I will be taking some time off for the holidays, so I doubt I will be posting much. I doubt I will be thinking too much about VoIP security anyway :) I hope to play a lot of poker. If anyone is interested in tracking my degenerate poker activities, see my poker blog at:
Here is an article containing 25 steps you can take to secure your VoIP system. There is some good summary information here. I would have ordered the steps differently, but thats me (I am not sure they are supposed to be in any order):
I finally got around to playing around with some of the click-to-talk services that are out there. These aren't new and have been talked about on VoIPSA and other sites for a while. The one I played with is Jajah. Google also offers this feature for certain links. Anyway, Jahah lets you type in your number and another number to call. These are normal PSTN numbers, like cell phones. I entered two cell phone numbers and Jajah went ahead and connected them. I was thinking that it would be really nasty to put in a phone number for a porn site or some other sleazy site and repeatedly connect it to someone I don't like. Its easy to use this service to hassle or embarrass people. I am not sure what Jajahs motivation is - hopefully they are not harvesting the numbers you enter.
As google pushes this service, it seems like it would be easy to bring up a bunch of undesirable sites, and have em' all call someone you want to embarrass or harass. Hopefully google will put in some sort of checks to prevent this from happening.
This is an interesting article. There is a new law in the UK that may make it illegal to use tools, such as DoS tools, and to distribute tools that make be used for hacking. This seems dumb. Never mind, it is dumb. Any tool, they use nmap as an example, can be used both for hacking and to help assess the security of a network. What do they want - people to stop develop security testing tools? Then the only people who could test for and exploit vulnerabilties are attackers. How in the world are they going to judge that a tool like nmap is good or bad? Even DoS tools have a legitmate role as a way to test systems for attack susceptibility. Anyway, check out the link - it includes links to the actual laws.