 
bigunk
Gort, Klattu Birada Nikto
join:2001-02-10
Santa Clarita, CA | Excellent!! Since this is what I do for a living, the more I can learn, the better for my clients. | |
|
 | 
TK Junk Mail
Go ahead, make my day
Premium
join:2002-03-03
Margate City, NJ
clubs:
 ·Comcast
| Re: Excellent!! said by bigunk  :Since this is what I do for a living, the more I can learn, the better for my clients. And many businesses tell their employees that they can and will listen in to voice calls and internet traffic made using office devices. A tool like this would make that easier to do. Security departments in large companies often monitor both voice and data communications of their employees. And as long as they let their employees know this it has been ruled legal.
--
My BLOG .. .. Internet News .. .. My Web Page
Ask yourself one question: 'Do I feel lucky?' Well, do ya punk? | |
|
| | 
quetwo
That VoIP Guy
Premium
join:2004-09-04
East Lansing, MI
 ·TDS
| Re: Excellent!! But what about the people that are not supposed to have access to this data/voice? What about the guy who is there fixing your printer, running Wireshark, and is taking dumps of all of your traffic? There are no longer just policy issues, but real security issues.
Would you go to a banking website that didn't offer SSL? Would you call them? Sure! But if you/your company didn't secure their VoIP, it is just as secure as plain HTTP. | |
|
| | | pandora
Premium
join:2001-06-01
Outland |  Re: Excellent!!
--
"People demand freedom of speech as a compensation for the freedom of thought which they seldom use." | |
|
| | | | nitzan
join:2008-02-27
·Comcast
 ·ViaTalk
| Re: Excellent!! said by pandora :Ok, try this. I'm a Future-Nine customer, using a PAP2T. How exactly do I get secure VOIP communication on my calls? You cannot at this point. Secure RTP is not developed enough to implement at this point in time unfortunately.
We do intend to implement it once readily available though.
Keep in mind however that the only ones who can "listen in" on your calls are your ISP, our ISP, and the phone companies on the way. None of which are going to bother filtering through millions of minutes of call time.
If a third-party wanted to spy on you specifically, in 99% of cases they can't.
--
Nitzan Kon, CEO
Future Nine Corporation | |
|
| | | | | pandora
Premium
join:2001-06-01
Outland
·Comcast
|  Re: Excellent!!
--
"People demand freedom of speech as a compensation for the freedom of thought which they seldom use." | |
|
| | | | | | 
anony101
@comcast.net
| Re: Excellent!! Thanks for the information. I have another question about security. My thought was my cable Internet service is shared with about 60-100 of my neighbors. Wouldn't any of my neighbors on our shared Comcast cable node be able to listen into my VOIP calls? It depends whether your VOIP provider uses SRTP to encrypt RTP packets from you to their proxy. Some do and some don't. You should call them and ask.
Keep in mind that encrypted VOIP calls lose the encryption once they reach the PSTN. | |
|
| | | | | | | pandora
Premium
join:2001-06-01
Outland
·Comcast
| Re: Excellent!!said by anony101 :Thanks for the information. I have another question about security. My thought was my cable Internet service is shared with about 60-100 of my neighbors. Wouldn't any of my neighbors on our shared Comcast cable node be able to listen into my VOIP calls? It depends whether your VOIP provider uses SRTP to encrypt RTP packets from you to their proxy. Some do and some don't. You should call them and ask. Keep in mind that encrypted VOIP calls lose the encryption once they reach the PSTN. If you read this thread, you'll see my provider has posted and indicated there is no security for my VOIP content.
»Re: Excellent!!
--
"People demand freedom of speech as a compensation for the freedom of thought which they seldom use." | |
|
| | | | | | |
quetwo
That VoIP Guy
Premium
join:2004-09-04
East Lansing, MI
·TDS
| said by anony101 :
Keep in mind that encrypted VOIP calls lose the encryption once they reach the PSTN.
True, but again, the PSTN is regulated, and in the pre-Bush world, it was very hard to get access to the data going across it. Sadly this is not the case as much anymore. | |
|
| | | | |
anony101
@comcast.net
| Keep in mind however that the only ones who can "listen in" on your calls are your ISP, our ISP, and the phone companies on the way. None of which are going to bother filtering through millions of minutes of call time. That's not accurate. Cable customers can listen in to unencrypted VOIP calls within the same node they're in which means their neighborhood. | |
|
| | | | | | 
knightmb
join:2003-12-01
Franklin, TN
·Comcast
·Vonage
·Speakeasy
| Re: Excellent!! said by anony101 :Keep in mind however that the only ones who can "listen in" on your calls are your ISP, our ISP, and the phone companies on the way. None of which are going to bother filtering through millions of minutes of call time. That's not accurate. Cable customers can listen in to unencrypted VOIP calls within the same node they're in which means their neighborhood. Does that mean all Cable calls are unencrypted by default? How would a customer turn on encryption?
