« Another Vulnerability | Main | Another Book Review and VoIP Security Comments »

February 26, 2007


Jeff Carr

Good article by Mr. Orans. We spoke recently and many of his points we agree. I would however take slight exception to the SPIT comment. Many email spam today don't bother with URL, such as "pump and dump" stock scams using image spam. I heard this SAME argument about email spam three years ago when many analysts said it would die “because nobody would respond” or too low to make it worth while. The reality of IP security is the BAD GUYS always find a new angle to get to the victims. If we have some new method of reaching people using IP (ie. VoIP) then the bad guys will most certainly adjust tactics and figure out the optimal way to exploit it, they won’t just give up. For example, in a SPIT scenario, they could easily set it up so all the recipient has to do is press a single button (Press 1 to reach our mortgage loan agent standing by) vs. the suggestion we would have to write down a URL and then follow up later. This is a simple example; I can see many more ways to exploit.

The comments to this entry are closed.

My Photo

Search Blog

  • Search Blog


Become a Fan

Telephony Denial of Service (TDoS)