It’s hard to imagine, but roughly 10 years ago as VoIP was being rolled out corporate networkers were quite concerned about the security of VoIP. As we faced a move from voice going over a traditional (and, by the way, unencrypted) network, there was concern
that VoIP would be much too easy to eavesdrop on – especially if it traversed the Internet.
We’ll leave the question of whether “legal intercepts” as a political and civil liberty question. Indeed, virtually any “good” technology can also have a dark side. Nevertheless,
“wiretaps” have been a part of voice communications essentially forever. Sometimes for the good of all. Sometimes not.
And “tapping” a traditional voice call, whether in analog or digital (PCM) format is trivial. Additionally, as discussed in
an excellent interview, “Web Wiretaps Raise Security, Privacy Concerns” on All Things Considered, as cellular technology was rolled out, there were provisions made for “lawful intercept.”
The issue that was discussed by FBI General Counsel Valerie Caproni is that with VoIP solutions – and Web-based VoIP in particular
– the individual conversations can be quite difficult to intercept and decode. Further, while at one time Internet-based voice
conversations were largely limited to “major” applications like Skype, there is rapid and widespread proliferation of “voice chat” capabilities. For instance, you can do a voice chat,
a video chat, or even call an external phone from Gmail. And this only covers voice-like capabilities, and doesn’t include
other messaging.
Interestingly, and in a move that makes sense, the government is not specifying exactly which services need to be modified
so that they can be more easily modified. As pointed out in the above-referenced interview, if the systems that were difficult
to monitor were identified, then this would make it obvious which ones could be best used for less-than-honorable purposes.
The implications for this for the corporate enterprise network are yet to be identified since we’re just on the leading edge
of the issue. But it is clear that we’ve come a long way from the days when VoIP was a “toy.” And the fact that it’s “just
another application” is making the task of lawful intercept even more difficult.
Steve Taylor is president of Distributed Networking Associates and publisher/editor-in-chief of Webtorials. Jim Metzler is vice president of Ashton, Metzler Associates.
While in a local coffee shop waiting to meet a friend recently, a group of people nearby was engaged in a conversation. Now I don’t make it a habit to eavesdrop, but they were so loud you couldn’t help overhearing them. And they clearly weren’t overly concerned that virtually everyone inside was within earshot.
I was especially interested because their conversation was financial in nature. Frankly, it took all my willpower to sit still and keep my mouth shut.
 Their conversation reminded me that too many people are simply not paying attention to financial details the way I believe they should. In other words, when it comes to financial matters, it’s important that you pay attention to more than just the large print.
 One animated gentleman complained that taxes must have been increased in 2010 because his refund was going to be much smaller this year than last year. I obviously didn’t know his personal tax information, but my guess is that he totally forgot what happened to payroll withholdings earlier in 2010.
 They were adjusted lower in an attempt to get dollars into consumers’ hands sooner, with the hopes that additional dollars in the pocketbook would help jumpstart the economy.
 Other than that and the Roth IRA conversion option, the income tax code had no real significant changes last year. I have a feeling a lot of people will be surprised when their tax refund this year is smaller than in years past. More than likely, the reason is they took more money home every pay period.
 Automobile leasing was the other financial topic discussed. I was alarmed at the lack of understanding about how it works. Everyone wants our auto industry to thrive, but I think you need to understand all terms and responsibilities, whether you buy or lease.       Â
 Because leasing is generally more complex than buying and because it’s estimated that nearly 20 percent of new autos driven off the lot this year will be leases, it’s especially important to understand leasing terms.
 The good news is that financing is beginning to loosen up. But that doesn’t mean you should run out and get it just because you can.
 In the coffee shop, the patrons were describing leases as purchases that ended on a predetermined date. In reality, leasing is simply renting a car for a specified period of time, with certain limitations.
 For example, a vehicle may be advertised as $199 for 36 months. But as anyone who has ever leased a car knows, there are penalties for things like damage and excess mileage.
 In the past, many lease prices were based on 12,000 miles per year. These days, many of them are based on 10,500 miles per year.
