One again we welcome Eric Winsborrow, the Chief Marketing Officer of Sipera Systems. This post is based on an article he originally wrote for SC Magazine in June 2008, and is the first of two parts detailing how a real VoIP exploit can lead to the loss of confidential data....Lawrence.

Can you place a call to someone using VoIP and steal their personal data without even talking to them? Most people would have said “No” until they saw the demonstration at Black Hat 2007, which showed how to remotely exploit a soft phone installed on a Windows laptop and view or steal the personal data stored on that laptop. This means IT security administrators, responsible for keeping tabs on confidential data for privacy and compliance, must pay attention to the risks inherent in VoIP.

Jeff Lewis is back with an update on some VoIP Security Tools....Lawrence

Security professionals will be interested to know that their arsenal of Voice Security testing tools just got a little better. SecureLogix announced on Friday that they have expanded the tool set that was released with their Hacking Exposed: VoIP book. The original tool set has been available on their Hacking Exposed: VoIP website.

Like many other professions, security has its demons. One of which is how do we ensure that the products that we use are trustworthy, or have “assurance.” An emerging method of validating the assurance that is present in a solution made up of many different products is the concept of In Situ Security Testing. This testing is periodically done on the running solution without interrupting the normal state of operation. This approach is ideally suited to the high availability, real-time environment of VoIP and Multimedia solutions, specifically solutions made up of many individual products and components.