27 July 2007

VoIP Security

Securing VoIP, now there's a interesting task! Over the last couple of months, I think that I have almost read everything that there is to read about VoIP and securing it. I must say that I'm all for VoIP technology, but after deciding that I really needed to learn about what's happened in regard to VoIP over the last few years, as I hadn't touched it for a while, I'm shocked to say that the risks have increased a hell of a lot, but it seems that most vendors,(aside from one), haven't really catered for these risks, and still have the same old slap dash security in place. Also, finding buffer overflows that no-one has reported really worries me, as things like this should have been fixed ages ago, and trust me, it really wasn't a difficult one to find at all, no fuzzers, just a string of random characters and boom! One of the other things that really bugs me, is who in their right mind, this day and age still uses telnet on their kit, and who allows this to be used on their network, when will people wake up? Well, I could rant on about VoIP for ages, but I'm not going to, I'm going to stick to using a normal phone as little as possible, e-mail and Instant Messaging as much as possible, and all other comms can be done on IRC, the way that they were supposed to be. Speaking of IRC, here's a nice little titbit from bash.org yay I fixed my laptops battery! it was so dead, nothing would charge it so I gave it the electronic equivalent of a kick in the head, by shorting the +/- terminals for 5 minutes don't they have stickers on them that say they could explode or catch fire by doing that? yeah but it's ok, I took them off first.