[VOIPSEC] Voipsec Digest, Vol 10, Issue 16
Albert
caruabertu at gmail.com
Tue Oct 18 10:10:04 BST 2005
from the skype website
http://www.skype.com/help/guides/staysecure.html
"Set privacy options
Skype keeps you protected from unwanted communications. Just open
File, Options, Privacy, and set your preferences for receiving
communications. We recommend you do not authorize people you do not
know and do not want to talk to.
If someone starts bothering you, you can always add that user to your
Blocked Users list from Tools menu ("Manage Blocked Users") - This
way, all communications from that person are discarded and your
worries are gone. "
2005/10/18, Voipsec-request at voipsa.org <Voipsec-request at voipsa.org>:
> Send Voipsec mailing list submissions to
> Voipsec at voipsa.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> or, via email, send a message with subject or body 'help' to
> Voipsec-request at voipsa.org
>
> You can reach the person managing the list at
> Voipsec-owner at voipsa.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Voipsec digest..."
>
>
> Today's Topics:
>
> 1. Re: Voipsec Digest, Vol 10, Issue 15 (Chris Sutton)
> 2. Re: RTP packet signature (Robert Moskowitz)
> 3. Re: Softphone Security (Porter, Thomas (Tom)) (Jan Seedorf)
> 4. Re: VoIP-Phones: Weakness in proccessingSIP-Notify-Messages
> (Tobias Glemser)
> 5. Re: Voipsec Digest, Vol 10, Issue 15 (Smith, Donald)
> 6. Re: Softphone Security (Robert Moskowitz)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 17 Oct 2005 12:35:06 +0100
> From: "Chris Sutton" <chris at c4l.co.uk>
> Subject: Re: [VOIPSEC] Voipsec Digest, Vol 10, Issue 15
> To: <Voipsec at voipsa.org>
> Message-ID: <058901c5d30e$d2e1bf60$6700a8c0 at office.toastedmedia.net>
> Content-Type: text/plain; charset="us-ascii"
>
> Heya,
>
> Just a couple of points:
>
> 1) Unless you are using QoS somewhere such as on you gateway router,
> VOIP traffic will always be affected by other 'normal' data traffic.
> Esp. load.
> 2) I know you are talking specifically about softphones here, but the
> fundamental design of VOIP is NOT to separate voice and data. In fact
> voice travels as conventional data over IP (sorry I know this sounds
> obvious). If you want to separate voice and data...well that's what
> PSTNs achieve!
> 3) I am currently working in a UK voip company, and the scariest thing
> about softphones is that unlike cisco's and snom's, pc's are inherently
> vulnerable to attack from ANY kind of virus just like any other pc
> application
> 4) Not to mention skype allows you to randomly search for any other user
> by name and lets you call them for free! Stalker heaven I'm sure! Sure
> you can do the same using the phone book, but not so easily.
>
> Thanks,
> Chris
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 15 Oct 2005 19:46:43 +0300
> From: Ari Takanen <art at codenomicon.com>
> Subject: Re: [VOIPSEC] Softphone Security
> To: "Porter, Thomas (Tom)" <tporter at avaya.com>
> Cc: voipsec at voipsa.org
> Message-ID: <20051015164643.GH18585 at codenomicon.com>
> Content-Type: text/plain; charset=us-ascii
>
> Hello all,
>
> I would add:
>
> 5. Malware that affects the VoIP software will affect all other
> applications on the PC and data services available to that PC (a
> separated VoIP phone would not require access to file services,
> databases, intraweb, ...)
>
> 6. Any special permissions that the VoIP application has over firewall
> rules will apply to all applications on that desktop
> (e.g. peer-to-peer software will use SIP for bypassing the security
> policy, which interestingly relates to earlier discussion on
> analyzing the real data content inside the RTP streams)
>
> 7. Reliability problems (robustness, load, stress) in data services
> will not disturb voice, and vice versa.
>
> I hope this was relevant to you.
>
> /Ari Takanen
> Codenomicon Ltd. - Robustness and Security Testing Tools
> http://www.codenomicon.com
>
>
> On Fri, Oct 14, 2005 at 04:26:27PM -0400, Porter, Thomas (Tom) wrote:
> > If anyone has thoughts or experiences w/ softphone security, I'd be
> interested in hearing them...
> >
> > >From my POV, the threats that are particular to softphone use
> include:
> > 1. Many softphones contain advertising software that "phones home"
> with private user information.
> > 2. Softphones require that PC-based firewalls open a number of high
> UDP ports as part of the media stream transaction
> > 3. Malware that affects any other application software on the PC
> can also interfere with voice communications
> > 4. Because a softphone resides on a PC, the principle of logically
> separating voice and data networks is defeated as the PC must reside in
> both domains.
> >
> > Point 1 is easy to deal with. Points 2 & 3 are slightly more
> troubling, but if the PC is secure enough for email & IM, a softphone
> should not add too much more risk. Point 4 is troubling.
> >
> > Thanks, Tom
> >
> >
> > Thomas Porter, PHD
> > Lead Security Architect
> > Avaya Services Research & Development
> > tporter at avaya.com
> > [O] 919.967.2909
> > [Cell - USA] 919.593.3130
> > [Cell - Germany] +49.0163.505.9150
> > [SIP] 919.951.0052
> > [IM] AvayaTPorter
> >
> >
> > _______________________________________________
> > Voipsec mailing list
> > Voipsec at voipsa.org
> > http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
> --
> -o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
> Ari Takanen Codenomicon Ltd.
> ari.takanen at codenomicon.com Kaitovayla 1
> tel: +358-40 50 67678 FIN-90570 Oulu
> http://www.codenomicon.com Finland
> PGP: http://www.codenomicon.com/codenomicon-key.asc
> -o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
>
>
>
> ------------------------------
>
> Message: 2
> Date: Fri, 14 Oct 2005 22:20:33 -0500 (CDT)
> From: "Ram Dantu" <rdantu at unt.edu>
> Subject: [VOIPSEC] IEEE Network Special Issue on VoIP Security
> To: voipsec at voipsa.org
> Message-ID:
> <55671.24.0.100.49.1129346433.squirrel at webmail.csci.unt.edu>
> Content-Type: text/plain;charset=iso-8859-1
>
>
>
>
> Pleae note that the paper submission deadline
> was extended 7th of November, 2005.
>
> ===============================================================
>
> Hello everyone--
>
> Hello everyone--
>
> We plan to edit IEEE Network special issue on VoIP Security.
> We invite submissions for this special issue and the due date is
> November 7, 2005. See the following link for more details
> (http://www.comsoc.org/pubs/net/ntwrk/cfpnetwork3Q06.htm).
>
> We appreciate if you can forward this message to
> the people interested in VoIP and security.
>
>
> Thanks
> Guest Editors
>
> Ram Dantu, University of North Texas
> Dipak Ghosal, University of California, Davis
> Henning Schulzrinne, Columbia University
>
> NOTE: IEEE Network was the number two most-cited journal in electrical
> and
> electronics engineering, number one cited journal in telecommunications,
> and the number two cited journal in computer science hardware
> and architecture, and computer science information systems in 2003,
> according to the annual Journal Citation Report (2003 edition)
> published
> by the Institute for Scientific Information.
>
>
>
>
>
>
>
>
>
>
> ------------------------------
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
> End of Voipsec Digest, Vol 10, Issue 15
> ***************************************
>
>
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 17 Oct 2005 10:03:48 -0400
> From: Robert Moskowitz <rgm at icsalabs.com>
> Subject: Re: [VOIPSEC] RTP packet signature
> To: "Hadriel Kaplan" <HKaplan at acmepacket.com>, "'Pankaj Shroff'"
> <shroffg at gmail.com>
> Cc: Voipsec at voipsa.org
> Message-ID:
> <6.2.3.4.2.20051017095834.03041798 at homebase.htt-consult.com>
> Content-Type: text/plain; charset="us-ascii"; format=flowed
>
> At 07:02 PM 10/12/2005, Hadriel Kaplan wrote:
>
> >I am definitely not an encryption-layer guy (which is why I asked on this
> >list).
>
> I am. It is in my job discription. :)
>
> >I was just curious given how much of the plaintext and keygen values
> >can be known, whether known-plaintext attack was a reasonable attack vector.
> >(e.g., given all the press over the XSL attack theory on AES) But one of
> >the encryption guys at my company pointed me to some papers and discussions
> >on it and I'm convinced it's still highly impractical.
