News reports are coming out now (FierceVoIP, Network World and others) that in about 30 minutes or so, Avaya, Cisco, Nortel and VoIPShield Systems will be jointly announcing VoIP security vulnerabilities – and corresponding fixes.
We are delighted to see that in contrast to the previous announcement of vulnerabilities discovered by VoIPshield Systems, all three major vendors will be participating in today’s announcement.
Stay tuned… and if you are an Avaya, Cisco or Nortel user, you should probably be standing by to allocate some time to patching.
avaya, cisco, nortel, voip, security, voip security, voipshield, voipshield systems
I recently learned that Nortel has launched their “Voice Security Technology Blog“. Their initial post outlines their goals for the blog. They only have two posts up so far but we’ll be interested to watch the blog and see what they do with it.
voice, voip, nortel, security, voice security, voip security
Some researchers over at Johns Hopkins University have discovered that due to the way Variable Bitrate Compression does it’s thing, even if the audio stream is encrypted it is still possible to determine entire words and phrases based on the lengths of the packets with a high degree of accuracy.
According to the article referenced above it appears that the proof of concept tool is fairly limited, but given a little time and additional effort it’s capabilities could be greatly expanded, potentially to the point of transcribing entire conversations.
The researchers’ paper was presented at the 2008 IEEE Symposium on Security and Privacy a few weeks ago.