XSS Vulnerability Plagues VoIP - Unified Communications: Click to talk

IT Knowledge Exchange

Register

Forgot Password

Site FAQ

Advertisement

Home > IT Blogs > Unified Communications: Click to talk > XSS Vulnerability Plagues VoIP

>>VIEW ALL POSTS

Unified Communications: Click to talk

Nov 14 2007 5:32AM GMT

XSS Vulnerability Plagues VoIP

Posted by: Tony Bradley

Security, VoIP, SIP, Linksys, IP communications, Unified Communications, compromise

Voice over IP, or VoIP, communication is still relatively new. Being a bleeding edge technology has its pros and cons when it comes to security. On the down side, developers are in such a hurry to be the first to market, and they want to maximize performance, so security is not a priority. On the up side, attackers are often slower to jump on the bandwagon and adopt bleeding edge technologies. But, as the technology catches on and gains critical mass, it becomes a target for attackers while still lagging in security. That is where VoIP finds itself now. It is being widely adopted and it is a growing technology which makes it a juicy target for attackers. Now it is time for the vendors to go back and duct tape some security functionality onto their VoIP technology. According to this Computerworld.com article, a proof of concept has been released demonstrating how a relatively simple cross-site scripting flaw can be used to compromise desktop clients using SIP (Session Initiation Protocol), commonly used by many VoIP clients.

Comment

RSS Feed

Comment on this Post

You must be logged-in to post a comment. Log-in/Register

Ask an IT Question

About the Blogger

Tony Bradley

Tony Bradley is Founder and President of S3KUR3, Inc., providing expertise and written content on a variety of technology subjects, but specifically focused on information security and Microsoft Unified Communications. Tony has driven security policies and technologies for antivirus and incident response for Fortune 500 companies, and he has been network administrator and technical support for smaller companies. He maintains his own information security blog, Essential Computer Security (www.tonybradley.com), and has also written for a variety of other Web sites and publications, including BizTech Magazine, PC World, SearchSecurity.com, WindowsNetworking.com, Smart Computing magazine, and Information Security magazine. Tony is a CISSP (Certified Information Systems Security Professional) and ISSAP (Information Systems Security Architecture Professional). He is Microsoft Certified as an MCSE (Microsoft Certified Systems Engineer) and MCSA (Microsoft Certified Systems Administrator) in Windows 2000 and an MCTS (Microsoft Certified Technology Specialist) in SharePoint and Office Communications Server. Tony is a 4-time recipient of the prestigious Microsoft MVP (Most Valuable Professional) award for Enterprise Security. READ MORE

>> READ MORE ABOUT THE BLOGGERS

Blog Roll

Help

Subscribe to Alerts

RSS feed of Unified Communications: Click to talk

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.

All Rights Reserved, Copyright 1999-2009, TechTarget | Read our Privacy Policy | Site Map