Category: Security
-
/
Is Craigslist blocking VoIP, Prepaid phone numbers in anti-spam effort?
Continue Reading: Is Craigslist blocking VoIP, Prepaid phone numbers in anti-spam effort?Is Craigslist really blocking phone numbers from VoIP service providers or pre-paid cell phones as an anti-spam measure?Last night over on the VoIPinsider blog, Cory Andrews wrote that Craigslist is apparently blocking VoIP or prepaid cellular numbers as part of their anti-spam measures. Now I’m a huge fan of Craigslist and we’ve sold lots of items (including, now, our house) via Craigslist. But we’ve also seen the spam out there and personally been contacted in response to one of our ads by a sleazy individual who was trying to scam us out of money. Techdirt, in fact, says that the battle has been lost and that the spammers are taking over Craigslist. While it wasn’t that dreadful in the Vermont Craigslist area, there certainly was some spam and you can understand the folks there wanting to do all they can to block spammers.
But to block VoIP service providers? Just as increasingly large numbers of users move over to VoIP services?
THE APPARENT ACTIONS
It seems a rather draconian – and misguided – measure. As the VoIP Insider article states:
A few months back, Craiglist instituted a telephone verification process that places an automated outbound call to a user placing…
-
/
My “Black Bag Security Review” hits IT Conversations’ Top 10 Downloads for March 2008…
Continue Reading: My “Black Bag Security Review” hits IT Conversations’ Top 10 Downloads for March 2008…I was rather surprised but pleased to see that my “Black Back Security Review” was on the list of the “Top Ten IT Conversations Shows for March 2008“. My “surprise” was mostly because that particular talk is over a year old and was given at the ETel 2007 show back at the end of February 2007.To be honest, I was not actually aware (or didn’t remember, anyway) that the IT Conversations Network had distributed my talk but I’m guessing they did so with a number of the ETel sessions.
Unfortunately, they don’t include the slides, which I put up in the Blue Box posting and also just generally made available on SlideShare. Without the slides, I suppose it works perfectly fine.. I’ve just never listened to it that way. It was still one of the most fun presentations I’ve ever given. Also took a ton of time to prepare. 243 slides in 14 minutes… 🙂 (I did write up some notes about the presentation and the style, etc.)
Anyway, it’s cool to see people discovering that session again. Nice surprise!
Technorati Tags: voip, voip security, dan york, etel
-
/
My presentations at VoiceCon this week…
Continue Reading: My presentations at VoiceCon this week…I’m down in Orlando this week for VoiceCon Orlando and will be part of three sessions. Tomorrow, I’m moderating a panel at 8am on VoIP security and on Thursday I’m moderating a panel on open source telephony. On Wednesday, I’ll be part of a keynote panel with Irwin Lazar on “Social networking and enterprise communication”, which should be quite fun. I’ll include below the full descriptions of the various sessions. If you are attending VoiceCon and want to connect, please do contact me.Session Title: Top VOIP Security Threats
Date: 3/18/2008
Time: 8:00 AM
Room: Osceola B
Session Description: There’s been a lot of concern about voice over IP security, but have there been many actual exploits? This session will inform you about the state of VOIP security. You’ll learn about generalized IP attacks that have affected IP telephony systems deployed on IP networks, and you’ll also find out what VOIP-specific attacks have actually been observed “in the wild”–and what to expect in the future.
KEY QUESTIONS: * What are the most serious voice-oriented attacks that are actually being carried out? What potential attacks haven’t occurred yet but probably will before long? * How do you protect your VOIP systems against… -
/
UK suggests carrying multiple mobile phones may make you a terrorist!
Continue Reading: UK suggests carrying multiple mobile phones may make you a terrorist!
two phone
Originally uploaded by Pat2001 Over the weekend, Pat Phelan posted about a sign in the UK that asks “What if someone with several (mobile phones) seems suspicious?” (Click on the image to the right to see the sign larger.) The paragraph then reads:Terrorists need communication. They often collect and use many anonymous pay-as-you-go phones, as well as swapping SIM cards and handsets. If you’re suspicious of the number of phones someone has, we need to know. Let experienced officers decide what action to take.
On one level, I do understand the point they are trying to make. But on another level, I just think of all the people I know who travel to trade shows and conferences with a whole range of cell phones!
Technorati Tags:
security, mobile phones, terrorism, UK
-
/
IETF “RUCUS” BOF to be held about SPIT…
Continue Reading: IETF “RUCUS” BOF to be held about SPIT…Over on the Voice of VOIPSA blog today I posted about a new session has been approved for the IETF 71 meeting coming up in Philadelphia in March called “Reducing Unwanted Communications using SIP” a.k.a. “RUCUS”.Hannes Tschofenig, who submitted the proposal, has created a RUCUS web page and is looking for feedback. I’m planning to be at the RUCUS session at IETF 71 and would encourage others who want to talk about voice spam / SPIT to join in as well!Technorati Tags: rucus, spit, spam, voice spam, voip, voip security, security, ietf, standards
-
/
I’ll be speaking at Ingate’s SIP Trunking Seminars at IT Expo in Miami next week
Continue Reading: I’ll be speaking at Ingate’s SIP Trunking Seminars at IT Expo in Miami next weekIf any of you will be in Miami next week for Internet Telephony Expo, I will be speaking on VOIPSA’s behalf at Ingate’s SIP Trunking Seminar Series held in conjunction with IT Expo. Predictably, my session from 8:30-9:45am on Thursday, January 24th is titled “Seminar/myth 1: VoIP is not secure“.If you are going to be down at IT Expo, do check out the full schedule for Ingate’s SIP Trunking Seminar Series. They have a good range of speakers and the seminars are free.
