VoIP Tech Chat

I r muzikal n delishus

1spam n. \ˈspam\  unsolicited usually commercial e-mail sent to a large number of addresses

Millions of dollars are spent every year by companies and individuals combating spam. Spam filters, email systems with integrated spam management, reviewing spam emails for real emails that got inappropriately flagged, storing spam, deleting spam, reporting spam, it all adds up.

Read the rest of this entry »

Great cast, ok movie.

That phone call I got, it came from outside high walls and fancy gates; it comes from a place you know about maybe from the movies. But I come from out there, and everybody out there knows, everybody lies: cops lie, newspapers lie, parent’s lyin’. The one thing you can count on – word on the street… yeah, that’s solid. — Suicide Kings

Word on the street tells us that Microsoft plans to “unveil” their new phones (code-name PINK) on April 12th. The phones, rumored to be manufactured by the Danger team, will be aimed at a “younger” crowd and we expect features such as Facebook integration, social media connectivity, and music to be heavily marketed. Of course, we still haven’t forgotten the T-Mobile Sidekick/Danger fiasco…

The April 12th date follows the highly expected iPhone OS 4.0 release from Apple. Looks like April’s showers may make for a big May.

Suggested Readings:

• Microsoft to unveil ‘Pink’ phones on April 12 (The Money Times)
• Microsoft “Pink” Phone to Launch April 12? (TG)
• Microsoft ‘Pink’ Phones Due Monday? (Information Week)

Microsoft announced today several critical warnings for Microsoft products, including Windows 2000, Windows 2003 Server, and Windows XP. Microsoft Security Advisories are a way for Microsoft to communicate security information to customers about issues that may not be classified as vulnerabilities and may not require a security bulletin. Each advisory will be accompanied with a unique Microsoft Knowledge Base Article number for reference to provide additional information about the changes. Read the rest of this entry »

Microsoft SQL Server

Microsoft announced a new security vulnerability affecting almost the entire Microsoft SQL Server product line. The warning verifies a vulnerability allowing remote code execution on systems running:

• Microsoft SQL Server 2000
• Microsoft SQL Server 2005
• Microsoft SQL Server 2005 Express Edition
• Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
• Microsoft SQL Server 2000 Desktop Engine (WMSDE)
• and Windows Internal Database (WYukon)

Note: Systems with Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008 are not affected by this vulnerability.
Read the rest of this entry »

VoIPShield, a VoIP security solutions company, announced new security vulnerabilities affecting Microsoft VoIP Products. The vulnerabilities affect applications using media stream protocols, such as RTP (Real-time Transport Protocol).

The products affected:

• Office Communications Server 2007
• Office Communicator
• Windows Live Messenger

These products deliver software-powered VoIP, presence, instant messaging and audio/video/Web conferencing functionality to end users. Microsoft estimates that over 250 million computers worldwide run these applications. All use RTP to deliver the content of the message; therefore all are vulnerable to this class of attack.

“Most of the attention in enterprise VoIP/UC security has been paid to the control channel, where SIP and other signalling protocols are used,” said Ken Kousky, CEO of CISSP certification training company IP3 Inc. and advisor to the VoIP Lab at Illinois Institute of Technology. “Until now, the media stream has been largely ignored by the security community as a source of malicious activity.  But attacks from these vectors have the potential to be dangerously persistent and widespread.”

The Microsoft vulnerabilities announced today, if exploited, cause a Denial of Service (DoS) condition against not only the stated applications but the entire desktop environment.

“Today’s announcements are just the tip of the iceberg,” said Andriy Markov, director of VoIPshield Labs. “Although they are specific to Microsoft’s applications, similar flaws exist in other VoIP vendors’ products. And many other media stream attacks exist that have more severe implications than service availability. We’re presently validating new research that shows an attacker can gain unauthorized access to an unsuspecting user’s laptop by manipulating the packets of a VoIP phone call. We believe that these attacks can even be made to traverse a PSTN gateway.”

VoIPshield has not publicly released the “full details” of the Microsoft VoIP vulnerabilities. VoIPshield, through it’s standard operating procedure, will first confidentially disclose the details to Microsoft and work with them to fix the applications.

VoIPshield Systems is a VoIP security solutions company founded in early 2005.  Headquartered in Ottawa, Canada, VoIPshield develops and markets the VoIPshield Security Suite, a set of security applications purpose-built to protect VoIP networks.