Security

Discuss UNIX and Linux computer and network security, cyber security, cyber attacks, IT security, and more.

Fake MicroSoft calls

👤 Login to reply

    #8  
Old 01-18-2018
Neo's Unix or Linux Image
Neo Neo is offline Forum Staff  
Administrator
 
Join Date: Sep 2000
Last Activity: 21 July 2018, 2:42 PM EDT
Location: Asia pacific region
Posts: 14,579
Thanks: 1,032
Thanked 1,438 Times in 698 Posts
I recall VoIP vulnerabilities over the years and for many years.

On another note, it is always important to keep in mind that (IT) RISK is the intersection of VULNERABILITY, THREAT & CRITICALITY.

So, even if there is a VULNERABILITY, if there is no real THREAT or CRITICALITY, then RISK is LOW.

For example, for someone who uses VoIP and is not a high profile person or spy or criminal etc who has THREATS and if a VULNERABILITY is exploited, it does not do critical harm (in the case of VoIP threats for most people who use VoIP daily), then the RISK is low.

I've been aware of possible VoIP exploits for many years, but it does not stop me from using the myriad technologies that use VoIP. This especially applies to VoIP technologies which are encrypted. LINE, What's App and I believe Skype are all encrypted and so exploiting these VoIP vulnerabilities are non trivial, as I recall, and so most users who use encrypted VoIP are not at high RISK.

There is also the RISK MITIGATION model, which combines TECHNICAL (LOGICAL) CONTROLS, PHYSICAL CONTROLS AND ADMINISTRATIVE CONTROLS, should be considered as well

Encrypting a VoIP channel is a TECHNICAL CONTROL and having a policy whereas HIGHLY SENSITIVE USERS do not use these apps unless approved is an ADMINISTRATIVE CONTROL.

It is important to keep in mind that RISK MANAGEMENT and RISK MITIGATION is a multidimensional and multifaceted approach, so VULNERABILITIES must be viewed in context to the THREAT and CRITICALITY; and RISK MITIGATION must be viewed in terms of RISK and the "best" combination of controls (ADMIN, TECH, PHYSICAL) based on RISK (and this implies budget as well).

Cheers.
The Following User Says Thank You to Neo For This Useful Post:
Don Cragun (01-18-2018)
Sponsored Links
    #9  
Old 01-20-2018
wisecracker's Unix or Linux Image
wisecracker wisecracker is online now
Registered User
 
Join Date: Jan 2013
Last Activity: 21 July 2018, 4:49 PM EDT
Location: Loughborough
Posts: 1,298
Thanks: 388
Thanked 353 Times in 278 Posts
Hi RuciC...

Not sure if this is relevant to you or this thread but we dealt with EADS several years ago and they tore Skype apart for its obfuscation and untrustworthy code:

https://www.ossir.org/windows/suppor...rice_Skype.pdf

There are small snippets of 32 bit x86 assembly code in there...
The Following User Says Thank You to wisecracker For This Useful Post:
RudiC (01-21-2018)
Sponsored Links
👤 Login to reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Microsoft Powerpoint 2003 stops working after 12 April 2011 Microsoft Updates methyl Windows & DOS: Issues & Discussions 0 04-15-2011 02:58 AM
Identification of data calls & voice calls pcsaji IP Networking 0 07-25-2006 05:32 AM



All times are GMT -4. The time now is 04:52 PM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
×
UNIX.COM Login
Username:
Password:  
Show Password





Not a Forum Member?
Forgot Password?