Clik here to view.
Philippine Phone Phreakers Arrested After Funding Terrorists
One of the big news items in telecom security this past week was the arrest in Manila of 4 men accused of defrauding AT&T of almost $2 million USD and then using those funds to finance a terrorist...
View ArticleClik here to view.
Free Webinar Tomorrow: Securing VoIP and Unified Communications Systems
Want to join in to a free webinar/webcast to learn about VoIP and Unified Communications security? Tomorrow, Thursday, January 26, 2012, I (Dan York) will be speaking as part of US Telecom’s monthly...
View ArticleClik here to view.
Digium Releases 3 Asterisk Security Advisories
This week Digium released three security advisories allowing remote authenticated sessions to either crash an Asterisk server or escalate user privileges. The advisories are: AST-2012-004 - Asterisk...
View ArticleClik here to view.
Microsoft Researching Skype Password Reset Security Hole
This morning The Next Web reported on an exploit where Skype’s password reset web page could be used to hijack a user’s Skype account using only the password associated with the account. So… if you...
View ArticleClik here to view.
Is The “VoIP” in “VoIP Security” Still The Right Term?
Should we still be talking about “VoIP security”? Or should we be using some other language? Back when we started VOIPSA in 2005, “voice over IP (VoIP)” was the term we all were using, but as we look...
View ArticleClik here to view.
U.S. DHS Warns of TDoS (Telephony Denial of Service) Attacks
The U.S. Department of Homeland Security recently issued a bulletin titled “TDoS Attacks on Public Safety Communications” and while it was “Law Enforcement Use Sensitive/For Official Use Only” a copy...
View ArticleClik here to view.
VoIP Security Major Topic This Week at SIPNOC 2013
This week the SIP Network Operators Conference (SIPNOC) takes place in Herndon, Virginia, and the SIPNOC agenda turns out to have a great focus on security as it relates to VoIP and IP-based...
View ArticleClik here to view.
2 Asterisk Security Vulnerabilities Could Lead To Remote Crashes
The great folks on Digium’s security team published two security advisories this week that could lead to remote crashes of an Asterisk server. The first, AST-2013-004, Remote Crash From Late Arriving...
View ArticleAdministrative Update: Resetting user passwords for authors
If you are an author here at Voice of VOIPSA and are wondering why you just received an email about a password change, I went through and reset all the passwords on our user accounts. There was no...
View ArticleClik here to view.
Large-scale Attacks Against VoIP and Videoconferencing Happening Today?
Are there large-scale attacks happening against VoIP and videoconferencing systems today? Or is it limited to one particular system? In a posting this morning to the VoiceOps mailing list, J. Oquendo...
View ArticleClik here to view.
Two New Asterisk Security Vulnerabilities Related To SMS And AMI
The great folks at the Digium / Asterisk Security Team have issued two new security advisories that folks running Asterisk should pay attention to. They are: AST-2013-006: Buffer Overflow When...
View ArticleWorking On Restoring VOIPSEC Mailing List Archive Functionality
We are unfortunately aware that the mail archives for the VOIPSEC mailing list have not been functioning for a long time. The list still does have occasional active conversations on it and anyone is...
View ArticleClik here to view.
Wishing You A Very Secure 2014!
Happy New Year! Welcome to 2014! We’re looking forward to more activity happening here at VOIPSA this year… stay tuned for more information! In the meantime, we hope that you all have a very secure...
View ArticleClik here to view.
VoiceOps – Mitigating SIP Threats With SBC Policies, Auto-Blacklisting
There’s a good discussion going on right now (September 2014) in the VoiceOps mailing list about how you can mitigate SIP threats by configuring the policies and settings on your session border...
View ArticleSlides: Reboot the Open Realtime Revolution – #MoreCrypto (Fall 2014)
Olle Johansson is back with another set of excellent slides about VoIP security and the need to have “MoreCrypto” everywhere. It’s a great set of slides that talks about where we have come from and...
View ArticleClik here to view.
7 Asterisk VoIP Security Advisories Issued
The Digium / Asterisk Security Team has obviously been extremely busy ensuring that Asterisk is as secure as possible given that yesterday they released 7 security advisories, although only one of them...
View ArticleClik here to view.
Verizon Launches Voice Cypher Secure VoIP Mobile App… With A Government Backdoor
Verizon Wireless this week did something that initially seemed quite impressive – they launched “Voice Cypher”, an app available for iOS, Android and Blackberry that promises secure end-to-end...
View ArticleClik here to view.
SS7 Security On Techmeme? A Reminder About Interconnected Systems…
SS7 security issues reported on Techmeme? I did a double-take yesterday and, as Jay Cuthrell noted on Twitter, wondered if this was a “ThrowbackThursday” taken to the extreme. But no, there was...
View ArticleVoice of VOIPSA in “Top 24 VoIP Blogs on the Internet”
It was nice to see this blog included in a recent “Top 24 VoIP Blogs on the Internet” post put out by Commander, who appears to be a provider of VoIP equipment, services and more:...
View ArticleAdministrative Update: Resetting user passwords for authors
If you are an author here at Voice of VOIPSA and are wondering why you just received an email about a password change, I went through and reset all the passwords on our user accounts. There was no...
View Article