funsec mailing list archives
Re: VoIP phone bills
From: der Mouse <mouse () rodents-montreal org>
Date: Mon, 11 Oct 2010 16:40:10 -0400 (EDT)
Poorly configured VoIP systems triggering enormous phone bills
Poorly configured phone systems have been doing that for almost as long as there have been phone systems. The only way in which this is new is that VoI[%] systems have put phone system ownership and/or configuration in the hands of thousands of not-particularly-qualified end users. It's not unlike the way personal computers put system administration in the hands of end users - and, not surprisingly, the results are remarkably similar: put an untrained and inexperienced person in a position of administering something, and, surprise surprise, you far too often get incompetent administration. [%] VoIP has been in use for a lot longer than even most "VoIP" geeks realize, just over private lines; I use VoI to to point this out, since it's really VoI, not VoIP, that is the new part of it.
We (computer geeks) do not understand telephony.
Well...sort of. The threats are not, fundamentally, new; only the details differ from the threats we have lived with for decades. Of course, if you put someone who doesn't have the security mindset in charge of security-important configuration, you will get bad security. This is nothing new either. The closest thing to a new problem I see here is that a lot of people don't realize that a VoI system's configuration _is_ security-important.
And, as I keep telling people, phreaking is the one form of attack that costs you real money, right now.
The one form? I disagree. Most forms of cracking do, when they succeed - or do you think the resources (staff time and downtime, mostly) required to clean and reinstall cracked systems come free? /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mouse () rodents-montreal org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- VoIP phone bills Rob, grandpa of Ryan, Trevor, Devon & Hannah (Oct 11)
- Re: VoIP phone bills der Mouse (Oct 11)
- Re: VoIP phone bills Tomas L. Byrnes (Oct 11)