Security specialist Symantec said some of its source code has been stolen by hackers and exposed, but said it was unsure if the security breech would impact "the functionality or security of Symantec's solutions."

Code for the company's Norton anti-virus software wasn't compromised, the company said, but two older products, Endpoint Protection 11.0 and Symantec Anti-Virus 10.2, were affected.

The company said the code was stolen from a third-party, not from its own network.

Industry experts said that because the code was from older products, "it is likely it has evolved quite a bit."

"That said, if there are any core functions that have not evolved, then hackers could take a look at Symantec's source code and find ways to manipulate it," added Robert Rachwald, director of security strategy at Imperva, an Internet security company.

Symantic's Endpoint Protection is four years old, the company said. It's designed to keep outbound data from being leaked. It has undergone regular updating. Symantec Anti-virus 10.2 was five years old and has been discontinued, although it's still supported by the company.

For more:
- see this New York Times article

Related articles:
Huawei's $530M buyout of JV with Symantec sparks security worries
Security a top concern as companies approach cloud computing warily

No Jitter asks a few 'What ifs' about the security of your data network. How do you analyze your voice data for security weaknesses without degrading the QoS? This article disccusses the issues.

 

As part of the EB Tough VoIP product portfolio, the EB Tough VoIP Field Phone and Desktop Phone can be seamlessly integrated to customers' existing communications infrastructure. Their rugged design enhances their ability to provide reliable VoIP services when faced with demanding conditions, enabling militaries to gain new and improved operational capabilities. These cutting-edge products come equipped with the flexibility required to meet different customer-specific requirements.

EB Tough VoIP Field Phone comes with an integrated speaker, Ethernet and SHDSL connectivity. The phone enables several innovative applications, including:

·          Greater levels of voice and broadband services in the field

·          Streaming video, maps, real-time data, and situational awareness

·          Local Ethernet connection for other devices

EB Tough VoIP Desktop Phone is equipped with an integrated speaker and Ethernet connectivity providing:

·          Voice services for command post and vehicular use

·          Design allows for the solution to be wall-mounted in vehicles

"Understanding the importance for militaries to utilize broadband services over existing communications infrastructure, we designed these new phones in order to meet those demands and strengthen operational capability," said Mikko Viitaniemi, senior manager, Wireless Solutions, EB. "These products further exhibit EB's ability to develop robust products for the defense industry, and engineer the most dynamic solutions that promote next-generation communications for militaries."

Eurosatory is a defense industry trade show held every two years in Paris and is organized in partnership with the French Ministry of Defense. The show attracts global industry leaders and experts throughout the defense and security sectors.

For meeting requests with EB at Eurosatory 2010, please contact Mikko Viitaniemi, tel. +358 40 344 2579. For more information about EB Tough VoIP products, visit: www.elektrobit.com

No Jitter has an interview regarding unified communications (UC) security and the attacks some companies find themselves combatting. Interview

Just the facts, M'am. The FBI is seeing more denial of service attacks on VoIP, so best to be careful when securing your VoIP network. Luckily, we spolighted Sipera in today's issue and NoJitter has some more info on VoIP security. Article

• Unveiling secure Unified Communications on the iPhone, extending private, controlled and compliant IP-based UC from the enterprise to employees in any location using the Sipera SLiC secure smartphone UC solution. Sipera SLiC already supports leading smartphones and secures the mobile UC traffic of thousands of enterprise employees in countries around the world.
• Demonstrating compliant and secure enterprise Video Conferencing for teleworkers and the distributed virtual enterprise. Demonstrations will showcase methods to avoid common service disruption risks, prevent security violations and ensure communications compliance.
• Securing enterprise Instant Messaging, to satisfy privacy and security mandates, which is critical for users in healthcare, financial services, and other industries handling large quantities of real-time and historic sensitive information.

Pena appeared in US District Court in New Jersey on Wednesday and pleaded guilty to wire fraud and conspiracy to commit wire fraud and unauthorized access to a protected computer. He faces a maximum of 25 years in federal prison and fines of at least $500,000 at sentencing, which is scheduled for May 14.

Pena and cohort Robert Moore were arrested in June 2006 and accused of carrying out an elaborate scheme that routed more than 10 million minutes of VoIP calls over the networks of a dozen or so telecommunications providers without their permission. They breached the networks by using brute-force attacks that deduced the security telephone prefixes needed to gain access.

