VoIP credentials for sale?
May 14, 2008
The BBC and others are reporting the ‘news’ that VoIP (I expect they mean SIP) credentials are often passed in the clear (encoded but not encrypted), leading to potential sniffing and replay attacks in (for example) non-encrypted wifi networks.
What this actually seems to be, though, is the re-hashing of a ’sponsored’ article in Commsbusiness (no permalink available), which seems to be not much more than scaremongering by Newport Networks, who coincidentally sell a range of secure Session Border Controller devices for VoIP.
Now, the BBC article does quote Skype and a researcher from Jupiter playing down the issue – I guess there’s no smoke without fire, but is this a solution looking for a problem?
Update: Newport Networks have posted some more background to this article in their blog. Thanks to Dave Gladwin of Newport for pointing me to this.
Entry Filed under: Uncategorized. Tags: bbc, newport, security, sip, skype, voip.
1 Comment Add your own
Leave a Comment
Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Trackback this post | Subscribe to the comments via RSS Feed
1.
Dave Gladwin | May 15, 2008 at 4:33 pm
Hi, I thought it worth adding that I’ve added a bit more background that did not make it into the BBC piece. I’ve posted this on the Newport blog. To extend your smoke without fire analogy, I think this is more like a smoldering cigarette end – not much of a threat at the moment, but once it catches fire…. My view is that if we avoid dropping the cigarette in the first place we don’t have to call the fire service.
Cheers
DaveG