Comments on: Reuters “scam artists” story spreadiing VoIP FUD

By: DEBRA ANN SMITH PLAINFIELD IL

DEBRA ANN SMITH PLAINFIELD IL — Thu, 25 Oct 2007 19:52:09 +0000

nice

By: Jack Payne

Jack Payne — Sun, 09 Sep 2007 19:04:04 +0000

Sure, these matters are just about always more social and operational than technical.

It's when the con men are able to divert the victim's attention, by waving the "technical" flag, that they free themselves up to fleece in all kinds of ways, practical ways, that overwhelm the geek's common sense.

My three sons are all committed (and admitted) computer geeks, and their common sense in constantly overwhelmed by hacker-ology.

By: RolandJ

RolandJ — Tue, 07 Jun 2005 15:01:41 +0000

What about VoIP using a cable modem, is it easy for neighbors to listen in?

By: MrBlog

MrBlog — Mon, 02 May 2005 05:12:54 +0000

Aswath, you have the right language there when you say "current operational understanding." These security matters are far more social and operational, traditions and assumptions, than they are technical. That applies to both IP and PSTN of course. In both cases, people often entirely discount the significance of human protocols vs. computer and network protocols.

By: MrBlog

MrBlog — Mon, 02 May 2005 05:09:17 +0000

As someone considered (at least at one time) a security expert, I respectfully disagree with a number of your assertions. Again, I believe a lot of what you're saying is FUD and mythology.

I assert that hacking traditional POTS is at least as easy as hacking the core of the IP backbone (or any significant inspection point). The PSTN is flush with security holes. Hint: you don't need an SS7 switch.

Again, it is a security vulnerability inherit in the design of the PSTN that permits the original alert of the article: Caller-ID spoofing.

By: The VoIP Guru

The VoIP Guru — Mon, 04 Apr 2005 23:03:14 +0000

The article is genral touch upon the increasing risk that exist by using VoThe article is general touch upon the increasing risk that exists by using VoIP as the means to carry our voice as oppose to traditional POTS.
1) It is easier hack and penetrate information. You no longer require having a phone switch or any other digital device. You can download tools (mostly open source) and protocols code which in few hours you can alerts to work for your needs.
2) IP, as the main transport protocol is known as more vulnerable means of transport. Unfortunately nothing really much been done from the SP perspective to protect the IP layer through the application layer (I.e. SIP). The information can be penetrating from the center or any other place in the network.

I agree with one of the readers comment that VoIP privacy penetration when it comes to WiFi as opposed to cordless is the same to capture the information but in VoIP you can replay, and "wear' the captured user information as you knew identity and generate as many calls as you want.

To conclude my point VoIP is a lot more risky and easier to "break", penetrate and steal information than the older brother the PSTN.
VoIP being a data based is attracting a lot more hackers to try make calls for free.

Thanks
IP as the means to carry our voice as oppose to traditional POTS.
1) It is easier hack and pentrate information. You no longer require to have a phone swith or any other digital device. You can download tools (mostly opensource) and protocols code whcih in few hours you can aletr to work for your needs.
2) IP, as the main transport protocl is know as vulable means of transport. Unfortunatly nothing realy much been done from the SP perspective to protoect the IP layer through the application layer (I.e. SIP). The information can be pentrate from the cetner or any other place in the network.

I agree with one of the readers comment that VoIP privacy penteration when it comes to WiFi as opposed to cordless is the same to capture the infomation but in VoIP you can replay, and "wear' the captured user information as you knew identityy and generate as many calls as you want.

To conclude my point VoIP is a lot more risker and easier to "break", pentrate and steal information than the older brother the PSTN.
VoIP being a data based is attarcting a lot more hackers to try make calls for free.

Thanks

By: Aswath

Aswath — Mon, 21 Mar 2005 15:14:57 +0000

I agree that this story is poorly reported/edited. For example, Western Union uses 800 number and I thought in that case caller ID spoofing is not applicable, especially when the call is made from a residence.

But certain other aspects of potential trouble when VoIP and PSTN meet, especially for unaware PSTN users, is not discussed. For example, if one uses SkypeOut to make a harassing call, will Skype help the authorities to track the miscreant. There are all sorts of similar scenarios that could potentially violate PSTN current operational understanding. But neither the press nor the industry is bringing them up.