Commentary
New Security Threats For VoIP
Panda Software looks at some scary security threats posed by VoIP. The top part of the article in IT-Observer looks at new ways that VoIP might be used for denial-of-service attacks, but the author, Fernando de la Cuadra, dismisses those threats as unlikely (too quickly, I think). The article then goes on to deal with possible threats posed by social engineering.
Panda Software looks at some scary security threats posed by VoIP. The top part of the article in IT-Observer looks at new ways that VoIP might be used for denial-of-service attacks, but the author, Fernando de la Cuadra, dismisses those threats as unlikely (too quickly, I think). The article then goes on to deal with possible threats posed by social engineering.
More Security Insights
White Papers
More >>
- The BlackBerry PlayBook tablet's Good Bones - by BlackBerry
- New Visual and Wizard-Driven Paradigms for Exploring Data and Developing Analytic Workflows
Reports
More >>Webcasts
More >>
- Outsourcing Security: What Every Potential Cloud Security Customer Should Know
- Maximize ROI with Database Consolidation onto Private Clouds
Let's imagine a scenario that could become commonplace in the near future: A user has an IP telephony system on his computer (both at home and at work). In his address book on the computer there is an entry, under the name "Bank", with the number 123-45-67. Now, a hacker launches a mass-mailing attack on thousands or millions of e-mail addresses using code that simply enters users' address books and modifies any entry under the name "Bank" to 987-65-43. The problem has now been created.
If any of these users receives a message saying that there is a problem in their account, and asking them to call their bank (a typical phishing strategy), they may not be suspicious, as they are not clicking on a link in an e-mail (as they have been advised not to do to avoid this type of fraud) nor calling a number in the e-mail (another typical ploy). If they use their VoIP system to call the 'bank', they will be calling the modified number, where a friendly automated system will record all their details.
So why does de la Cuadra dismiss threats from new denial-of-service attacks? Because, where attackers previously acted because they were seeking notoriety, they're now professional criminals, looking to make money off their attack. Presumably, de la Cuadra thinks there isn't money to be made in DOS attacks, but I think he overlooks real incidents that have happened in the past, where DOS attackers have extorted protection money from their targets. And we also can imagine unscrupulous businesses launching denial-of-service attacks against competitors.
(Via Slashdot)
Related Reading
 |
To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
|
T-Shirt Giveaway: Each week we're selecting one great comment from our readers. The author of the comment will receive an InformaitonWeek Community t-shirt. So get posting! |
Subscribe to RSSResource Links
This Week's Issue
Technology Whitepapers
- Mobile BI: Actionable Intelligence for the Agile Enterprise
- Creating the Enterprise-Class Tablet Environment - by Yankee Group
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
- The BlackBerry PlayBook tablet's Good Bones - by BlackBerry
- New Visual and Wizard-Driven Paradigms for Exploring Data and Developing Analytic Workflows
Featured Resource
This is your portal to all the news, product information, technical data, and other information related to the topic of computer user authentication and certification. Visit us to find out how to ensure that computer users are who they say they are.
Learn More
