Unified Communications: Click to talk

Nov 14 2007   5:32AM GMT

XSS Vulnerability Plagues VoIP

Tony Bradley Tony Bradley Profile: Tony Bradley

Voice over IP, or VoIP, communication is still relatively new. Being a bleeding edge technology has its pros and cons when it comes to security. On the down side, developers are in such a hurry to be the first to market, and they want to maximize performance, so security is not a priority. On the up side, attackers are often slower to jump on the bandwagon and adopt bleeding edge technologies. But, as the technology catches on and gains critical mass, it becomes a target for attackers while still lagging in security. That is where VoIP finds itself now. It is being widely adopted and it is a growing technology which makes it a juicy target for attackers. Now it is time for the vendors to go back and duct tape some security functionality onto their VoIP technology. According to this Computerworld.com article, a proof of concept has been released demonstrating how a relatively simple cross-site scripting flaw can be used to compromise desktop clients using SIP (Session Initiation Protocol), commonly used by many VoIP clients.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: