A technical review conducted by the British government has found several security flaws in products that use VoIP and text messaging, including those from Microsoft and Cisco Systems.
The flaws affect software and hardware that support the real-time multimedia communications and processing standard, known as the International Telecommunications Union (ITU) H.323 standard.
News.context
What's new:
Researchers have found several security flaws in products that use VoIP and text messaging, including those from Microsoft and Cisco Systems.
Bottom line: Microsoft and Cisco have addressed the issue, but several companies' products are also at risk.
The security problems can cause a product that supports H.323 to crash. For example, in Cisco telecommunications products running its IOS operating system, the vulnerability could be used to cause the devices to freeze or reboot. However, on Microsoft's Internet Security and Acceleration Server 2000, which is included with Small Business Server 2000 and 2003 editions, the vulnerability could allow an attacker to take control of the system.
Ironically, in Microsoft's case, the Internet Security and Acceleration Server is designed to help protect companies' networks from online attacks. Specifically, a filter used in the server that secures VoIP communications is vulnerable to the flaw.
"It is kind of the same situation that we have seen--a certain level of human error is going to be present and that is true even for security software," said Stephen Toulouse, security program manager for Microsoft.
Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.
Also Tuesday, Cisco Systems published an extensive advisory outlining which of its products are affected and giving instructions on how to patch them. Among the vulnerable products are CallManager version 3.0 through 3.3, Conference Connection, Internet Service Node and several VoIP switches.
Cisco would not comment on the issue except to refer people to the advisory.
Several other companies also produce products that may be affected, but as of midday Tuesday only Cisco and Microsoft had issued advisories and patches.
Avaya, Fujitsu, Hewlett-Packard, Lucent and Nortel are investigating the issue. Apple, Hitachi, NetBSD, Red Hat and Symantec have determined that their products aren't affected by the flaws.
Get Up to Speed on... VoIP Get the latest headlines and company-specific news in our expanded GUTS section.
The flaws were found by the United Kingdom's Internet security watchdog, the
National Infrastructure Security Coordination Centre. The group had been testing a variety of products used in the United Kingdom's critical communications infrastructure and discovered the problem.
While a malicious attacker could use the flaws to disrupt VoIP networks, companies using Microsoft's Small Business Server 2000 and 2003 are at particular risk. An attacker can gain a beachhead into a company's network using the flawed H.323 filter, said Microsoft's Toulouse.
"This sort of illuminates to me the value of security researchers where they can test all the situations in which our customers use the product," he said. "H.323 is a very specific protocol. I would hazard a guess that (most people) had not heard about it before today."
As you communicate with your new friends through online messaging & flirts you will find many people with similar interests that you can communicate with. Remember, thousands of adult singles join online dating sites everyday for love, romance and friendship. Online Dating gives you a better way to communicate with your partners. regards, <a class="jive-link-external" href="http://www.silvergallerydating.com" target="_newWindow">http://www.silvergallerydating.com</a>
Uniform Dating brings together those working in professions such as the armed forces, police, navy, security, medical, ambulance, prison, air crew and fire fighters, for friendship, love and romance. ---------- rohn <a href="http://www.hookup-tonite.com">http://www.hookup-tonite.com</a>
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
The Samsung Galaxy mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
Tor's "obfsproxy" technology would make encrypted data look innocuous and let it dodge government censors. That could help citizens in Iran reach blocked sites as antigovernment protests reportedly loom.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
George Lucas has just released his version of "Star Wars" in 3D, but c'mon--the guy believes Greedo shot first. Why not make your own Star Wars world? In the first installment of a Crave series, a crack team of crafters fight the power and turn paper bags into the Rebel Alliance's Admiral Ackbar. It's a sack!
Microsoft and Cisco have addressed the issue, but several companies' products are also at risk.
----------
rohn
<a href="http://www.hookup-tonite.com">http://www.hookup-tonite.com</a>