[VOIPSEC] Cellphone Botnets, Blackmailing VOIP & a Healthy Cybercrime Economy - Desktop Security News Analysis - Dark Reading (UNCLASSIFIED)

nnp version5 at gmail.com
Wed Oct 22 04:30:34 CDT 2008 

Has anyone here seen any examples of cellphone botnet'ing or hardphone
botnet'ing for that matter? I'm interested to see how long it will be
before (I can only assume someone is researching it) we see code
execution + malware for the more common hardphones.

(Btw, does anyone know what OS those Cisco hardphones are running? I
would assume it is something VxWorks/Linux based?)

On Tue, Oct 21, 2008 at 9:39 PM, Craig <craig at reswob.net> wrote:
> Classification:  UNCLASSIFIED
> Caveats: NONE
>
>
>
> http://www.darkreading.com/document.asp?doc_id=166029
>
>
> The attached link goes to an article that highlights a report put out by the
> Georgia Tech Information Security Center (GTISC) regarding five emerging
> threats that the authors see coming down the pipe in 2009.  One of those
> threats is against VoIP.... as usual.  It talks about how VoIP DoS attacks
> will be used to blackmail organizations.
>
> As has been discussed before by many, the main reason there haven't been
> more documented attacks is due to the fact that most VoIP implementations
> are not exposed to the raw Internet.  Without that exposure, is it possible
> to launch an effective VoIP specific DoS blackmail scheme against a company?
>
>
> And considering the two most well known publicly used VoIP services, Vonage
> and Skype, are they vulnerable to a VoIP DoS?  While I know of some
> government organizations that would love to DoS Skype (at least in their
> domain), it doesn't seem likely that an infrastructure as Skype has could be
> DoS'd easily.
>
>
> On a side note, regarding the fact that it seems VoIP is always on the lists
> of emerging threats about to happen, perhaps we, as an industry of VoIP
> security types, need to be wary that we don't push the panic button too
> often.  VoIP is still new, is still developing and still has many known and
> unknown security risk, but I wonder if someone is always saying something
> 'bad' is about to happen, will the message start getting ignored because
> nothing major has happened before despite 'dire' predictions?
>
> Anyway, just some thoughts..
>
>
>
> Craig L. Bowser
> CISSP           SANS GSEC (Gold)
> -------------------------------
> Hard work spotlights the character of people; some turn up their sleeves,
> some turn up their noses, and some don't turn up at all!
>
>
>
>
> Classification:  UNCLASSIFIED
> Caveats: NONE
>
>
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>



-- 
http://www.unprotectedhex.com
http://www.smashthestack.org

More information about the Voipsec mailing list