[VOIPSEC] Soft Phone Vulnerabilities
Jon Callas
jon at pgpeng.com
Wed Jun 7 15:41:21 CDT 2006
On 7 Jun 2006, at 7:03 AM, Mark Baugher wrote:
> hi Henry,
>
> On Jun 7, 2006, at 6:02 AM, Henry Sinnreich wrote:
>
>>> This is why people worry about Skype being used in the workplace,
>>
>> I am afraid this is just sour grapes. Skype has been attested as
>> being
>> secure,
>
> I think it has been attested by a paid consultant and that there have
> been a number of voices pointing out the failings of this technology
> in the security realm.
>
Well, the paid consultant was Tom Berson, who is not only competent,
but a decent fellow. If you're going to imply that money itself is a
corrupting influence (which I don't think you are), then anyone here
you gets paid for doing VOIP security is not worthy to comment.
I'll also point out that there are "voices" who point out the
failings of other technologies as well, some of which are represented
by people on this list. If we just listen to voices, we won't get
much done.
We should also differentiate between architectural flaws and bugs.
All software has bugs. Bugs, however, can be fixed. I have been to
talks about the failings of VOIP systems that are not Skype, and many
times thought they were just nattering. There's a big difference
between a system having flaws and a system having unfixable flaws.
Those unfixable flaws can be because of architecture, or other poor
design systems, like a non-upgradable ROM.
Jon
--
Jon Callas
CTO, CSO
PGP Corporation Tel: +1 (650) 319-9016
3460 West Bayshore Fax: +1 (650) 319-9001
Palo Alto, CA 94303 PGP: ed15 5bdf cd41 adfc 00f3
USA 28b6 52bf 5a46 bc98 e63d
More information about the Voipsec
mailing list