>
> And we are doing a counter mode operation, not a chaining block. In
> many ways, counter mode has superior characteristics to a chaining
> block, provided you NEVER reuse a counter value with a key. That is
> why a keying mechanism is so important if you could possibly have
> more than 2^64 128bit blocks.
>
> With modes like CBC you have hamming distance attacks with known
> plaintext at the beginning of the packet. This is why random IVs are
> so important in CBC.
>
>
> Robert Moskowitz
> Senior Technical Director
> ICSA Labs, a division of Cybertrust, Inc.
> W: 248-968-9809
> F: 248-968-2824
> VoIP: 248-291-0713
> E: rgm at icsalabs.com
>
> There's no limit to what can be accomplished if it doesn't matter who
> gets the credit
>
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 17 Oct 2005 13:06:32 +0200
> From: "Jan Seedorf" <seedorf at informatik.uni-hamburg.de>
> Subject: Re: [VOIPSEC] Softphone Security (Porter, Thomas (Tom))
> To: Voipsec at voipsa.org
> Message-ID: <4353A1D8.4065.AACCFB at localhost>
> Content-Type: text/plain; charset=US-ASCII
>
> We tested X-Lite early this year and it turned out that X-Lite stores user credentials in
> the windows registry. Not only remain these credentials in the registry after proper
> uninstall of the program. The registry entry can also easily be copied and then used on
> another PC to successfully impersonate another user. We tested this with German SIP
> providers and it worked.
>
> I see mainly the following risk: worms can harvest SIP credentials instead of (or in
> addition to) mail adresses and passwords they already harvest. These cerdentials could
> then be used by criminals for toll fraud, spamming, anything,...
>
> Btw, we send Xten, the maker of X-Lite, a note on this. I do not know if they have fixed it
> by now, they do not support X-Lite officially anymore. However, it is still used by
> German SIP providers as a free softphone they offer for download on their websites.
>
> Jan Seedorf
> University of Hamburg, Germany
> -----------------------------
> Jan Seedorf
> Arbeitsbereich SVS (Security in Distributed Systems)
> University of Hamburg, faculty of informatics
> Vogt-Koelln-Str. 30, 22527 Hamburg, Germany
> Tel.: 0049-40-42883-2325, Fax.:-2086
> seedorf at informatik.uni-hamburg.de
>
> "Turn off the TV and pick up a book"
>
>
>
> ------------------------------
>
> Message: 4
> Date: Mon, 17 Oct 2005 01:55:28 +0200
> From: Tobias Glemser <tglemser at tele-consulting.com>
> Subject: Re: [VOIPSEC] VoIP-Phones: Weakness in
> proccessingSIP-Notify-Messages
> To: voipsec at voipsa.org
> Message-ID: <4352E870.6030107 at tele-consulting.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Right you are, but with some phones you also have to spoof the IP Adress
> of the SIP Proxy.
>
> For that I released a new version of the script, enabling you to send
> invite packets and also to spoof ip-adresses [fo that the script was
> renamed from SIP Notice Fun to SIP Send Fun :) ].
>
> http://www.tele-consulting.com/index.php?where=download&part=download&what=ssf
>
> Cheers,
>
> Tobias Glemser
> Tele-Consulting security | networking | training GmbH
>
>
> on 12.10.2005 22:04 mailinglist wrote:
> > NOTIFY-Fun? Try INVITE-Fun!!! Send an INVITE packet to all devices listening
> > on port 5060 on UDP.
> >
> > http://lists.digium.com/pipermail/asterisk-users/2004-January/031868.html
> >
> >
> >>-----Original Message-----
> >>From: Voipsec-bounces at voipsa.org
> >>[mailto:Voipsec-bounces at voipsa.org] On Behalf Of Tobias Glemser
> >>Sent: Wednesday, October 12, 2005 6:31 PM
> >>To: voipsec at voipsa.org
> >>Subject: Re: [VOIPSEC] VoIP-Phones: Weakness in
> >>proccessingSIP-Notify-Messages
> >>
> >>List,
> >>
> >>I just wanted to inform you that I wrote a tiny script, which
> >>enables you to test the discussed vulnerability with your equipment.
> >>
> >>This script works perfect with Grandstream BT100, Cisco
> >>phones won't work on the fly. Please refer to the README for
> >>more information.
> >>
> >>You can download the script here:
> >>http://www.tele-consulting.com/index.php?where=download&part=d
> >>ownload&what=snf
> >>
> >>(german website, but you should be able to download it. If
> >>not, feel free to send me an eMail).
