SIP phones buggable

The full-disclosure list has revealed that SIP devices can be vulnerable to a ‘silent pickup’ feature.

“The research that was published indicates that, for at least one
vendor, it is possible to automatically call a SIP device from that
vendor and have it silently accept the call, even if it is still on the
hook – instantly turning it into a classic bugged phone. Whereas
historic telephony bugs needed physical targeting of the line running to
a property or place of business, the presence of VoIP in the equation
allows bugging from anywhere in the world with equal ability. Now anyone
can do from their armchair what only spies and law enforcement used to
be able to do from inside the telephone switch / pit / distribution
board, though it’s still illegal to do so.”

Read more…


New tools for security researchers

Mandiant released three tools that might help you with your investigations. I haven’t tested them personally, but on the outset they sound like useful stuff to have around.

The software is targeted at security researchers doing analysis on malware or first responder type work.

I’m going to test red curtain this week, if I can find the time. Keep posted.

Technorati Tags: ,

State Secrets?

This article gives me the willies on the subject of the whole FISA revisioning.

McConnell described the hectic week of negotiations that led up to the passage of this month’s FISA legislation, and he denied charges that he had negotiated in bad faith. Several versions of the legislation were circulated on Capitol Hill in the last week before the August recess, and McConnell said he didn’t have time to review the Senate’s latest draft until Friday evening. At that point, he found provisions he considered unacceptable and insisted that the Senate pass a different version that had first circulated two days earlier. The Senate passed McConnell’s preferred version and adjourned, forcing the House to either pass the Senate’s language or no language at all.

Point&Click wiretaps

Documents recently declassified under the Freedom of Information Act indicate that the FBI has constructed a point-and-click surveillance system capable of instantaneously tapping into almost any communications device. The Digital Collection System Network (DCSNet) links FBI wiretapping stations to switches run by landline operators, Internet-telephony providers, and cellular companies. The system consists of software that captures, filters, and stores phone numbers, calls, and text messages, and directly connects FBI wiretapping rooms throughout the nation to a wide-ranging private communications network. The outposts are connected via a private, encrypted backbone that is independent of the Internet and is run by Sprint for the government. Telecoms’ installation of telephone-switching gear that meets wiretapping standards was mandated in 1994 with the passage of the Communications Assistance for Law Enforcement Act (CALEA), thus giving the FBI the ability to log directly into the telecom’s network. CALEA’s coverage was recently extended to require broadband ISPs and certain VoIP companies to enable their networks for federal wiretapping. Since telecoms became more wiretap-friendly, the volume of criminal wiretaps rose 60 percent from 1,150 to 1,839 in the past 10 years, and in 2005 92 percent of those wiretaps targeted cell phones, according to a 2006 report. CALEA wiretaps and the processing of all calls collected by DCSNet have racked up substantial costs, and security experts are worried that the system introduces new vulnerabilities to the telecommunications network. The declassified documents point to numerous flaws in DCSNet that Columbia University computer science professor Steven Bellovin finds appalling, especially because they indicate the FBI is ignorant of inside threats. “The underlying problem isn’t so much the weaknesses here, as the FBI attitude towards security,” he says.
Click here to View the Full Article
Thanx to the ACM TechNews.

Technorati Tags: ,

Hack a Nuclear Power plant

This article in Forbes is a pretty good example what one can do with the SCADA system. It’s installed and after that it’s basically forgotten. A gaping hole waiting to be used.

It reminded me of the movie Die Hard 4, oh excuse me, Live Free or Die Hard, I recently watched. Even though the movie is totally ridiculous, it has some points in it that give you something to think about.

Technorati Tags: ,

Police Phone Taps Stolen

The Independent reports that ‘a server’ was stolen from a private firm.

Police chiefs have launched a major investigation after the theft of a computer database containing thousands of top-secret mobile phone records from terrorism and organised crime investigations.

One of the worrying points (to me) is that the server was operated by a private firm. If the data was indeed top-secret, why was a private firm operating it?

But, to be able to walk out of a facility which is supposed to safeguard top-secret data, is a good enough reason to evaluate some decisions…

Technorati Tags: , ,


I wanted to write about BotHunter for quite some time, but, alas, the holidays interfered.

BotHunter is basically a fully passive analyser based on the Snort tool. The text on their website says:

BotHunterTM is a novel, dialog-correlation-based engine (patent-pending), which recognizes the communication patterns of malware-infected computers within your network perimeter. BotHunterTM is a passive traffic monitoring system, which ties together the dialog trail of inbound intrusion alarms with those outbound communication patterns that are highly indicative of successful local host infection. When a sequence of in and outbound dialog warnings are found to match BotHunter’s infection dialog model, a consolidated report is produced to capture all of the relevant events and event sources that played a role during the infection process.

They presented a paper at the 16th USENIX Security Symposium. It’s well worth reading.

Technorati Tags: ,