1. Should vendors have to PAY a security research firm to receive detailed vulnerability disclosure?
(Home/General)

A good discussion going on related to security research firms charging for security vulnerability I.P. versus releasing it to the vendors for free. Check it out here . Feel free to comment.

2. NSA-Funded 'Cauldron' Tool Goes Commercial
(Home/General)

A vulnerability analysis tool used by the National Security Agency (NSA) and U.S. Department of Homeland Security is now commercially available for enterprises that want to either make sense of t

3. Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution
(Home/General)

This security update resolves two privately reported vulnerabilities in Microsoft Exchange Server. The first vulnerability could allow remote code execution if a specially crafted TNEF message is

4. 101 on VoIP AT&T video
(Home/General)

I was passed a good video presentation created by AT&T that does the 101 on VoIP. It is excellent for the uninitiated. Check it out here .

5. Top security suites fail exploit tests
(Home/General)

...bit of unrelated news, a report had been published last week which down-played the effectivneess of current security suites in mitigating current attacks. I find it amazing to see big names falling in...

6. FEMA phones hacked; calls made to Mideast, Asia
(Home/General)

A hacker broke into a Homeland Security Department telephone system over the weekend and racked up about $12,000 in calls to the Middle East and Asia. Check it out here .

7. Risks in the Enterprise Deconstructed conclusion
(BleedingVoIP Security Series/Security Series)

BleedingVoIP Security Series continues its analysis of security in the enterprise; we take a look at Remote users and VoIP over wifi. Risk G - Don't trust those you don't know In today's

8. VoIP Security: A Management Perspective
(VoIP Whitepapers/General Articles)

This detailed white paper looks at VoIP from a security perspective with specific attention paid to compliance and other issues of concern to the financial services sector. VoIPshield Systems publis

9. A Practical Guide to Locking Down VoIP
(VoIP Whitepapers/General Articles)

This white paper includes actionable strategies for IT, security and telecommunications professionals in the development and implementation of an enterprise VoIP security strategy. VoIPshield System

10. Protecting VoIP Infrastructure
(VoIP Whitepapers/General Articles)

...t regulatory controls to ensure the privacy of customer information, a continued lack of emphasis on VoIP security will eventually leave organizations open to legal risks.VoIPshield Systems publish...

11. Large disclosure of VoIP vendor vulnerabilities
(Home/General)

...44 major vulnerabilities. VoIPshield Systems on April 2 will seek to set itself apart among voice-over-IP security providers when it launches what officials claim is the first database of vulnerabi...

12. Social Security Confirms Nortel Government Solutions for World’s Largest VoIP
(Home/General)

WASHINGTON – The US Social Security Administration** (SSA) has confirmed selection of a team led by Nortel Government Solutions* to deploy one of the world's largest enterprise VoIP networks

13. Risks in the Enterprise Deconstructed continued
(BleedingVoIP Security Series/Security Series)

BleedingVoIP Security Series continues its analysis of security in the enterprise; we take a look at IP Trunking and PSTN-VoIP gateways.   Risk D - Prison break A typical call

14. Total surveillance made easy with VoIP phones
(Home/General)

...st, the results I’ve got were rather disturbing and made me get a totally new view on the VoIP phone security landscape. Check it out GNUCITIZEN . ...

15. Counterfeit Cisco sold to federal and military air traffic controllers
(Home/General)

...Apparently it is widespread in the IT industry. Could there be any impact on VoIP related services from the security point of view? Probably. Check it out at Cisco counterfeit. ...

16. Cisco vs. Nortel VoIP Signaling Showdown
(Showdowns/BleedingVoIP Showdowns)

...CK in-sequence packets and NAK out-of-sequence ones. The sequence number is a 32-bit unsigned integer. For security reasons, the sequence starts at a random number in the range 0 to 65535. Since the...

17. 2007 Cisco Annual Security Report
(VoIP Whitepapers/General Articles)

The Cisco® Annual Security Report provides an overview of the combined security intelligence of the entire Cisco organization. The report encompasses threat information and trends collected betwee

18. VoIP attacks decreasing or increasing in new year?
(Home/General)

...are in corproate networks and they run proprietary protocols. It's simply bullshit. Anybody that knows VoIP security knows it makes little sense. Firstly, internal VoIP attacks are more common than ex...

19. Top 5 VoIP vulnerabilities of 2007
(Home/General)

Sipera VIPER™ Lab, operated by Sipera Systems, the leader in comprehensive VoIP/UC security solutions, today revealed the Top 5 VoIP Vulnerabilities in 2007. In assembling this list, the Siper

20. My Opinion - Security. Do more and ignore less.
(Home/General)

VoIP Security. In a world where software is ever increasing, where sharing is ubiquitous, and application systems are vulnerable. Where hacking mediums are plentiful and on the rise, you can find ju

21. National Security Agency Certifies New IP Phone
(Home/General)

...namics (NYSE: GD), announced today that the Sectéra vIPer Phone has been certified by the National Security Agency (NSA) to protect classified communications via voice over Internet Protoco...

22. Ensure successful VoWLAN
(VoIP Whitepapers/General Articles)

VoWLAN promises to bring a new level of cost effectiveness to VoIP. Relying on VoIP security implemented entirely in software is simply not a viable strategy for VoIP implementations over WAN. Check

23. ISS - The Evolving Solution and the Evolving Threat
(VoIP Whitepapers/General Articles)

Published by ISS, talks at high level about VoIP security in general. It is an older publication but I still like it.

24. IPsec in VoIP Networks
(VoIP Whitepapers/General Articles)

VoIP Security is becoming ever more important as high profile fraud cases hit the press. Strong authentication of users helps mitigate these attacks, a fact recognised by 3GPP in the IMS security fr

25. Proactive Approach to Security
(VoIP Whitepapers/General Articles)

...is required. This document examines these differences, new types of attacks, and provides a comprehensive security architecture for VoIP networks in the context of practical VoIP security problems....

26. Risks in the Enterprise Deconstructed
(BleedingVoIP Security Series/Security Series)

BleedingVoIP Security Series examines security in the VoIP enterprise; we take a look at VLANs and switches, IP PBX signaling and SPIT in the core.   Risk A/F - The fragile switch

27. VoIP in the News
(VoIP Buzz/VoIP News)

... Criminals exploiting. FBI warns of flawed Asterisk 2008.12.08 Security FEMA phones hacked; calls made to Mideast, Asia ...

28. VoIP Sites
(Community/VoIP sites)

... VoIPsa VOIPSA's mission is to drive adoption of VoIP by promoting the current state of VoIP security research, VoIP security education and awareness, and free VoIP testing methodologie...

29. Blogs
(Community/Blogs)

Microsoft Security blog Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, and other related guidance and information.

30. Podcasts
(Community/Podcasts)

BlueBox Podcast A weekly podcast offering news, views and commentary on security issues for Voice Over IP and IP Telephony