> >>
> >>
> >>Cheers,
> >>
> >>Tobias Glemser
> >>Tele-Consulting security | networking | training GmbH
> >>
> >>Tobias Glemser wrote on 07.07.2005 09:16:
> >>
> >>> Tele-Consulting GmbH
> >>> security | networking | training
> >>>
> >>> advisory 05/07/06
> >>>
> >>>URL of this advisory:
> >>>
> >>
> >>http://pentest.tele-consulting.com/advisories/05_07_06_voip-phones.txt
> >>
> >>>
> >>>Topic:
> >>> Weakness in implemenation of proccessing SIP-Notify-Messages
> >>> in VoIP-Phones.
> >>>
> >>>Summary:
> >>> Due to ignoring the value of 'Call-ID' and even 'tag' and
> >>> 'branch' while processing NOTIFY messages, VoIP-Hardphones
> >>> process spoofed status messages like "Messages-Waiting".
> >>>
> >>> According to RFC 3265, Chap 3.2 every NOTIFY has to be em-
> >>> bedded in a subcription mechanism. If there ain't knowledge
> >>> of a subscription, the UAC has to respond with a "481
> >>> Subscription does not exist" message.
> >>>
> >>> All tested phones processed the "Messages-Waiting" messages
> >>> without prior subscriptions anywhere.
> >>>
> >>>Effect:
> >>> An attacker could send "Messages-Waiting: yes" messages to
> >>> all phones in a SIP-environment. Almost every phone proccesses
> >>> this status message and shows the user an icon or a blinking
> >>> display to indicate that new messages are available on the
> >>> voice box.
> >>>
> >>> If the attacker sends this message to many recipients in a
> >>> huge environment, it would lead to server peaks as many users
> >>> will call the voice box at the same time.
> >>> Because there are no new voice messages as indicated by the
> >>> phone the users will call the support to fix this alleged server
> >>> problem.
> >>>
> >>> All tested phones process the message with a resetted Call-ID,
> >>> 'branch' and 'tag' sent by a spoofed IP-Adress.
> >>>
> >>>Example:
> >>> Attacker spoofs the SIP-Proxys IP, here: 10.1.1.1
> >>> Victim 10.1.1.2
> >>>
> >>> UDP-Message from Attacker to Victim
> >>>
> >>> Session Initiation Protocol
> >>> Request-Line: NOTIFY sip:login at 10.1.1.2 SIP/2.0
> >>> Message Header
> >>> Via: SIP/2.0/UDP 15.1.1.12:5060;branch=000000000000000
> >>> From: "asterisk" <sip:asterisk at 10.1.1.1>;tag=000000000
> >>> To: <sip:login at 10.1.1.2>
> >>> Contact: <sip:asterisk at 10.1.1.1>
> >>> Call-ID: 00000000000000 at 10.1.1.1
> >>> CSeq: 102 NOTIFY
> >>> User-Agent: Asterisk PBX
> >>> Event: message-summary
> >>> Content-Type: application/simple-message-summary
> >>> Content-Length: 37
> >>> Message body
> >>> Messages-Waiting: yes\n
> >>> Voicemail: 3/2\n
> >>>
> >>>Solution:
> >>> Phones who receive a NOTIFY message to which no subscription
> >>> exists, must send a "481 Subscription does not exist" response.
> >>> It should be possible to use the REGISTER request as a
> >>> non-SUBSCRIBE mechanism to set up a valid subscription.
> >>>
> >>> This would reduce the possibility of an attack in a way, that
> >>> only with a sniffed and spoofed subcription such an attack would
> >>> be possible. Background is given by the way dialogs are des-
> >>> cribed in RFC 3261 and the sections 5.5 and 3.2 of RFC 3265.
> >>>
> >>>
> >>>Affected products:
> >>> Cisco 7940/7960
> >>> Grandstream BT 100
> >>> others will be tested in future
> >>>
> >>>
> >>
> >>_______________________________________________
> >>Voipsec mailing list
> >>Voipsec at voipsa.org
> >>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> >>
> >>
> >>
> >
> >
> >
> >
>
>
>
> ------------------------------
>
> Message: 5
> Date: Mon, 17 Oct 2005 09:15:50 -0600
> From: "Smith, Donald" <Donald.Smith at qwest.com>
> Subject: Re: [VOIPSEC] Voipsec Digest, Vol 10, Issue 15
> To: "Chris Sutton" <chris at c4l.co.uk>, <Voipsec at voipsa.org>
> Message-ID:
> <50E094F67A606244AE045ACB99F9E48E6931E0 at qtdene2k3m02.AD.QINTRA.COM>
> Content-Type: text/plain; charset="iso-8859-1"
>
> We have seen malware that collected game license codes for resale.