--
Fight NebuAD and the like:
Click Here to pollute their data | |
|
| | | | | | nitzan
join:2008-02-27
·Comcast
·ViaTalk
| said by anony101 :Keep in mind however that the only ones who can "listen in" on your calls are your ISP, our ISP, and the phone companies on the way. None of which are going to bother filtering through millions of minutes of call time. That's not accurate. Cable customers can listen in to unencrypted VOIP calls within the same node they're in which means their neighborhood. I could be wrong, but AFAIK your neighbors CANNOT sniff your packets. Unless they have access to the switch - which they don't - they cannot listen in on you. | |
|
| | | | | | |
TK Junk Mail
Go ahead, make my day
Premium
join:2002-03-03
Margate City, NJ
clubs:
·Comcast
edit:
September 27th, @07:18PM
| Re: Excellent!! said by nitzan :said by anony101 :Keep in mind however that the only ones who can "listen in" on your calls are your ISP, our ISP, and the phone companies on the way. None of which are going to bother filtering through millions of minutes of call time. That's not accurate. Cable customers can listen in to unencrypted VOIP calls within the same node they're in which means their neighborhood. I could be wrong, but AFAIK your neighbors CANNOT sniff your packets. Unless they have access to the switch - which they don't - they cannot listen in on you. You couldn't do it on the PC side of the cable modem. But if you hook up a device directly to the cable and bypass the cable modem altogether with a sniffer device, you could see and capture the packets on your local node.
--
My BLOG .. .. Internet News .. .. My Web Page
Ask yourself one question: 'Do I feel lucky?' Well, do ya punk? | |
|
| | | | | | | | nitzan
join:2008-02-27 | Re: Excellent!! Interesting. Didn't know that.
So essentially, cable internet is inherently less secure than, say, DSL? or better yet - FTTH? | |
|
| | | | | | | | | 
Cthen
join:2004-08-01
Ypsilanti, MI
·Comcast
| Re: Excellent!! said by nitzan :Interesting. Didn't know that. So essentially, cable internet is inherently less secure than, say, DSL? or better yet - FTTH? Since when has the internet ever been secure on any ISP? Just because some connections go through the CO first doesn't mean some one can't tap into it along the way.  | |
|
| | | | | | | | |
| | | | | | | | |
TK Junk Mail
Go ahead, make my day
Premium
join:2002-03-03
Margate City, NJ
clubs:
·Comcast
| Re: Excellent!! There is no protection against tampering with the signals on the RF cable network.
The main advantages of BPI+ in DOCSIS 1.1 is the capability to upgrade crypto mechanisms in already deployed Cable Modems and the use of digital certificates to authenticate Cable Modems.
Notice also that all setup and configuration of the BPI functions are made at the CMTS, so as a user you have very little control over when your data are encrypted and when they are not. In reality the purpose of BPI and BPI+ is this
* To protect against theft of service
--
My BLOG .. .. Internet News .. .. My Web Page
Ask yourself one question: 'Do I feel lucky?' Well, do ya punk? | |
|
| | | | | | |
anony101
@comcast.net
| I could be wrong, but AFAIK your neighbors CANNOT sniff your packets. Unless they have access to the switch - which they don't - they cannot listen in on you.
You ARE wrong.
Why don't you do some READING on the subject. That will save you from posting misinformation which some here will assume is correct. | |
|
| | | | | | 
Cabal
Premium
join:2007-01-21
Boston, MA
| said by anony101 :Keep in mind however that the only ones who can "listen in" on your calls are your ISP, our ISP, and the phone companies on the way. None of which are going to bother filtering through millions of minutes of call time. That's not accurate. Cable customers can listen in to unencrypted VOIP calls within the same node they're in which means their neighborhood. False. Look up BPI+.
--
Do you care about network neutrality, the right to privacy, or patent system abuse? Obama used to. | |
|
| | | | | | |
anony101
@comcast.net
 from:
TK Junk Mail
| Re: Excellent!! False. Look up BPI+.
