[VOIPSEC] Soft phone as trojan horse
mailinglist
mailinglist at pbxnsip.com
Tue Sep 5 02:38:38 BST 2006
When you install a soft phone on your computer, that executable has
definitevely the right to access the file system of your computer and other
mounted file systems. Even better, it goes nicely through your firewall. And
as a plus, you can easily locate the computer that you are looking for in
the internet. Gimme your phone number, and I can talk to your computer.
If a vendor of a soft phone does not publish the protocol, that makes me
very sceptical. Who knows if the programmers had a bad day and put in some
back doors "for future software upgrades" or so?
This is a new way of file sharing - initated from the other side of the
session! Lets go phishing and publish a new free soft phone.
Am I getting this right? How much do I have to trust my soft phone vendor?
Christian
More information about the Voipsec
mailing list