http://www.voipplanet.com/trends/article.php/3776136 By Adam Stone VOIP Planet.com October 6, 2008 Can someone eavesdrop on your enterprise VoIP calls? Almost certainly. It hasn't been talked about much in the press but the simple fact is, these networks are vulnerable to snooping. Jason Ostrom is ready to prove it. As director of Sipera Systems' VIPER (Voice over IP Exploitation Research) Lab, Ostrom has been busy devising ways to sniff out VoIP vulnerabilities. He's just released VIPER's latest offering, UCSniff, a free tool capable of listening in on calls within an enterprise. Lots of calls. UCSniff has two modes. First it can 'learn,' discovering all phones and extensions on a network and mapping their addresses. Within learning mode the program also can launch a 'directory module,' sucking out contact data from a user's directory and adding that information to its own directory. Having learned its way around the system, UCSniff can then 'target' users for eavesdropping, picking out individual phones by extension in order to zero in on calls made by a particular caller. It gets better. Rather than just hearing one side of a conversation, UCSniff is bi-directional. Using G.711 and G.722 codecs, the program can automatically listen in on and record both sides of a conversation. This has ramifications. Suppose the VP of Sales is chatting about strategy with the CEO. What's it worth to the competition to know what is being said? If UCSniff can hear it, that's pretty solid evidence that the bad guys can too. [...] __________________________________________________ Register now for HITBSecConf2008 - Malaysia! With a new triple-track conference featuring 4 keynote speakers and over 35 international experts, this is the largest network security event in Asia and the Middle East! http://conference.hackinthebox.org/hitbsecconf2008kl/Received on Sat Oct 11 2008 - 00:03:54 PDT
This archive was generated by hypermail 2.2.0 : Sat Oct 11 2008 - 00:14:45 PDT