funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: VoIP phone bills

From: der Mouse <mouse () rodents-montreal org>
Date: Mon, 11 Oct 2010 16:40:10 -0400 (EDT)
Poorly configured VoIP systems triggering enormous phone bills


Poorly configured phone systems have been doing that for almost as
long as there have been phone systems.  The only way in which this is
new is that VoI[%] systems have put phone system ownership and/or
configuration in the hands of thousands of not-particularly-qualified
end users.

It's not unlike the way personal computers put system administration in
the hands of end users - and, not surprisingly, the results are
remarkably similar: put an untrained and inexperienced person in a
position of administering something, and, surprise surprise, you far
too often get incompetent administration.

[%] VoIP has been in use for a lot longer than even most "VoIP" geeks
    realize, just over private lines; I use VoI to to point this out,
    since it's really VoI, not VoIP, that is the new part of it.


We (computer geeks) do not understand telephony.


Well...sort of.  The threats are not, fundamentally, new; only the
details differ from the threats we have lived with for decades.

Of course, if you put someone who doesn't have the security mindset in
charge of security-important configuration, you will get bad security.
This is nothing new either.  The closest thing to a new problem I see
here is that a lot of people don't realize that a VoI system's
configuration _is_ security-important.


And, as I keep telling people, phreaking is the one form of attack
that costs you real money, right now.


The one form?  I disagree.  Most forms of cracking do, when they
succeed - or do you think the resources (staff time and downtime,
mostly) required to clean and reinstall cracked systems come free?

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse () rodents-montreal org
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: