Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Buffer overflows are predicted to hit PBXs.

Fortify : 20 March, 2008  (Company News)
Fortify Software, the application vulnerability specialist, says that companies may soon find their PBX computerised telephone switchboards being hit by a new wave of security flaws.
The news follows on from reports from the MU Security Research Team about security flaws in the Asterix range of IP-PBX software applications, which a growing number of companies are using to computerise their switchboards and take advantage of low cost Internet telephony calls.

'Recent reports suggest that as many as 50 per cent of major companies are using Internet telephony services as a way of cutting their telecommunications costs, but our analysis is that they also need to review their IP telephony security arrangements as well,' said Rob Rachwald, Fortify's director of product marketing.

'The Buffer Overload problem in the RTP payload handling code when dealing with a malformed INVITE or SIM packet with SDP, is, we predict, one of several buffer-based security problems you're going to see with company IP telephony systems in the near future,' said Rachwald.

'Most companies have installed multi-layered security technology on their computer network, but IP telephony services almost always escape the scrutiny of the IT security systems in place to protect a company's computers and network technology,' added Rachwald.

At the moment, says Rachwald, IP-PBX hackers are confining their activities to crashing systems or causing a denial of service attack for mischievous purposes.

'That situation will change, we predict, as hackers from the criminal side of things start to realise the revenue potential from hacking into company PBXs and then hack for monetary gain from that route,' Rachwald said.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo