Monday, October 29, 2007
What does the reported Vonage vulnerability mean?
Consultant Steve Stroh pointed me to an announcement of a security flaw in Vonage VOIP service.
Your first question, if you're a security consultant, is "exactly what is the vulnerability"? If I'm reading correctly, the problem is that someone can place a Vonage call to you and falsify information about where they came from. Sipera, the people who reported the problem, point out correctly that this opens the door for all sorts of deception-based crime.
Your first question, if you're a consumer, should be "who is reporting this"? Well, it's kind of like an antivirus company reporting on a virus. Sipera sells VOIP security tools. So they know what to look for, they're likely to be right in their analysis, but they're not going to be the people to tell you if there's a reason not to worry.
|
Your first question, if you're a security consultant, is "exactly what is the vulnerability"? If I'm reading correctly, the problem is that someone can place a Vonage call to you and falsify information about where they came from. Sipera, the people who reported the problem, point out correctly that this opens the door for all sorts of deception-based crime.
Your first question, if you're a consumer, should be "who is reporting this"? Well, it's kind of like an antivirus company reporting on a virus. Sipera sells VOIP security tools. So they know what to look for, they're likely to be right in their analysis, but they're not going to be the people to tell you if there's a reason not to worry.
# posted by Frederick @ 10:15 PM Email to a friend:
Haloscan: they provide trackback