because a softphone resides on a PC, the principle of logically
separating voice and data networks is defeated as the PC must reside in
both domains.
>
>       Point 1 is easy to deal with. Points 2 & 3 are slightly more
troubling, but if the PC is secure enough for email & IM, a softphone
should not add too much more risk.  Point 4 is troubling.
>
>       Thanks, Tom
>
>
> Thomas Porter, PHD
> Lead Security Architect
> Avaya Services Research & Development       
> tporter at avaya.com   
> [O] 919.967.2909
> [Cell - USA] 919.593.3130
> [Cell - Germany] +49.0163.505.9150
> [SIP] 919.951.0052
> [IM] AvayaTPorter
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

--
-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
Ari Takanen                       Codenomicon Ltd.
ari.takanen at codenomicon.com       Kaitovayla 1
tel: +358-40 50 67678             FIN-90570 Oulu
http://www.codenomicon.com        Finland
PGP: http://www.codenomicon.com/codenomicon-key.asc
-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-



------------------------------

Message: 2
Date: Fri, 14 Oct 2005 22:20:33 -0500 (CDT)
From: "Ram Dantu" <rdantu at unt.edu>
Subject: [VOIPSEC] IEEE Network Special Issue on VoIP Security
To: voipsec at voipsa.org
Message-ID:
        <55671.24.0.100.49.1129346433.squirrel at webmail.csci.unt.edu>
Content-Type: text/plain;charset=iso-8859-1




Pleae note that the paper submission deadline
was extended 7th of November, 2005.

===============================================================

Hello everyone--

Hello everyone--

We plan to edit IEEE Network special issue on VoIP Security.
We invite submissions for this special issue and the due date is
November 7, 2005. See the following link for more details
(http://www.comsoc.org/pubs/net/ntwrk/cfpnetwork3Q06.htm).

We appreciate if you can forward this message to
the people interested in VoIP and security.


Thanks
Guest Editors

Ram Dantu, University of North Texas
Dipak Ghosal, University of California, Davis
Henning Schulzrinne, Columbia University

NOTE: IEEE Network was the number two most-cited journal in electrical
and
electronics engineering, number one cited journal in telecommunications,
and the number two cited journal in computer science hardware
and architecture, and computer science information systems in 2003,
according to the annual Journal  Citation Report (2003 edition)
published
by the Institute for Scientific Information.










------------------------------

_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org


End of Voipsec Digest, Vol 10, Issue 15
***************************************


_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list