- Get a grip or you don't get the job
- Desktops of the future here today
- Researcher hides IE attack on Web
- Cisco third quarter 2008 channel stuffing
- Sci-Fi's goofiest gadgets and technology
Rss FeedRss Feed
Rss FeedNortel, Microsoft deliver UC products; CIOs prep for recession. Listen now!
DEMO '08: Toktumi eases VoIP for SMBs. Listen now!
Edison analysts put the management software of an HP EVA system through a series of typical day-to-day storage management tasks. The same tasks were also evaluated on similar systems from NetApp and EMC. This study demonstrates how the superior user interface and virtualization offered by the HP EVA storage system can provide organizations with the benefits of higher administrative efficiency combined with the potential ability to utilize less expensive human resources.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
Discover the benefits of paravirtualization in this informative webcast today. This server virtualization-themed webcast not only explores how to improve virtualized server performance, but provides real-world user examples, explains how to optimize workloads and discusses the future of server virtualization. Focus on only the themes that interest you or watch all six consecutively for a full picture of how you can lower your costs significantly through consolidation and virtualization. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
You can find related project managemen articles in
- Anonymous
Foundry Networks, Inc. (NASDAQ: FDRY) is a leading provider of high-performance enterprise and service provider switching, routing, security and Web traffic management solutions. Foundry's customers include the world's premier ISPs, metro service providers, and enterprises.
For further information on Foundry Networks please click here.
Today's enterprise network provides more than simply a technology infrastructure. It's an enabler for the enterprise, supporting mission critical applications, creating operational efficiencies and increasing productivity gains. Foundry Networks provides the ideal foundation for a multi-vendor network.
Two VoIP services and equipment alerts were issued late last month. The first advisory, issued to residential and SMB VoIP users was sent by the Sipera VIPER Lab, operated by Sipera Systems. The lab disclosed
multiple threat advisories for VoIP services and equipment users from Vonage, Globe7 and Grandstream. Among other threats,
VoIP users can be subjected to eavesdropping, spam, spoofing and denial-of-service attacks, according to a statement issued
by the lab. Full details on these vulnerabilities are posted as an educational security service to Sipera’s customers and the general public.
Based on the company’s test results, the “Vonage VoIP Motorola Phone Adapter (VT 2142-VD) and Vonage service implementations
leave users vulnerable to a form of VoIP identity theft, allowing hackers to take over a user’s phone service with a ‘registration
replay attack,’ then make and receive calls while impersonating the victim.” Since Vonage users calls aren't encrypted, the
lab also found that users are subject to eavesdropping on private voice and that “hackers can also send multiple SIP INVITE
messages to a user, an Internet version of ‘ringing the phone off the hook’ which creates a denial-of-service attack,” according
to the lab’s test results.
The lab’s test also showed that Globe7 (a European provider) had deployed a weak encryption scheme that allowed hackers to attack a user’s online account access, providing an opening for “hackers to access confidential name, password and account balance data, as well as steal VoIP service to make and receive calls, masked as a legitimate Globe7 user.”
The Sipera VIPER Lab also found that “the Grandstream HandyTone-488 PSTN-to-VoIP adapter is vulnerable to buffer overflows and fragmented packet attacks. By sending a specially crafted SIP INVITE message to public IP addresses, attackers can disconnect legitimate Grandstream users,” according to the report.
Additional details can be found here and are available for free as a public service offered by the Sipera.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
RE: VoIP security notices show security remains a multi-vendor issueBy shawn merdinger on November 9, 2007, 10:25 amToo bad SIPERA VIPER Lab doesn't provide too many technical details on their advisories -- this limits the ability to independently verify the VIPER Team findings...
Reply | Read entire comment
View all comments