So, what does it matter? Well, typically, there’s a 15 cents per mile charge for excess mileage.
 If you drove 12,000 miles a year for 3 years, there would be 4,500 excess miles. At 15 cents per mile, you’d be charged an extra $675 at the end of the lease. That’s why understanding all the terms and conditions is so critical.
 So in the future, control your speaking volume at the coffee shop or any public place. And make a commitment to be smart about your finances. That means carefully scrutinize all the fine print and details.
Fax your questions to Ken Morris at 248-952-1848 or e-mail to ken [dot] morris [at] investfinancial [dot] com. Ken is a registered representative of INVEST Financial, member FINRA, SIPC and is Vice-President of the Society for Lifetime Planning in Troy.
A federal judge in Omaha has ordered a woman and her father to pay $120,000 for bugging a teddy bear so they could spy on her ex-husband.
The judge ruled that Dianna Divingnzzo and Sam Divingnzzo violated wiretapping laws from January to June 2008.
Court documents say Dianna Divingnzzo put a recording device inside her daughter’s teddy bear in an attempt to gather information for the divorced couple’s custody case. A state judge has ruled the recordings couldn’t be used in court.
The ex-husband, William Lewton, and five others recorded by the teddy bear filed a federal lawsuit in 2009. A jury trial had been set for April, but the judge granted the plaintiffs’ request for summary judgment. Each was awarded $20,000.
Ashton Kutcher, who traveled to technology conference TED this week, has been punk’d. That’s what happens when you hang out on the same wireless network as a bunch of technology geeks — who probably don’t even need hacking-made-easy-tool Firesheep to eavesdrop on Internet sessions on unencrypted Web pages.
Kutcher’s over six million followers are now going to be aware of Twitter’s lack of security thanks to these two tweets Wednesday night:
The hacker who likely accessed Kutcher’s account through a shared wireless network at TED2011 in Long Beach, California, tweeted, “This account is not secure. Dude, where’s my SSL?” followed by “This is for those young protesters around the world who deserve not to have their Facebook Twitter accounts hacked like this.”
This security problem with Twitter got widespread attention last year, due to the release of Firesheep — a program that made hacking a fellow wireless network user’s account on non-encrypted sites easy. Pressure was put on companies like Facebook and Twitter to make their websites “https” (or encrypted) by default. Facebook has since made it an option for users to enable that feature (though it’s still not a default). Twitter also has a https option, though it’s also not the default.
Back in November 2010 during the Firesheep controversy, Twitter told me: “Protecting users and providing a safe Twitter experience is incredibly important to us. We’re actively exploring avenues for increasing user safety that would address this issue.”
We’ll see if the hacking of a high-profile user’s account makes Twitter explore those avenues more quickly.
Update (March 3): Twitter’s PR account tweeted late Wednesday night, “Users can use Twitter via HTTPS: http://t.co/q84H6K3. We’ve long been working on offering HTTPS as a user setting will share more soon.”
(To avoid @aplusk’s fate, make sure you do your tweeting at https://twitter.com/.)
One of the more common predictions for 2011 among industry-watchers is that smartphone malware will become more common as smartphones grow more popular. But even feature phones are vulnerable to attacks.
Collin Mulliner and Nico Golde – students in the Security in Telecommunications department at the Technische Universitaet Berlin – have demonstrated a so-called “SMS Of Death” attack on feature phones made by LG, Motorola, India-based Micromax Nokia, Samsung and Sony Ericsson that exploits the ability of the SMS protocol to send “binaries” (small programs) to the handset.
Cellcos use this function to remotely change phone settings, but attackers can use it to send malicious messages that can shut down the phones. While the attack requires the attacker to know the type phone someone is using, they can easily send five malicious SMSs targeting the top five handset models in that market and knock large numbers of users off the network, according to Technology Review.
The availability of Web-based bulk SMS services make this kind of attack both cheap and easy, Mulliner says.
Cellcos have two options to prevent such an attack, according to the TR report: update the firmware of existing phones, or filter SMS traffic for malware, the latter of which is tough because SMS filters are designed to block spam, not binaries.
