Category: Security
-
/
WhatsApp and End-to-End Encryption (a ChatGPT3 article experiment)
Continue Reading: WhatsApp and End-to-End Encryption (a ChatGPT3 article experiment)For those who use WhatsApp, you may have noticed that your messages are secure and private, thanks to the encryption that is used. But what is encryption, and why is it so important?
Encryption is a process of scrambling information so that only the intended recipient can read it. Essentially, it takes the data you’re sending and scrambles it using a mathematical algorithm. To unscramble the data, you need a key, which is known only to the sender and the receiver.
WhatsApp uses end-to-end encryption, which means that your messages are encrypted on the sender’s device, travel securely to the receiver’s device, and remain encrypted until the receiver reads them. This means that no one – not even WhatsApp themselves – can see the messages you’re sending.
This is an important feature for anyone concerned about their privacy, especially in an era of increased surveillance. With WhatsApp’s encryption, you can be sure that your messages will stay safe, secure, and private.
WhatsApp is also working to improve their encryption, with plans to add a feature known as “Perfect Forward Secrecy”. This feature will generate a new encryption key for each message you send, ensuring that if one key is ever…
-
/
Heading to Romania to ION Bucharest for DNSSEC, IPv6, routing security and more
Continue Reading: Heading to Romania to ION Bucharest for DNSSEC, IPv6, routing security and moreThis week I will briefly be in Bucharest, Romania, for the Internet Society’s ION Bucharest conference. We’ve got a great set of sessions on the agenda, including:
- Deploying DNSSEC
- Romanian DNSSEC Case Study
- Let’s Encrypt & DANE
- Mind Your MANRS & the Routing Resilience Manifesto
- The Case for IPv6
- IPv6 Success Stories
- What’s Happening at the IETF? Internet Standards and How To Get Involved
I will have two roles in the event tomorrow:
- Presenting the “Deploying DNSSEC” technical session.
- Doing the live streaming of the event through the Deploy360 YouTube channel.
I enjoy doing the production of live video streams and so this should be a good bit of fun (it’s also intense work in the midst of it).
You can WATCH LIVE starting at 14:00 EEST (UTC+3, or 7 hours ahead of the US East Coast where I live).
The sessions will also be recorded for later viewing.
It will be a short trip for me. I’m currently (Tuesday morning) writing this from the Munich airport. I land in Bucharest tonight. The event is tomorrow – and then I fly home Thursday afternoon.
Despite the short visit, I’m looking forward to it – it should be a…
- Deploying DNSSEC
-
/
Audio Recording: My SIPNOC 2014 Talk – “Is It Time For TLS For SIP?”
Continue Reading: Audio Recording: My SIPNOC 2014 Talk – “Is It Time For TLS For SIP?”Is it time to use Transport Layer Security (TLS… essentially what we used to call “SSL”) to add a layer of trust and security to Voice-over-IP (VoIP) that uses the Session Initiation Protocol (SIP)?Way back in June 2014, I gave a talk on this topic at the SIP Network Operators Conference (SIPNOC) in Herndon, Virginia. I recorded the audio of the session… but then lost track of the recording. I recently found it and, since much of it is (sadly) still relevant, I decided to release the recording as one of my The Dan York Report audio podcast episodes:
The slides that go with the presentation are available on SlideShare:
You’ll see in the slide deck that I also provide some tutorials around DANE and DNSSEC along the way.
Coincidentally, I learned on Facebook over the weekend that my friend Olle Johansson was speaking on this exact topic at the FOSDEM 2016 conference in Brussels this weekend. His slides about SIP & TLS are also available on SlideShare, and he has more recent information – and also the conclusion that we need to use “SIP Outbound” for any of this to work:
Olle’s last slide about what we need…
-
/
Can We Create A “Secure Caller ID” For VoIP? (Join Tomorrow’s STIR BOF To Learn More)
Continue Reading: Can We Create A “Secure Caller ID” For VoIP? (Join Tomorrow’s STIR BOF To Learn More)Can we create a “secure Caller ID” for IP-based communications, a.k.a. voice-over-IP (VoIP)? And specifically for VoIP based on the Session Initiation Protocol (SIP)? Can we create a way to securely identify the origin of a call that can be used to combat robocalling, phishing and telephony denial-of-service (TDOS) attacks?
That is the challenge to be undertaken by the “Secure Telephone Identity Revisited (STIR)” group meeting tomorrow morning, July 30, 2013, at 9:00 am in Berlin, Germany, as part of the 87th meeting of the Internet Engineering Task Force (IETF). The meeting tomorrow is a “Birds Of a Feather (BOF)”, which in IETF language is a meeting to determine whether there is sufficient interest to create a formal “working group” to take on a new body of work within the IETF. The proposed “charter” for this new work begins:
Over the last decade, a growing set of problems have resulted from the lack of security mechanisms for attesting the origins of real-time communications. As with email, the claimed source identity of a SIP request is not verified, and this permits unauthorized use of source identities as part of deceptive and coercive activities, such as robocalling (bulk unsolicited commercial communications),…
-
/
At SIPNOC 2013 This Week Talking About VoIP And IPv6, DNSSEC … and Security, Of Course
Continue Reading: At SIPNOC 2013 This Week Talking About VoIP And IPv6, DNSSEC … and Security, Of CourseOne of the conferences I’ve found most interesting each year is the SIP Network Operators Conference (SIPNOC) produced by the SIP Forum, a nonprofit industry association. Part of my interest is that it is only an educational conference, i.e. there’s no massive exhibit floor or anything… it’s all about education. It also brings together pretty much all the major players in the “IP communications” space – certainly within North America but also from around the world.
I’ll be there this week in Herndon, Virginia, talking about how VoIP can work over IPv6 and how DNSSEC can make VoIP more secure. The sessions I am directly involved with include:
- Panel Discussion: Anatomy of a VoIP DMZ
- VoIP Security BOF
- Panel Discussion: IPv6 and SIP – Myth or Reality?
- Who Are You Really Calling? How DNSSEC Can Help
There are quite a range of other topics on the SIPNOC 2013 agenda, including a number of other talks related to security.
It should be quite a good show and I’m very much looking forward to it. I’m particularly looking forward to my “DNSSEC and VoIP” talk on Thursday as that is a topic I’ve not presented on before… but I think…
-
/
Oracle Buys Acme Packet For $2 Billion To Gain SIP Session Border Controllers (SBCs) And More
Continue Reading: Oracle Buys Acme Packet For $2 Billion To Gain SIP Session Border Controllers (SBCs) And MoreFascinating news today out of Oracle that they have purchased Acme Packet in a transaction estimated to be around $2 billion US. For those of you not really tracking the VoIP security space, Acme Packet is probably the world’s largest vendor of “session border controllers (SBCs)“, devices that are used to securely and reliable interconnect VoIP networks. SBCs also provide a very important role in helping with interoperability of Session Initiation Protocol (SIP) signaling between the SIP products and networks of different vendors.As Andy Abramson writes, the fascinating aspect of this acquisition is this:
This is an interesting grab by one of the tech world’s true giants because it sqaurly puts Oracle into a game where they begin to compete with the giants of telecom, many of whom run Oracle software to drive things including SBC’s, media gateways and firewall technology that’s sold.
This acquisition does put Oracle VERY firmly into the telecom sector at a carrier / large enterprise level, as Acme Packet’s products are widely used within that tier of companies. As the news release notes:
“The company’s solutions are deployed by more than 1,900 service providers and enterprises globally, including 89 of world’s top 100…
-
/
Today’s VUC Call – Philippine Phone Phreaking Funding Terrorists
Continue Reading: Today’s VUC Call – Philippine Phone Phreaking Funding TerroristsFor those interested in telecommunications security, today’s (Dec 2, 2011) VoIP Users Conference (VUC) call at 12 noon US Eastern will cover the recent arrests of 4 Philippine men who defrauded AT&T of close to $2 million and were employed by an alleged terrorist organization who was using the proceeds of the scam to fund their activities.