Click Here to Continue Reading

 

"The certification makes the vIPer Phone with PSTN Connect a cost-effective solution as users will no longer have support and maintenance of their legacy Secure Telephone Units or STU-IIIs," said John Cole, vice president of Information Assurance for General Dynamics C4 Systems. "PSTN and VoIP network flexibility, combined with the vIPer Phone's interoperability with the government's Secure Terminal Equipment (STE), also enables customers to easily transition to the latest technology."

Introduced in 2006, the Sectera vIPer Phone remains the only Voice over IP Phone certified by the NSA to protect voice communications classified Top Secret and below over commercial, wired VoIP networks. As military and government organizations plan for evolving technology and the replacement of end-of-life STU-III phones, General Dynamics is offering a price discount of $200 for each vIPer Phone ordered to replace a deployed STU-III or STE phone.

General Dynamics C4 Systems is a leading integrator of secure communication and information systems and technology.

General Dynamics, headquartered in Falls Church, Va., employs approximately 92,300 people worldwide. The company is a market leader in business aviation; land and expeditionary combat systems, armaments and munitions; shipbuilding and marine systems; and information systems and technologies. More information about General Dynamics is available online at www.gd.com.

Peter Saint-Andre blogs about Jabber’s 11th anniversary and what the focus will be for the XMPP community during 2010. Here’s his list:

• End-to-end encryption
• Finalizing Jingle-based file transfer
• Multi-user Jingle for voice conferencing and the like
• Distributing chat rooms across servers
• Bridging between serverless mode and server mode (very useful in distressed networks)
• Reputation systems for XMPP servers and users

All of these issues are important. End-to-end encryption is something that the SIP community should spend more time trying to handle and I can only wish for some cooperation between SIP and XMPP in trying to find a security architecture for end-to-end communication - involving both encryption and authentication.

© Edvina AB, Sollentuna, Sweden 2010 VoIP-Forum. All Rights Reserved.

• Extend UC and VoIP to smartphones while ensuring privacy and security compliance by seamlessly extending the enterprise security perimeter to these devices.
• Securely enable office phone functionality on smartphones, such as interoffice extension dialing, no matter where the employee is using the smartphone.
• Offload cellular minutes to VoIP for dramatic savings, while maintaining confidentiality of mission-critical communications. This enables fully secure utilization of VoIP with dual-mode mobile phones.
• For the first time ever, use Two-Factor Authentication with smartphone VoIP for enhanced access control.
• Block threats that result in data leakage, toll fraud and a host of other security risks.
• Enforce control on incoming voice spam with a one-click option on the phone to black list calls.
• Easily manage and enforce the enterprise communications security posture on any device in any place, both inside and outside the enterprise border.

• Automatically authenticates the smartphone back into the enterprise PBX or call manager.
• Ensures encryption of IP-based communications.
• Enforces security policies in real-time.
• Blocks threats or blacklisted callers.

• Sipera's award-winning UC-Sec security appliance, deployed in the enterprise VoIP or UC network and providing encryption, access control and authentication, policy enforcement, and threat mitigation.
• Integration and interoperability of UC-Sec with the enterprise's smartphones, which could be complemented by the Sipera SLiC Client, available for leading smartphone operating systems.

Business Process Outsourcing provider Scicom Americas announced that Cross Telecom and Sipera will provide Unified Communications security appliances and SIP trunk termination for its distributed call center services. Offering outsourced, distributed call center services to Fortune 500 and other large enterprise clients, Scicom has deployed Avaya's UC and VoIP technologies. Working with telecom integrator Cross Telecom, Scicom will leverage Sipera's UC-Sec appliances to provide security and SIP trunk termination for its distributed call centers. 

Sipera's UC-Sec security appliance provides VoIP and UC security on multiple levels, including privacy (encryption), access control, threat mitigation, and security policy enforcement. By leveraging the added security features of Sipera's UC security appliance, Scicom's clients will be able to meet specialized security requirements, such as PCI DSS (credit cards), HIPAA (healthcare privacy), GLBA (consumer data protection), and FERPA (student record privacy).

"Our clients can rest assured that their mission-critical call center communications handled by Scicom are secure," said Ramesh Ariyanayakam, Chief Operating Officer, Scicom Americas in a press release. "We chose to work with Sipera because its innovative VoIP and Unified Communications security solutions enable our clients to rely on us to safeguard their communications."  

For more:
- see the press release here

Related articles
Sipera targets VoIP toll fraud
Sipera partner network arms resellers with comprehensive UC and VoIP security

Sipera Systems, a unified communications security provider, announced that it is deploying Empirix's Hammer VoIP testing solution to develop VoIP and UC security solution. Sipera said it will use Hammer to discover, prioritize and correct issues with VoIP and UC systems prior to deployment, reducing cost of ownership for the VoIP system.

