Nickname: Rob Welbourn

Review: The VoIP fraud allegedly perpetrated by Pena on "NTP" (not a front company, incidentally, but the victim) and as many as 14 other VoIP companies could have been easily prevented using the type of VoIP firewall available from Covergence, Sipera and others, as Sarah Lacy describes. The failures were that (a) the sources of the traffic were not adequately authenticated, and (b) no alarm bells rang when a large number of failed attempts were made to find a valid customer prefix. (The prefix is akin to a PIN, used to identify the company to bill for the calls.) These are basic VoIP security measures that should be put in place by all organizations, whether service providers or enterprises, when sending or receiving VoIP traffic to or from business partners. The consequences of not doing so are not just falling victim to fraud. It opens the doors to sundry types of mischief, such as impersonation or anonymous harrassment, that can result when the source of a call is faked.

Date reviewed: Jun 15, 2006 10:09 PM

Nickname: Jason Askin

Review: Good article. However, I got rid of my VoIP phone when I learned that Vonage couldn't connect my call to my local 911 operator. You should do an article on the potential danger to public safety that some of these VoIP services may cause. Advice -- keep your VoIP for long distance and hold your wired or wireless phone close by for personal safety.

Date reviewed: Jun 14, 2006 1:19 PM

Nickname: giev

Review: This article is pure FUD! The main point of the author is that using the VoIP client software will introduce security "holes." Hello! This is already happening every day with Microsoft Windows! Did people stop using it? No. It's become (by far) the one and only operating system for the PC! Microsoft keeps posting security updates and that's it! Dear Lacy, Microsoft Outlook has a tremendous amount of security holes. Did that stop you from using it?

Date reviewed: Jun 14, 2006 7:50 AM

Nickname: VoIPPerson

Review: There is a simple name for this. Irresponsible reporting. Not that this is any less common than spam, but it's irritating. Yes, people will probably abuse VoIP (and already are, actually), but you could just as easily write, "A comet will hit the earth someday!". So? VoiP is still an amazing technology that is NO LESS secure than your home phone. Did you get rid of that when telemarketers were calling you in the 1980s and 1990s?

Date reviewed: Jun 13, 2006 8:27 PM

Nickname: MrWiMAX

Review: Very nice article. Though the threats are "theoretical" and may well be interpreted as FUD - VoIP is here to stay and expand tremendously. It's important that we address this problem now. There are key solutions for email spam, however they are too difficult to implement for various reasons.

Date reviewed: Jun 13, 2006 8:18 PM

Nickname: emania

Review: While the Skype client (software) may be stable, it doesn't stop someone from putting a wrapper around it, making it look like Skype, and distributing it....it may look and quack like a duck, but it is really a horse. This is less of a problem with the embedded Vonage firmware - and authentication to get onto their back-end network - although you would think their softphone may be susceptible.

Date reviewed: Jun 13, 2006 6:56 PM

Nickname: Dan York

Review: As I wrote on the VoIP Security Alliance weblog (http://www.voipsa.org/blog/ ) this morning, I think it is important to differentiate between VoIP systems used within a corporate enterprise and those used at the service provider level to connect enterprises to the PSTN or to each other. Security requirements - and the vendors involved - are different at each level. It is also important to point out that secure VoIP solutions *are* available today from many vendors. If you are a business considering VoIP, either for your internal phone system or as a connection out to the PSTN, you definitely should ask your vendor how they address VoIP security concerns. The good news is that there *are* solutions out there for you. Dan York Best Practices Chair VoIP Security Alliance www.voipsa.org

Date reviewed: Jun 13, 2006 6:05 PM

Nickname: Vonage user

Review: This story seems like its intent is to strike up fear and uncertainty amoung those contemplating VoIP adoption. In fact, the risks mentioned in the article aren't really dependent on whether you use VoIP or a traditional carrier at all. Now that cheap and even free phone calls are widely available to anyone, phone based spam, phishing and other types of fraud are sure to increase. But don't make the mistake of believing that a conventional phone line will make you any more safe from these threats than a VoIP line. There's nothing that prevents fraudsters and spammers from using cheap VoIP access (such as Skype) to call traditional telco customers. In fact, potential fraudsters can't even tell if the line they're calling is VoIP or conventional.

Date reviewed: Jun 13, 2006 5:50 PM

Nickname: Roger

Review: "Still mostly theoretical" is the very key phrase in this article. This is FUD.

Date reviewed: Jun 13, 2006 5:48 PM

Nickname: MIchael Tindall

Review: Interesting statements regarding the security of the TDM network. I would submit that the Traditional Telephone Network is the most insecure network in existence. What's to stop a would-be hacker from plugging a butt set on to a pair on your street and listening to or placing calls? Granted, it's not scaleable to do this for the purposes of hacking or distributing mass e-mails, but my point is made. Second, I'd like to address the notion that VoIP is enabling voice mail spamming. This is simply not the case. While it does aggregate a larger number of users, what's keeping hackers from doing this today with traditional telephony systems? It would be quite simple to obtain the numbers of many fortune 500 compaines and do this today. I can only assume that this article implies that hackers would somehow hack the unified messaging systems currently in use by most VoIP providers today in order to convert voice mail to e-mail for consumer convenience.

Date reviewed: Jun 13, 2006 4:32 PM