CIO Symmetry

A SearchCIO Small Business blog

» VIEW ALL POSTS Dec 9 2008   9:11PM GMT

Recent FBI vishing scam warning an old issue



Posted by: Kristen Caretta
Tags:
CIO
Hacking
Midmarket CIO
Security
VoIP

Last Friday, the FBI issued a warning about a security vulnerability that could be used by cybercriminals to make vishing telephone scams.

Vishing (combining phishing and voice) uses Voice over IP (VoIP) features to gain access to company information. In this case, the flaw was found in a free and widely used open source toolkit – Asterisk.

According to a posting on the Internet Crime Complaint Center, hackers who gain access and exploit the Asterisk flaw can potentially auto-dial thousands of people in an hour.

Security risk news spreads like wildfire and the FBI vishing warning was no exception — bloggers everywhere began weighing in. It was quickly learned, however, that the security scuttlebutt was actually an old issue.

According to a Digium blog post, the bug was originally found in March (AST-2008-03, a SIP guest permissions problem) and was patched for 1.2 and 1.4 versions of the software (1.6 releases were not vulnerable). The bug did not allow the arbitrary setting of caller ID and would work in only a limited set of circumstances.

It sounds quite similar to the telephone scams already known, no VoIP hacking necessary! The Federal Communications Commission already warns us about everything from the Mexico Collect Call Scam to the 90# Telephone scam.

Just another reminder to keep your information safe by making your passwords safer … and do your homework before going off on new exploits.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: