[Asterisk-Dev] OMG THE SKY IS FALLING!! NOT!!!
John Todd
jtodd at loligo.com
Fri May 14 11:56:52 MST 2004
At 12:52 PM -0500 on 5/14/04, brian wrote:
>Jim Louderback just replied to me and said his "buddy" is going to show up
>and demonstrage the attack... which is just the standard man in the middle
>attack. I'm not disputing the fact that voip can be insecure... I'm just
>ticked that they come up with a boiler plate story that ALL VOIP is
>insecure. Its just like anything else on the planet if you set it up wrong
>its going to be insecure but the fact is you CAN secure it.
>
>bkw
This seems to be the week for "re-discovering" old insecurities.
Witness the big flap over the problems with 802.11 and jabber issues
("You mean you can FLOOD THE NETWORK? Alert the media!") so someone
bringing up the fact that most RTP sessions aren't encrypted, and
that most SIP sessions aren't encrypted, and that most Internet
servers are susceptable to DoS is... unsurprising.
However, there is a silver lining: the attention paid to security now
will hopefully beat the VoIP community (ourselves included) into
finally _implementing_ better application layer tools which we've
already designed. Wake up and dsniff the coffee.
JT
More information about the asterisk-dev
mailing list