> I don't know what the stolen codes were sold for but given the initial cost of the game in the $30 range it had to be much less then that.
>
> So if the soft phone required a license code it is likely to become a valuable asset (worth harvesting from infected machines). Any stored information that further enabled the VoIP service would also be valuable and worth harvesting.
>
>
>
>
> donald.smith at qwest.com giac
>
> ________________________________
>
> From: Voipsec-bounces at voipsa.org on behalf of Chris Sutton
> Sent: Mon 10/17/2005 5:35 AM
> To: Voipsec at voipsa.org
> Subject: Re: [VOIPSEC] Voipsec Digest, Vol 10, Issue 15
>
>
>
> Heya,
>
> Just a couple of points:
>
> 1) Unless you are using QoS somewhere such as on you gateway router,
> VOIP traffic will always be affected by other 'normal' data traffic.
> Esp. load.
> 2) I know you are talking specifically about softphones here, but the
> fundamental design of VOIP is NOT to separate voice and data. In fact
> voice travels as conventional data over IP (sorry I know this sounds
> obvious). If you want to separate voice and data...well that's what
> PSTNs achieve!
> 3) I am currently working in a UK voip company, and the scariest thing
> about softphones is that unlike cisco's and snom's, pc's are inherently
> vulnerable to attack from ANY kind of virus just like any other pc
> application
> 4) Not to mention skype allows you to randomly search for any other user
> by name and lets you call them for free! Stalker heaven I'm sure! Sure
> you can do the same using the phone book, but not so easily.
>
> Thanks,
> Chris
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 15 Oct 2005 19:46:43 +0300
> From: Ari Takanen <art at codenomicon.com>
> Subject: Re: [VOIPSEC] Softphone Security
> To: "Porter, Thomas (Tom)" <tporter at avaya.com>
> Cc: voipsec at voipsa.org
> Message-ID: <20051015164643.GH18585 at codenomicon.com>
> Content-Type: text/plain; charset=us-ascii
>
> Hello all,
>
> I would add:
>
> 5. Malware that affects the VoIP software will affect all other
> applications on the PC and data services available to that PC (a
> separated VoIP phone would not require access to file services,
> databases, intraweb, ...)
>
> 6. Any special permissions that the VoIP application has over firewall
> rules will apply to all applications on that desktop
> (e.g. peer-to-peer software will use SIP for bypassing the security
> policy, which interestingly relates to earlier discussion on
> analyzing the real data content inside the RTP streams)
>
> 7. Reliability problems (robustness, load, stress) in data services
> will not disturb voice, and vice versa.
>
> I hope this was relevant to you.
>
> /Ari Takanen
> Codenomicon Ltd. - Robustness and Security Testing Tools
> http://www.codenomicon.com
>
>
> On Fri, Oct 14, 2005 at 04:26:27PM -0400, Porter, Thomas (Tom) wrote:
> > If anyone has thoughts or experiences w/ softphone security, I'd be
> interested in hearing them...
> >
> > >From my POV, the threats that are particular to softphone use
> include:
> > 1. Many softphones contain advertising software that "phones home"
> with private user information.
> > 2. Softphones require that PC-based firewalls open a number of high
> UDP ports as part of the media stream transaction
> > 3. Malware that affects any other application software on the PC
> can also interfere with voice communications
> > 4. Because a softphone resides on a PC, the principle of logically
> separating voice and data networks is defeated as the PC must reside in
> both domains.
> >
> > Point 1 is easy to deal with. Points 2 & 3 are slightly more
> troubling, but if the PC is secure enough for email & IM, a softphone
> should not add too much more risk. Point 4 is troubling.
> >
> > Thanks, Tom
> >
> >
> > Thomas Porter, PHD
> > Lead Security Architect
> > Avaya Services Research & Development
> > tporter at avaya.com
> > [O] 919.967.2909
> > [Cell - USA] 919.593.3130
> > [Cell - Germany] +49.0163.505.9150
> > [SIP] 919.951.0052
> > [IM] AvayaTPorter
> >
> >
> > _______________________________________________
> > Voipsec mailing list
> > Voipsec at voipsa.org
> > http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
> --
> -o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
> Ari Takanen Codenomicon Ltd.
> ari.takanen at codenomicon.com Kaitovayla 1
> tel: +358-40 50 67678 FIN-90570 Oulu
> http://www.codenomicon.com Finland
> PGP: http://www.codenomicon.com/codenomicon-key.asc
> -o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
>
>
>
> ------------------------------
>
> Message: 2
> Date: Fri, 14 Oct 2005 22:20:33 -0500 (CDT)
> From: "Ram Dantu" <rdantu at unt.edu>
> Subject: [VOIPSEC] IEEE Network Special Issue on VoIP Security
> To: voipsec at voipsa.org
> Message-ID:
> <55671.24.0.100.49.1129346433.squirrel at webmail.csci.unt.edu>
> Content-Type: text/plain;charset=iso-8859-1
>
>
>
>
> Pleae note that the paper submission deadline
> was extended 7th of November, 2005.
>
> ===============================================================
>
> Hello everyone--
>
> Hello everyone--
>
> We plan to edit IEEE Network special issue on VoIP Security.
> We invite submissions for this special issue and the due date is
> November 7, 2005. See the following link for more details
> (http://www.comsoc.org/pubs/net/ntwrk/cfpnetwork3Q06.htm).
>
> We appreciate if you can forward this message to
> the people interested in VoIP and security.
>
>
> Thanks
> Guest Editors
>
> Ram Dantu, University of North Texas
> Dipak Ghosal, University of California, Davis
> Henning Schulzrinne, Columbia University
>
> NOTE: IEEE Network was the number two most-cited journal in electrical
> and
> electronics engineering, number one cited journal in telecommunications,
> and the number two cited journal in computer science hardware
> and architecture, and computer science information systems in 2003,
> according to the annual Journal Citation Report (2003 edition)
> published
> by the Institute for Scientific Information.
>
>
>
>
>
>
>
>
>
>
> ------------------------------
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
> End of Voipsec Digest, Vol 10, Issue 15
> ***************************************
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
>
>
>
> ------------------------------
>
> Message: 6
> Date: Mon, 17 Oct 2005 10:41:21 -0400
> From: Robert Moskowitz <rgm at icsalabs.com>
> Subject: Re: [VOIPSEC] Softphone Security
> To: Ari Takanen <art at codenomicon.com>, "Porter, Thomas (Tom)"
> <tporter at avaya.com>
> Cc: voipsec at voipsa.org
> Message-ID:
> <6.2.3.4.2.20051017103537.030205b0 at homebase.htt-consult.com>
> Content-Type: text/plain; charset="us-ascii"; format=flowed
>
> At 12:46 PM 10/15/2005, Ari Takanen wrote:
>
> >5. Malware that affects the VoIP software will affect all other
> > applications on the PC and data services available to that PC (a
> > separated VoIP phone would not require access to file services,
> > databases, intraweb, ...)
>
> I question your wording. I can conceive of a Malware that targets
> only the VoIP software. Specifically in light of point 6.
>
> >6. Any special permissions that the VoIP application has over firewall
> > rules will apply to all applications on that desktop
> > (e.g. peer-to-peer software will use SIP for bypassing the security
> > policy, which interestingly relates to earlier discussion on
> > analyzing the real data content inside the RTP streams)
>
> Again, problems with wording. In general this is true. I have not
> seen it done here, but we do see program specific 'fingerprints'
> (e.g. AOL IM) that can restrict authentication to a specific
> request. This may be more complicated than many will bother
> with. Until there is wide-spread misuse of SIP/RTP policies.
>
>
> Robert Moskowitz
> Senior Technical Director
> ICSA Labs, a division of Cybertrust, Inc.
> W: 248-968-9809
> F: 248-968-2824
> VoIP: 248-291-0713
> E: rgm at icsalabs.com
>
> There's no limit to what can be accomplished if it doesn't matter who
> gets the credit
>
>
>
>
>
> ------------------------------
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
> End of Voipsec Digest, Vol 10, Issue 16
> ***************************************
>
More information about the Voipsec
mailing list