Empirix's solution supports a wide range of signaling protocols, including UDP, TCP and TLS, which Sipera said allows it to seamlessly test networks using multiple protocols. The Hammer solution is designed to mimic actual end user behavior and devices on voice networks and applications, providing insight into how the network will operate under different use conditions, according to Empirix.

For more:
- see the press release here 

Related articles
Sipera targets VoIP toll fraud
Empirix adds 'pay as you go' testing for contact centers

The three indicted in the U.S. are charged with conspiracy to commit wire fraud, unauthorized access to computers and other charges, according to U.S. attorney Ralph J. Marra, Jr.

"The hackers we've charged enabled their conspirators in Italy and elsewhere to steal large amounts of telecommunications capacity, which could then be used to further or finance just about any sort of nefarious activity here or overseas," Marra said.

Pakistani nationals in Italy used the stolen codes to offer cheap calls to their clients on the PBXs of commercial companies in the United States, Australia and Europe.

Some of the profits from the scam were used to finance the activities of Islamist extremists in Pakistan and Afghanistan, Italian officials said, according to the IDG News report.

Marra said the hackers dialed into the PBXs and used a process known as a brute force attack to hit vulnerable points of the PBX systems.

Source: IDG News Service

• Will help the readers to understand the actual problems of using and developing VoIP services, and to distinguish between real problems and the general hype of VoIP security
• Discusses key aspects of SIP security including authentication, integrity, confidentiality, non-repudiation and signalling
• Assesses the real security issues facing users of SIP, and details the latest theoretical and practical solutions to SIP Security issues
• Covers secure SIP access, inter-provider secure communication, media security, security of the IMS infrastructures as well as VoIP services

Tone Commander has introduced the industry’s first TSG-6 SIP-compliant phone. In addition, it announced that the National Telecommunications Security Working Group (NTSWG) has approved the device for government and military use.

The NTSWG, formerly known as the Telecommunications Security Group (TSG), is a Joint Working Group of the Committee on National Security Systems (CNSS), which was established under EO 13231 to protect National Security Systems. The TSG issued "standards" as the primary technical and policy resource for all aspects of the Technical Surveillance Countermeasures (TSCM) Program within the U.S. Intelligence Community. TSG Standard 6 (Updated January 2005) is a compilation of TSG-approved telephone security equipment. These items have been specifically evaluated by the NTSWG for security effectiveness.

The 7810 TSG-6 IP phone enables integration wherever IP networks are available and provides security and encryption options for customers who require ultra-secure communications. For example, it offers RTP voice encryption (AES-128) and TLS signaling encryption included in FIPS 140-2 approved algorithms. It also offers DoD features specified in DISN RTS GSR (Defense Information Systems Network, Real Time Services, Generic Systems Requirements) as well as multilevel precedence and preemption, providing barge-in capabilities for high-priority calls.

The Tone Commander 7810 TSG-6 IP phone is Class-A compliant and can be used in Sensitive Compartmented Information Facilities (SCIF) areas without any other equipment for on-hook security. Special positive metallic-disconnect circuitry is built in to guarantee that no unintended microphonic audio signals are produced on any wires leaving the phone. Moreover, additional built-in circuitry completely disconnects the phone from the network when power is removed.

Tone Commander’s 7810 TSG-6 IP phone is priced at $880.50 for retail or $599 for GSA eligible customers.

Source: Phone Plus Mag

The PBX Gateway also enables encrypted voice calls between landline locations that have PBX Gateway installed; for instance between offices in different locations.

Cellcrypt technology is currently undergoing certification to the FIPS 140-2 standard approved by the US National Institute of Standard (NIST).

“Organisations spend significant amounts of effort and budget securing their data but until now have not had a viable solution for voice data,” said Simon Bransfield-Garth, CEO at Cellcrypt. “While traditional secure voice solutions have provided poor call quality and fail across most international boundaries, Cellcrypt offers unparalleled voice quality, government-specification security and global coverage never before experienced, all using standard smartphone and PBX technology.”

Source: Cellular News

• Identify and defend against VoIP security attacks such as eavesdropping, audio injection, caller ID spoofing, and VoIP phishing
• Audit VoIP network security and assess the security of enterprise-level VoIP networks such as Cisco, Avaya, and Asterisk and home implementations like Yahoo! and Vonage
• Use VoIP protocols like H.323, SIP, RTP, and IAX
• Locate potential vulnerabilities in any VoIP network
• Use both existing and newly released VoIP security tools