VoIP security notices show security remains a multi-vendor issue

Convergence & VoIP This newsletter is sponsored by Fluke Networks Live Webcast: Get Better Results from IT investments Learn how to get the most out of your assets and people while serving the strategic needs of your business. Join us for this live, round-table webcast, with Rob Whiteley, Sr. Analyst for Forrester Research, Matt Gowarty, Sr. Product Manager with Fluke Networks. November 15, 2007 - 1:00 pm ET. Network World's Convergence & VoIP Newsletter, 11/05/07 VoIP security notices show security remains a multi-vendor issue By Steve Taylor and Larry Hettick Two VoIP services and equipment alerts were issued late last month. The first advisory, issued to residential and SMB VoIP users was sent by the Sipera VIPER Lab, operated by Sipera Systems. The lab disclosed multiple threat advisories for VoIP services and equipment users from Vonage, Globe7 and Grandstream. Among other threats, VoIP users can be subjected to eavesdropping, spam, spoofing and denial-of-service attacks, according to a statement issued by the lab. Full details on these vulnerabilities are posted as an educational security service to Sipera’s customers and the general public. Based on the company’s test results, the “Vonage VoIP Motorola Phone Adapter (VT 2142-VD) and Vonage service implementations leave users vulnerable to a form of VoIP identity theft, allowing hackers to take over a user’s phone service with a ‘registration replay attack,’ then make and receive calls while impersonating the victim.” Since Vonage users calls aren't encrypted, the lab also found that users are subject to eavesdropping on private voice and that “hackers can also send multiple SIP INVITE messages to a user, an Internet version of ‘ringing the phone off the hook’ which creates a denial-of-service attack,” according to the lab’s test results. The lab’s test also showed that Globe7 (a European provider) had deployed a weak encryption scheme that allowed hackers to attack a user’s online account access, providing an opening for “hackers to access confidential name, password and account balance data, as well as steal VoIP service to make and receive calls, masked as a legitimate Globe7 user.” The Sipera VIPER Lab also found that “the Grandstream HandyTone-488 PSTN-to-VoIP adapter is vulnerable to buffer overflows and fragmented packet attacks. By sending a specially crafted SIP INVITE message to public IP addresses, attackers can disconnect legitimate Grandstream users,” according to the report. Find the Best Audio Conferencing System Download this whitepaper, "Navigating a New Generation of Conference Phone Solutions," to learn how to select the right audio conferencing system to meet your business needs. Discover what to look for based on the size of the room the system will reside, the types of meetings that the system will support and number of participants. Get all of the details today. Click Here for More Information Additional details can be found here and are available for free as a public service offered by the Sipera. The second security threat disclosed last month was posted after two hackers gained access into a hotel’s corporate network using a Cisco VoIP phone. The two hackers, who were attending the ToorCon9 in San Diego, said they were able to access the hotel's financial and corporate network and recorded other phone calls, according to a blog on Wired.com. They used penetration tests “propounded by a tool called VoIP Hopper, which mimics the Cisco data packets sent at 3 minute intervals and then trades a new Ethernet interface, getting the PC - which the hackers switched in place of the hotel phone - into the network running the VoIP,” according to the blog post. More details on their attack, along with some blogger comments can be found here. Our comments: While VoIP can be solved, the first step in finding the solution is finding the problem. Our hats off to those who help others by identifying potential VoIP security weaknesses so the problems can be proactively addressed. Editor's note: Starting the week of  Nov. 12, you will notice a number of enhancements to Network World newsletters that will provide you with more resources and more news links relevant to the newsletter's subject. The Convergence & VoIP Newsletter, written by analysts Steve Taylor and Larry Hettick, will be merged with the VoIP News Alert and will be newly named the Convergence & VoIP Alert. You'll get Steve and Larry's analysis of the convergence and VoIP market, which you will be able to read in full at NetworkWorld.com, plus links to the day's convergence news and other relevant resources. This Alert will be mailed on Mondays and Wednesdays. We hope you will enjoy the enhancements and we thank you for reading Network World newsletters.   What do you think? Post a comment on this newsletter

MOST-READ STORIES: 1. Networking's 50 greatest arguments 2. PDF spam back with a vengeance 3. Storm worm FAQ 4. DARPA looks to adaptive battlefield wireless nets 5. Cyber jihad set for Nov. 11 6. Bot-herders for Ron Paul? 7. Humans will love, marry robots by 2050 8. Gitmo gets high-bandwidth makeover 9. Top 10 real life Star Trek inventions 10. Cisco Certs are dead MOST POPULAR VIDEO: Video: Fine art from hackers?

Contact the author: Steve Taylor is president of Distributed Networking Associates and publisher/editor-in-chief of Webtorials. For more detailed information on most of the topics discussed in this newsletter, connect to Webtorials, the premier site for Web-based educational presentations, white papers, and market research. Taylor can be reached at taylor@webtorials.com Larry Hettick is a Principal Analyst at Current Analysis, the leading provider of competitive response solutions. A 25 year industry veteran, he has focused on Convergence and VoIP since 2000. This newsletter is sponsored by Fluke Networks Live Webcast: Get Better Results from IT investments Learn how to get the most out of your assets and people while serving the strategic needs of your business. Join us for this live, round-table webcast, with Rob Whiteley, Sr. Analyst for Forrester Research, Matt Gowarty, Sr. Product Manager with Fluke Networks. November 15, 2007 - 1:00 pm ET. ARCHIVE Archive of the Convergence & VoIP Newsletter. BONUS FEATURE 90% of IT Managers are leaving their company at risk for a DNS ATTACK. Get the tools and resources you need to keep your DNS healthy and secure. Run a DNSreport on your domain today - 56 critical tests run in 8 seconds. Visit www.dnsreport.com to learn more. (apply coupon NWW2007NLA for a 25% membership discount) PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: networking.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007