I've seen it done. All it takes is a trip to RadioShack. | |
|
| | | | |
quetwo
That VoIP Guy
Premium
join:2004-09-04
East Lansing, MI
·TDS
| said by nitzan :Keep in mind however that the only ones who can "listen in" on your calls are your ISP, our ISP, and the phone companies on the way. None of which are going to bother filtering through millions of minutes of call time. If a third-party wanted to spy on you specifically, in 99% of cases they can't. My point is that let alone your ISP, but if you are in a business enviroment (the largest deployment of VoIP is in the business world), most workers work on a common switching infastructure as their telecommunications equipment. If I have a SIP/H.323 link between my PBX and your service, it would not be encrypted. Chances are it will also travel over some of this common switching infastructure, where it could be snooped on.
This is how my PBX is setup, except we went the extra mile of forcing our vendor (Qwest) to allow us to interconnect with H.323e + TLS/G.711. That way, the signaling and the voice channels are encrypted the entire stretch (although the encryption is fairly weak, but it still exists). | |
|
| | | | | | nitzan
join:2008-02-27
·Comcast
·ViaTalk
| Re: Excellent!! said by quetwo :said by nitzan :Keep in mind however that the only ones who can "listen in" on your calls are your ISP, our ISP, and the phone companies on the way. None of which are going to bother filtering through millions of minutes of call time. If a third-party wanted to spy on you specifically, in 99% of cases they can't. My point is that let alone your ISP, but if you are in a business enviroment (the largest deployment of VoIP is in the business world), most workers work on a common switching infastructure as their telecommunications equipment. If I have a SIP/H.323 link between my PBX and your service, it would not be encrypted. Chances are it will also travel over some of this common switching infastructure, where it could be snooped on. This is how my PBX is setup, except we went the extra mile of forcing our vendor (Qwest) to allow us to interconnect with H.323e + TLS/G.711. That way, the signaling and the voice channels are encrypted the entire stretch (although the encryption is fairly weak, but it still exists). I think in this scenario you'd want to isolate the PBX from the rest of the network, and perhaps implement security between the phones and the PBX. I think it's more likely for a phone to be tapped on the switch it's connected to than between the PBX and VSP. (easier to access the phone's switch)
Either way though- no matter what you do, at this point in time inherently VoIP is not secure. But neither is PSTN for that matter.  There are very few real options for end-to-end secure conversations, and they cost thousands of dollars.
Security will come once there's enough demand in the market of course, but unfortunately we have to wait until that happens.
Another thing to keep in mind is that it is potentially illegal for VoIP providers to provide end-to-end security. i.e. they have a legal obligation to be able to tap your phone should law officials require it (CALEA). They could probably get around it by doing some sort of "translation" where they'd open one secure session with you, and one with the terminating carrier - but again this means technologies that aren't really mature yet. (not to mention extra horsepower for all the encrypted sessions) | |
|
| | | | | | |
quetwo
That VoIP Guy
Premium
join:2004-09-04
East Lansing, MI
·TDS
| Re: Excellent!! My point is, however, security and encryption exists for many PBXes, but many of the smaller vendors (mostly the softswitch vendors), choose not to use the TIA protocols. H.323, for example, has a very well defined annex spec that specificies DSA based encryption between two end points. Many of the SIP vendors (Polycom, etc), choose not to invest in these technologies. It's just typical of the free/OSS world.
I tell my customers that it is to be assumed that the PSTN is secure from most sources, government aside. It is considered much more secure than any TCP/IP transport, and more secure than any mobile connection (Cell/portable). Inter-tamdem communications are considered very private, as many of the tap-points that are commonly used for wide-range snoops are at Class I and Class II offices. (T), our ILEC will always tap upon a government request, but for the most part, those do require a signed suponea.
CALEA pretty much dictiates that you be able to provide a tap at the point of PSTN interconnection. So, yes, you cannot facilitate end-to-end encryption over the PSTN without a HLS waiver. However, CALEA does not apply for interswitch communications, and switch-to-endpoint communications. It only applies if you act as a "gateway to other services". Our lawyers have interperated this as the communication from one of our customers to the outside only. Encrption between the customer and you should not be an issue in this case. If you act as an ISP, you are only to be concerned that you are able to tap the data from the customer to the next POP; you sholdn't care of the payload. | |
|
| | | | | 
peter_m
Premium
join:2005-07-13
Canada, QC
| said by nitzan :said by pandora :Keep in mind however that the only ones who can "listen in" on your calls are your ISP, our ISP, and the phone companies on the way. None of which are going to bother filtering through millions of minutes of call time. Have you heard of the Echelon project?
