Things I Want 2 Share: December 2007

Sierra VIPER Lab released what it believes are the top 5 VoIP vulnerabilities in 2007.

Remote eavesdropping of VoIP phone calls, a practice that is exponentially easier in VoIP than with traditional PSTN telephone networks, and which represents a major breach of enterprise communications and security.
VoIP Hopping, one of the enablers of remote eavesdropping, but more critically compromises VLANs, that were previously trusted as providing VoIP security, by enabling a PC to mimic an IP phone so hackers can access VoIP systems.
Vishing, the practice of VoIP phishing, which enables hackers to spoof caller ID and present a fraudulent phone identity, causing some consumers to share sensitive, personal information, such as credit card numbers, with hackers masquerading as banking representatives.
Toll fraud, which allows unauthorized users to access enterprise VoIP networks and make calls, increasing VoIP costs and traffic. While there was a much publicized case in 2006, when the FBI charged two men with accessing VoIP networks and reselling minutes to unsuspecting "customers," toll fraud continues unabated, especially on VoIP networks with little authentication or call analysis.
The Skype worm, originally known as the w32/Ramex.A virus, spread via IM, which automatically stops access to security tools while it downloads to infected PCs, and changes the Skype user's status to "Do not disturb" so that other users cannot contact the infected user.

Source: Top 5 VoIP vulnerabilities in 2007, Help Net Security, 14 December 2007

Things I Want 2 Share