Fake MicroSoft calls Post: 303011432

Sponsored Content

Special Forums Cybersecurity Fake MicroSoft calls Post 303011432 by Neo on Thursday 18th of January 2018 08:17:32 AM

01-18-2018

Administrator

I recall VoIP vulnerabilities over the years and for many years.

On another note, it is always important to keep in mind that (IT) RISK is the intersection of VULNERABILITY, THREAT & CRITICALITY.

So, even if there is a VULNERABILITY, if there is no real THREAT or CRITICALITY, then RISK is LOW.

For example, for someone who uses VoIP and is not a high profile person or spy or criminal etc who has THREATS and if a VULNERABILITY is exploited, it does not do critical harm (in the case of VoIP threats for most people who use VoIP daily), then the RISK is low.

I've been aware of possible VoIP exploits for many years, but it does not stop me from using the myriad technologies that use VoIP. This especially applies to VoIP technologies which are encrypted. LINE, What's App and I believe Skype are all encrypted and so exploiting these VoIP vulnerabilities are non trivial, as I recall, and so most users who use encrypted VoIP are not at high RISK.

There is also the RISK MITIGATION model, which combines TECHNICAL (LOGICAL) CONTROLS, PHYSICAL CONTROLS AND ADMINISTRATIVE CONTROLS, should be considered as well

Encrypting a VoIP channel is a TECHNICAL CONTROL and having a policy whereas HIGHLY SENSITIVE USERS do not use these apps unless approved is an ADMINISTRATIVE CONTROL.

It is important to keep in mind that RISK MANAGEMENT and RISK MITIGATION is a multidimensional and multifaceted approach, so VULNERABILITIES must be viewed in context to the THREAT and CRITICALITY; and RISK MITIGATION must be viewed in terms of RISK and the "best" combination of controls (ADMIN, TECH, PHYSICAL) based on RISK (and this implies budget as well).

Cheers.

This User Gave Thanks to Neo For This Post:

Neo

View Public Profile for Neo

Visit Neo's homepage!

Find all posts by Neo

2 More Discussions You Might Find Interesting

1. IP Networking

Identification of data calls & voice calls

Is there any facility to filter/identify the data calls and voice calls coming throug modem? OR Can we get the data or voice calls information through a script(preferably C Kermit)?

2. Windows & DOS: Issues & Discussions

Microsoft Powerpoint 2003 stops working after 12 April 2011 Microsoft Updates

For the benefit of the community this is a widespread worldwide problem affecting multiple versions of Microsoft Windows. Powerpoint erroneously reports Powerpoint presentation damaged and then often hangs. Until Microsoft sort this out, try removing Powerpoint security update KB 2464588...

LEARN ABOUT HPUX

shadow

shadow(4)						     Kernel Interfaces Manual							 shadow(4)

NAME

       shadow - shadow password file

SYNOPSIS

DESCRIPTION

       The file is created from the file by the command.  It is readable only by a privileged user.  It can be modified by the and commands.  Pro-
       grams may use the interfaces described in the getspent(3C) manpage to access this information.  These functions	return	a  pointer  to	an
       structure, which is defined in the header file.

   Fields
       The  file  is an ASCII file consisting of any number of user entries separated by newlines.  Each user entry line consists of the following
       fields separated by colons:

	      login name Each login name must match a login name in puts the user entries in in the same order as the entries.

	      encrypted password
		     The password field of each entry contains an "x", and the actual encrypted passwords reside in The encrypted  password  field
		     consists  of  13 characters chosen from a 64-character set of "digits".  The characters used to represent "digits" are for 0,
		     for 1, through for 2 through 11, through for 12 through 37, and through for 38 through 63.

		     If the SHA11i3 product is installed, the password field may contain the prefix , where n is a label identifying  an  alterna-
		     tive  algorithm  used  for the password hash.  Using the new algorithm results in an encrypted password field which is longer
		     than 13 characters.  The password field will consist of digits from the same 64-character set,  as  well  as  the	additional
		     character used as a delimiter.

		     If  this field is null, then there is no password and no password is demanded on login.  Login can be prevented by entering a
		     character that is not a part of the set of digits (such as *).

	      last change
		     The number of days since January 1, 1970 that the password was last modified.

	      min days
		     The minimum period in days that must expire before the password can be changed.  See also in security(4) and the  command	in
		     passwd(1).

	      max days
		     The  maximum  number  of  days for which a password is valid.  A user who attempts to login after his password has expired is
		     forced to supply a new one.  If min days and max days are both zero, the user is forced to change his password the next  time
		     he  logs  in.  If min days is greater than max days, then the password cannot be changed.	These restrictions do not apply to
		     the superuser.  See also in security(4) and the command in passwd(1).

	      warn days
		     The number of days the user is warned before his password expires.  See also in security(4) and the command in passwd(1).

	      inactivity
		     The maximum number of days of inactivity allowed.	This field is set with the option of either the or command.  If this value
		     is  greater than zero, then the account is locked if there have been no logins to the account for at least the specified num-
		     ber of days.  If this value is less than or equal to zero, the value is determined by the attribute.  See the description	of
		     in security(4).

	      expiration
		     The  absolute  number  of	days  since Jan 1, 1970 after which the account is no longer valid.  A value of zero in this field
		     indicates that the account is locked.

	      reserved
		     The reserved field is always zero and is reserved for future use.

   Notes
       The file is not applicable to a system which has been converted to a trusted system.

WARNINGS

       HP-UX 11i Version 3 is the last release to support trusted systems functionality.

FILES

       system password file
       shadow password file

SEE ALSO

       login(1),  passwd(1),  pwconv(1M),  pwunconv(1M),  useradd(1M),	userdel(1M),  usermod(1M),  crypt(3C),	getspent(3C),  putspent(3C),  nss-
       witch.conf(4), passwd(4), security(4).

																	 shadow(4)