Peter
EDIT: I don't sleep at night with a tin foil hat on my head... I only wear it when I am near technology. | |
|
| | | nitzan
join:2008-02-27
·Comcast
·ViaTalk
| said by quetwo :Would you go to a banking website that didn't offer SSL? Would you call them? Sure! But if you/your company didn't secure their VoIP, it is just as secure as plain HTTP. Totally agreed. The problem however is that Secure RTP is not mature enough at this point, so it is simply not available as a widespread solution. It'll be some time (and probably a lot more demonstrations of vulnerability) before this area gets the attention it deserves.
--
Nitzan Kon, CEO
Future Nine Corporation | |
|
| | | 
joako
Premium
join:2000-09-07
Gainesville, FL
| said by quetwo :But what about the people that are not supposed to have access to this data/voice? What about the guy who is there fixing your printer, running Wireshark, and is taking dumps of all of your traffic? There are no longer just policy issues, but real security issues. Would you go to a banking website that didn't offer SSL? Would you call them? Sure! But if you/your company didn't secure their VoIP, it is just as secure as plain HTTP. And I'll tell you security on bank networks isn't perfect. All of this would be possible with physical access to the networking equipment. The ones I've been in don't restrict DHCP leases. You do need to use a proxy server most of the time and many times that's password protected (same as AD login) but there's no device control. I can walk in
The banking applications appear to be well secured (not my job...not going to test their security) but I sure hope all network traffic is encrypted.
Most of these banks also send a good amount of their voice traffic over T1 (voice) lines which would be trivial to tap into, even down the road.
--
09:F9:11:02:9D:74:E3:5B:D8:41:56:C5:63:56:88:C0 | |
|
| | | |
quetwo
That VoIP Guy
Premium
join:2004-09-04
East Lansing, MI
·TDS
| Re: Excellent!! said by joako :Most of these banks also send a good amount of their voice traffic over T1 (voice) lines which would be trivial to tap into, even down the road. It is actually very difficult to tap into a T1 service. T1 lines uses a very sporratic form of CRC checking for SLIP errors. Any loss on the line would disrupt the communicaiton and cause major alarms on the equipment on either side. You usually can't get a tone/test on a pair NEAR a T1 before it causes it to slip. Mind you, if you use an official CSU (or similar device with a monitor bypass port), you can technially sniff the T1, but these should be in fairly secure areas (at the CO and the cust prem). | |
|
| | | | |
joako
Premium
join:2000-09-07
Gainesville, FL
edit:
September 27th, @10:48PM
| Re: Excellent!! said by quetwo :said by joako :Most of these banks also send a good amount of their voice traffic over T1 (voice) lines which would be trivial to tap into, even down the road. It is actually very difficult to tap into a T1 service. T1 lines uses a very sporratic form of CRC checking for SLIP errors. Any loss on the line would disrupt the communicaiton and cause major alarms on the equipment on either side. You usually can't get a tone/test on a pair NEAR a T1 before it causes it to slip. Mind you, if you use an official CSU (or similar device with a monitor bypass port), you can technially sniff the T1, but these should be in fairly secure areas (at the CO and the cust prem). "major alarms" sorry no. Yes the T1 interface might go into red alarm for a second... the end on the CO is certainly not monitored. The "alarm" is more of a name than anything. If you call in a trouble ticket yes they will look at it but otherwise no.
Same at the other end... noones going to be monitoring the routers to see if there is a problem. Normally there are no IT persons at the banks. Even if the equipment were reporting the line status to a remote point, they aren't going to go on a witch hunt for the remote chance that someone somewhere might be tapping the line. If they are gathering that info they are trying to determine a long term pattern of problems so the telco can fix it.
OTOH I'm not saying it's as easy or trivial to tap into a T1 line as say an analog phone line with a buttset.
--
09:F9:11:02:9D:74:E3:5B:D8:41:56:C5:63:56:88:C0 | |
|
| | | | | |
quetwo
That VoIP Guy
Premium
join:2004-09-04
East Lansing, MI
·TDS
| Re: Excellent!! I wouldn't say that to be true. At my last job, I worked for a contactor that was responsible for responding to these alarms. Most banks have lightspans to their HQ where a tap on the T1 would show large amounts of attenatituion/loss. Our equipment would alarm out to us on a red or yellow, and we would be be in the equipment to check it out. Any additional slips, or additional signal loss would be an immediate call to the LEC's major account center. If it looked fishy, we would also call the bank's security group.
