Published September 25th, 2005
in Technology.
If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
I was quoted in a recent Boston Globe article on VoIP security. Someone is always raising the red flag of FUD when they see a quote that screams “beware.” And yes, my company provides VoIP Security services. But I’m not trying to scare anyone into buying my services. If you think I am off the ball on the true danger within VoIP technology consider the following:
I think the greatest threat to VoIP security is bad code! Vulnerability in VoIP products will lead to DoS and remote system compromise.
Vendors think the greatest threat to VoIP security is Voice SPAM and call ease dropping.
My opinions are based on history. Look at vulnerabilities in Apache, IIS and most major mail servers. The greatest business damage came from remote code execution, not spam or web page ease dropping.
My concerns place greater responsibility on the vendor
The vendors concerns places greater responsibility on outside forces. Spammers, network administrators.
The vendors are selling anti voice spam and VoIP encryption products. Keeping those issues in the news means more product sales?
Do we really expect VoIP vendors to say they have security flaws in their code?
Everytime I’ve speak about VoIP security I have always cut the vendors a lot of slack. VoIP code is inherently complex and difficult to make secure. I don’t think vendors are ignoring the problem, its just difficult to get right. The fact remains that not many people are talking about this fundamentel insecurity in VoIP products. Bad code. And in that since its like 1999 all over again.
Published September 21st, 2005
in Technology.
I’ve posted some our research PDU’s and slides from resent presentations on a un-offical SecurityLab Research page.
Published September 20th, 2005
in Entrepreneurship, Travel and Technology.
Martin Varsavsky and a group of 300 really cool people are gathered at an elite conference in NYC this week. The conference was created by Bill Clinton, he’s calling it the Clinton Global Initiative. Its similar to Davos, only smaller. I know a few other people personally, that are attending most of whom I met in Spain.
I am at another almost as elite conference. Its the leading conference on voice communications. Voice On the Net. I am speaking on Thursday and SecurityLab has a booth at the exihibition.
Published September 19th, 2005
in Politics and American Voices.
The NY Times published a highly critical op-ed of President Bush. It is stinging, and probably represents what most Americans are feeling about the President’s response to the devastation of Katrina.
One thing I have been thinking about lately is how events define individuals, but more specifically politicians. Most people can easily think of 3 politicians who defined themselves based on how they acted in response to a great change in society or event. Think about JFK, Nixon, Truman, and Churchill. Think about Giuliani.
Giuliani was a very dividing figure in NYC, but his response to 9/11 was extraordinary. Most people can agree on this. But how will Ray Nagin be defined (the mayor of New Orleans). Why Giuliani is a household name but Ray Nagin is not? What is the difference between these two politicians? How much of these individuals were defined by the national governments response (Bush) as opposed to their personal responses? Was Ray Nagin the victim of a lack of interest by the national government or just a leader who couldn’t lead? I wonder.
Published September 14th, 2005
in Politics.
So Andrew lost the race for Public Advocate. It was a hard fought race but he was able to bring to the foreground a lot of issues that hopefully will be addressed by the new (old) political establishment.
I’m of course a little frustrated. Not because he lost, it was an uphill battle agaisnt an incumbent. But because the more I learn of politics the less I believe in the system. Its stanks of elitism. Come election time everyone tries to show how “down to earth” they are. How “like-us” or “humble” they are but its mostly propoganda. Why don’t more politicians just say “Look, I make a lot of money now. I don’t need the money. But I’ve been contributing and helping other campaigns for the last X years. So its my turn to have some power. Elect me.”
The frustrating part is that its a never ending cycle. How many political outsiders actually win? Excluding billionaires. Its tough to get into office. Then once you get in you have to spend all your time preparing for the next office. Then a disaster occurs and you realize “oh crap, I am actually expected to DO something.”
Well it will be a long night for me. I don’t plan on sleeping. Just work.
Recent Comments