Nov 14 2007 5:32AM GMT
Voice over IP, or VoIP, communication is still relatively new. Being a bleeding edge technology has its pros and cons when it comes to security. On the down side, developers are in such a hurry to be the first to market, and they want to maximize performance, so security is not a priority. On the up side, attackers are often slower to jump on the bandwagon and adopt bleeding edge technologies. But, as the technology catches on and gains critical mass, it becomes a target
for attackers while still lagging in security. That is where VoIP finds itself now. It is being widely adopted and it is a growing technology which makes it a juicy target for attackers. Now it is time for the vendors to go back and duct tape some security functionality onto their VoIP technology. According to this Computerworld.com article
, a proof of concept has been released demonstrating how a relatively simple cross-site scripting flaw can be used to compromise desktop clients using SIP (Session Initiation Protocol), commonly used by many VoIP clients.