Almost every time when we caught something, it ended up being a wet transport cable or a janitor leaning a broom against the 66 block. I would get my inital notification within 30-60 seconds, with the rest of the processes kicking off within minutes. That is almost as much time as it would take an attacker to sync up with the D-channel, to even be able to dump the ISDN frames.
Most banks cherish their T1's. Remember that most of their ATM's will run off ISDN-BRI/PRI, so even something as small as a slip could be financially impacting to an end user. Banks don't want to risk loosing customers based on a technology issue (they want to save up their grace for bad customer service ;P ) | |
|
| | | | |
ThePhoneGuy
@cisco.com
| IT is very easy to tap into an ISDN PRI T-1 voice circuit. Get yourself a TBERD (T-1 Bit Error Rate Detector), and hook up to the two pair of twisted copper wires, anywhere on the pathway. IT happens a thousand time a day, by technicians troubleshooting issues with voice quality. They listen in on calls to start the process. This is much easier to do than sniff IP traffic. | |
|
| Kearnstd
Elf Wizard
join:2002-01-22
Mullica Hill, NJ
| afaik no, i dont think they can get your packets to come through their cable modem. atleast not in the current versions of DOCSIS. id imagine their CDV service would be harder to "hack" unless of course you have access to the switch or some other point where your calls are no longer on the DOCSIS network and are on a normal IP network.
that said if someone wants to get at your calls they will, there is no such thing as absolute communications security unless you have an empty sound proof room that is also a Faraday cage, and fires off an EMP in the room before you start talking(to fry any micro-recorders).
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports | |
|
| Kearnstd
Elf Wizard
join:2002-01-22
Mullica Hill, NJ | i take it you cant just remove the rubber and allagator clip onto each T1 wire inside the twisted pair like they do in the movies.
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports | |
|
| |
JackOFFJill
@bellsouth.net
| Re: Excellent!! No you can't it would take down the ds1.You would have to be on the end of the ds1(customer side after the hand off to the router),telco side IS -189V DC (if using HDSL method of transport for ds1),(and -130v if using repeated route t1 to transport ds1).Telco ds1 is very secure,even better if it goes from electrical (copper wire) to a optical carrier(fiber). | |
|
quetwo
That VoIP Guy
Premium
join:2004-09-04
East Lansing, MI
·TDS
| Well.. People in the industry have known about the risks of VoIP since day one. Like the original cellular telephones, it was seen as a convenience (and possibly cost-savings) effort, rather than a solid, secure one.
Many vendors don't secure their signaling or bearer channels. Most open-source don't even give the option to provide TLS or SSL encryption for their signaling (let alone anything with the voice channels). Many of the major vendors (Cisco, Nortel) don't turn on encryption by default. If you inter-operate with Microsoft OCS, there is no possibility for encryption (unless you use one of their line-side T1 devices, which isn't VoIP).
It's a problem with the industry. We let the OSS guys create and make popular standards that had to be hacked to make secure. SIP, while very interoperable, is very easy to parse and intercept/redirect. Other standards by the telecom working groups, like H.323 and H.248 were built around security. Yet, the industry has moved to the SIP world because it is 'cooler' and 'more popular'. | |
|
fcisler
Premium
join:2004-06-14
Riverhead, NY
| news? This is news?
My job did not want to allocate another subnet for VoIP. We setup a demo on a regular subnet and my boss used it for the day.
I forwarded him wave files of all his calls at the end of the day.
The next day I had a completely separate subnet for ALL VoIP services.
They then didn't want to invest in a proper firewall for the voice subnet and wanted to be able to access it on any subnet.
I called in sick that day and emailed my boss another copy of all his calls which I retrieved from home over the VPN.
There is now a very tight ACL list on the voice subnet. It's not able to get to the internet and a very select number of PC's are able to get into it. The next step is OpenVPN with certificates and NOTHING getting routed into it.
It goes without saying that it was trivial previously to tap into a pair of copper wires and listen in on any call. With the move to digital, however, one must be extremely cautions as to what tubes can get to where. This does not apply exclusively to voice, though. | |
|
| 
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Budd Lake, NJ
·Optimum Online
| Re: news? said by fcisler :This is news? Exactly. I'm sure there are better tools, but wireshark is pretty darn easy, and it will spit out a .wav file of the RTP stream. This is common sense... | |
|
| 
Rogue Wolf
Came To Bury Caesar, Not To Praise Him
join:2003-08-12
Saratoga Springs, NY
| You're lucky you had an understanding boss. I've known a few who would've fired you for taking the liberty and would've ended up doing nothing about the security problem.