Eric Klein of Humbug Labs will be the guest on the VUC call discussing this and other fraud issues. It should be an interesting discussion.
You can join the live call via SIP, Skype or the regular old PSTN. There is also an IRC backchannel that gets heavy usage during the call. It will be recorded so you can always listen later.
If you found this post interesting or useful, please consider either:
-
/
The Creepy – And Insecure – Side of iOS and Android Apps
Continue Reading: The Creepy – And Insecure – Side of iOS and Android AppsWant to see the dark side of mobile apps? Just read this great bit of research from Troy Hunt:Secret iOS business; what you don’t know about your apps
As people have noted in the comments, “iOS” (Apple’s operating system for iPhones and iPads) is purely the platform Troy Hunt did his research on… but he’s really talking about issues with mobile applications.
I’m my unfortunately sure that these type of issues will also be there on apps on Android and probably on other mobile operating systems from Microsoft, RIM, WebOS, etc.
These are application design issues.
The article starts off with the incredibly inefficient case of stuffing large images from “regular” websites down the mobile pipe to the phone… and then simply “resizing” them with “width” and “height” attributes. This is just laziness”efficiency” on the app developers part in that they are simply “repurposing their existing content” for a mobile audience, i.e. it’s too much work/effort for them to create and track a separate smaller image for a mobile environment so they will just send you the larger one and eat up your data plan bandwidth.
But Troy Hunt goes on to talk about far worse issues… he calls…
-
/
Survey: Only 40% of Canadians Password-Protect Their Cell Phones
Continue Reading: Survey: Only 40% of Canadians Password-Protect Their Cell PhonesOnly 40% of Canadian cell phone users password-protect their phones or use other privacy options, a survey by Canada’s privacy commissioner found. The results of the 2000-person survey were released in August and written up in a Globe And Mail piece entitled “How private is that text message?“.
When I saw the headline, I honestly thought it was going to be something about the security of SMS messages… but in fact it was about the security of the cell phones themselves. If the phones aren’t secured then someone can go in and look at your text messages. Ergo… the link-bait title of the article. (And yes, it got me to look.)
Still, it had some interesting data points such as the fact that the users from age 18 to 34 were the ones most likely to use privacy tools, which is good to see, since they are probably the ones pumping the most information out online.
Nice to see, too, that 82 percent did not think police should have access to your online usage info without a warrant.
I was surprised, in all honestly, about the 40% number… I actually might have thought of it being lower as I…
-
/
Speaking Next Week on IPv6 and VoIP Security at 7th Real-Time Communications Conference in Chicago
Continue Reading: Speaking Next Week on IPv6 and VoIP Security at 7th Real-Time Communications Conference in ChicagoIf any of you will be in Chicago next week, October 4-6, 2011, for the 7th Annual Real-Time Communications Conference & Expo, I’ll be there on the 5th and 6th as a speaker.I’ll be speaking twice. First on Wednesday the 5th at 4pm on “The Current State of VoIP Security“, wearing my VOIPSA hat and leading off a series of talks about security. I’ll be providing an overview of the main threats to VoIP and communications security in general, leading the way into the two more specific talks following mine.
I’m rather excited that my second session will be my first public appearance wearing my new Internet Society hat (if you are not aware, I’ve posted details about my recent move) and will of course be about IPv6… more specifically “How IPv6 Will Impact SIP And Telecom“.
Due to ongoing events on the personal front, I wasn’t sure that I was going to make it out there… and quite frankly there’s still a chance that I won’t… but I should be out there.
If you look at the conference schedule, the speakers include outstanding people involved with so many different aspects of real-time communications. It should be truly an…