If any of you are attending either IT Expo or the SIP Trunking Seminar Series, please do drop a note as I’m always interested in meeting readers.
Technorati Tags: sip, sip trunking, ingate, itexpo, conferences
-
/
Heading to New York today for Interop… speaking tomorrow on VoIP Security
Continue Reading: Heading to New York today for Interop… speaking tomorrow on VoIP SecurityIn a few hours I’ll be boarding a plane back to New York where I’ll be attending Interop New York this afternoon and tomorrow. If any of you reading this will be there, please do drop an email. Tomorrow, I’ll be on a panel at 2:45pm with Jonathan Rosenberg about “Voice-oriented Attacks”. (Side note to Interop: Please make it so that we can link to individual sessions instead of having to link to the entire list of “security”-related sessions!) If you aren’t aware of who Jonathan Rosenberg is, he works for Cisco and is a huge contributor to IETF efforts related to SIP and in fact was one of the co-authors of RFC 3261 which is the primary RFC defining SIP. He’s also the author of “The Hitchhiker’s Guide to SIP” which aims to help guide people through the maze of the many, many documents that now are part of “SIP”. More relevant to tomorrow’s session, he’s also the author of a series of NAT traversal protocols for SIP, namely STUN, TURN and now ICE. Eric Krapf, the moderator of the session, is aiming to make it a more interactive and discussion-focused session (i.e. no slideware-to-death)… we’ll see…
-
/
Additional thoughts on Skype and hotel networks – there’s issues on both sides…
Continue Reading: Additional thoughts on Skype and hotel networks – there’s issues on both sides…To my immense surprise, my article yesterday about my challenges with Skype and my hotel Internet connection just hit TechMeme today, so welcome, anyone who is coming my way from there. But that also prompted me to want to offer up some additional thoughts on the subject.
First, I’m actually quite annoyed at the Best Western here in Ontario, CA, for essentially blocking Skype by virtue of their network security traffic policies. If travel shall bring me to Ontario, CA, again, you can be pretty sure that I will not be staying here. Skype has become an important communication tool for me and <cue violins>was the way I was intending to call home and stay in touch with my family</violins>. Skype has worked great at the hotel I was at earlier in the week in Phoenix and in fact at every other hotel I’ve been at lately. I do intend to contact Best Western to express my dissatisfaction at being unable to use the program.
Having said that, as a security professional I do understand WHY the security team at the Internet provider to this Best Western hotel has the policies in place that they do. As Phil Wolff commented,…
-
/
How using Skype disrupted my hotel Internet connection and locked me out
Continue Reading: How using Skype disrupted my hotel Internet connection and locked me outUPDATE: I have now posted some additional thoughts about this issue.
It’s been a frustrating time here at the hotel in Ontario, CA, where all I’ve been trying to do is use the Internet connection. I’m staying at the Best Western and did so largely because they advertised free high-speed Internet (they were also cheaper than others). First annoyance was discovering that I was too far away from their APs to use wireless, but since I had an ethernet cable I just plugged into the wall jack and expected to get access. The very first time I connected, I did get an IP address and could see an entry in my routing table for the default gateway. However, I couldn’t ping it.
Being rather used to network troubleshooting, I did the usual things… bringing the interface up and down, disconnecting and re-connecting the cable. I even went to the hotel lobby and got a new cable in case the issue was with my portable/retractable cable.
Nothing. No net.
In desperation I did the thing that tech support always tells you to do but I avoid… reboot. Nothing.
So finally this morning I got on the phone to the Best Western…
-
/
Great overview of SIP security now posted on Blue Box site…
Continue Reading: Great overview of SIP security now posted on Blue Box site…Over on Blue Box, I uploaded on Friday what I consider one of the best overviews about SIP security that we’ve done: Blue Box Special Edition #20. I recorded the interview out at VoiceCon San Francisco in August and it’s with Cullen Jennings who is a Distinguished Engineer at Cisco Systems, but more relevant to SIP is one of the Area Directors for the Real-time Applications and Infrastructure (RAI) area within the IETF. Basically all of the proposals for RFCs relating to SIP roll up under the RAI area. Cullen’s also quite interested in and knowledgeable about security and in fact several of the security-related RFCs related to SIP include Cullen as one of the authors (as do a number of the current proposed Internet-Drafts).
So he knows his stuff… and being a frequent presenter, he’s also good at distilling complex things down into more simple descriptions, so it was an enjoyable interview that I think you will also find quite educational. If you’re working with SIP, or considering it, I’d highly recommend you listen to the show.
Technorati tags: SIP, SIP security, VoIP, VoIP security, security, cullen jennings, dan york