--
Attention. Attention, please. We have the funk. I repeat, we are in full possession of the funk. | |
|
| |
fcisler
Premium
join:2004-06-14
Riverhead, NY | Re: news? Civil Service
I made it clear that I had not listened to anything except the first call I had made to him in the AM (to test). | |
|
|
The Boss
@aircanopy.net
| "They then didn't want to invest in a proper firewall for the voice subnet and wanted to be able to access it on any subnet.
"I called in sick that day and . . . ."
So that's why you called in sick?? See me in my office the first thing Monday morning, young man!!
| |
|
Unit649
I B U, Who U B?
Premium
join:2000-01-22
Stockton, CA
·Comcast
| Packets If packets for anything else on the internet can be tapped into and "read" or "copied", VOIP should be able to also.
Anyone who thinks you can fling packets into an open void like the internet and someone can't figure out what they are should really reconsider that thought. Not that anyone will bother, but if law enforcement can do it, you should assume anyone with the willingness to go to the trouble and pay for the hardware can too.
Not that people should be paranoid, but its not like you're sending packets from one computer to another in your house that are wired to each other. When the packets enter that modem, where they go and who might be watching....you can't tell and you have no way of telling. If you operate under the guise of its likely its not happening, but it could maybe, on occasion, you'll be better off. Not everyone is honest and true, and that means on the internet too
Remember, even the telephone company discloses on the back of their bill that they occasionally monitor calls for "quality control" This shouldn't be a shock to anyone, and if its mission critical, get mission critical voice communication | |
|
moon1234
@tds.net
| SRTP and TLS This is a mature technology and works fine. I use it on my Polycom phones at my house for communicating back to the work PBX. No one is going to get signaling or voice in realtime from me.
Any provider telling you the technology is not ready is just feeding you a line. What they really mean is we don't want to support it.
SRTP with TLS also works great in the office. It eliminates the possibility for a rougue admin, like the one above, from tapping into calls on the "secure vlan". VLANs in house are really only used by most companies as a simple security precaution not a robust one. In most cases the VLAN is there for QOS and less for security.
This article is NOT news. This stuff has been known for a LONG time. | |
|
tmc8080
join:2004-04-24
Floral Park, NY
| illusion of privacy this may be one more thing that telcos can throw out there to try and scuttle converts to VOIP.. if you really want secure communications, there are encyption protocols such as pgp that make messages and data secure. the simple fact is that those who had access to "tap" your fcc regulated phone line, have just about as much ability to "tap" a voip call. the illusion of privacy is just that.. an illusion. cell phones, same thing. if you need to get the information securely transferred, pgp (or other strong encryption)encrypted instant messaging and/or email is probably the best bet. or, in person | |
|
|
cordless_setup
@bell.ca
| Re: illusion of privacy how many of these people all worried about voip security are using a cordless phone thta i can listen in on using a cheap scanner from radio shack.....seriously an article like this scares people that dont know what they are talking about..
seriously people wont buy an item over the net cause they think it is insecure think nothing of giving out a cc number on a cordless phone to make a purchase off the shopping channel.....amazing | |
|
| GhostDoggy
join:2005-05-11
Duluth, GA | And the VoIP vendors will throw back how the telcos are already giving away your privacy you thought you had with the traditional land line. | |
|
Maynard G Krebs
@teksavvy.com | Zfone from Phil (PGP) Zimmerman What about Zfone? »zfoneproject.com/
This is definitely headed in the right direction - and will work for certain classes of Asterisk users and some softphone users. | |
|
Gramzster
Click, Click
join:2002-07-02
London, ON
| Easier than I thought We have a Hybrid Phone System at our office (TDM & IP) and a couple months ago I wanted to see if it was possible to extract phone calls.
I ran wireshark on a mirrored port, made a phone call and was surprised to see how easy it was to replay the call on the computer (wireshark has a built-in analyzer that makes an audio file of a RTP communication).
When I set up the phone system, I also set up a VPN router at our telecommuter's houses. This was done for the ease of deploying phones and workstations, as well as that all communication (including RTP between the ip phone and phone system) is encrypted. | |
|
|
|
|
VoIP Vulnerabilities Being Exposed Today
·