The ISPs hate VoIP because it sucks up bandwidth, telcos hate it because it’s a mortal threat to their business model, and companies that sell network hardware and traffic analysis\/shaping technology are out to make a buck by throttling it for The Powers That Be. In a recent Wired article, Bruce Schneier highlights a threat to VoIP that I rarely see considered in news coverage of technology: call endpoints are vulnerable to local, PC-level compromise, and VoIP network traffic is vulnerable to everyone from the feds to criminals. Internet telephony’s threat model is much closer to the threat model for IP-networked computers than the threat model for telephony.<\/p>\n","protected":false},"excerpt":{"rendered":"
They can be eavesdropped on by the people or organizations that own those computers, and they can be eavesdropped on by anyone who has successfully hacked into those computers. Do you want your competitors in on your conference calls?<\/p>\n
Ultimately, Schneier concludes that the solution is twofold: encrypted VoIP and secure computers at the endpoints.<\/p>\n
My first reaction to Schneier’s conclusions was, “We all want more secure operating systems, and for more than just VoIP.” My second reaction, though, is that the inherent insecurities of VoIP will eventually be addressed by the market once there’s enough demand.<\/p>\n
http:\/\/arstechnica.com\/news.ars\/post\/20060407-6552.html<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-752","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/752","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=752"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/752\/revisions"}],"predecessor-version":[{"id":3239,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/752\/revisions\/3239"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=752"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=752"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=752"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}