Security: Lack of response from customercare...

Posts: 126 · Posted: Sat Mar 26, 2005 3:43 am Post subject:

Man, for being a Vonage rep on this forum, you sure do seem to follow suit with the rest of customer service. You state that "why bang your head against a wall if you are getting no response from the company." You don't offer to look into anything, and you don't try to offer some peace of mind to the individuals that have these concerns.

Ever since my number transfer went through, I have had small issues with my Vonage service but not as before. I am content at this point. But to just flat out acknowledge that your company doesn't return emails/phone calls, I mean come on. Do you not acknowledge that if these are concerns of Vonage customers that maybe it should at LEAST be looked into? I do not share this same concern at all, but I mean to just shoot it down is not very customer service friendly. Vonage should at least address the concerns of the people that are helping them make money hand over fist. Without the customers, you wouldn't be workin there. Customer concerns should not be thrown in the back room on the shelf somewhere. There should be someone/group of engineers at least looking into it. My shiny 2 cents worth.

Posts: 482 · Posted: Sat Mar 26, 2005 3:25 pm Post subject:

SaltAquatics wrote:

You don't offer to look into anything, and you don't try to offer some peace of mind to the individuals that have these concerns.

But to just flat out acknowledge that your company doesn't return emails/phone calls, I mean come on.

In all fairness, what is a support rep going to do? You think he's got the power to change anything there? He can't even modify your call waiting settings without getting in trouble. Cut him some slack.

And I don't think "why bang your head against the wall" meant that no emails ever get answered...although it certainly appears that way sometimes...but rather it was meant to address this security concern, and he was saying basically it's not going to change in the forseeable future, so either accept it or cancel Vonage. And if that's what he meant, then I think just about everyone would have to agree with that.

Posts: 3198 · Posted: Sat Mar 26, 2005 4:15 pm Post subject:

ToddlerTN wrote:

He can't even modify your call waiting settings without getting in trouble.

still curious about this.

http://www.vonage-forum.com/ftopic4567.html
http://www.vonage-forum.com/ftopic4035.html

Posts: 11 · Vonage Forum Associate Joined: Feb 14, 2005 Posts: 11

its alot easier to do the butt set thing (no climbing poles necessary) then to sneak in a sniffer.

I'd like to hear your theory as to why this is less secure then an ordinary co line!

Posts: 482 · Posted: Sat Mar 26, 2005 4:54 pm Post subject:

Ahh, sorry, just noticed your question in the second thread you posted. I answered it there, so continue the discussion on the call waiting topic in that thread if you care to.

Posts: 14 · Vonage Forum Associate Joined: Mar 14, 2005 Posts: 14

troth wrote:

its alot easier to do the butt set thing (no climbing poles necessary) then to sneak in a sniffer.

I'd like to hear your theory as to why this is less secure then an ordinary co line!

I agree. This topic is not an issue IMO at this point in time. It is much easier to tap a land line (any 15 year old with aligator clips can do it) than spend all that time capturing packets just to hear some kids birthday call to granny. This might be a problem when 50 percent or more of the civilized world is using Voip.

Posts: 24 · Vonage Forum Associate Joined: Aug 02, 2004 Posts: 24

talkisfree wrote:

So there is no more confusion among cool cocumbers here , no one cares about "yap yap" over the the unsecured phone, you are right. The security concerns are primarily for credit card and personal data transcations via unsecure Voip service.

Things usually don't get better till you demand better. This is from today's top news stories:

Scam Artists Dial for Dollars on Internet Phones

Sun Mar 20, 9:40 AM ET Technology - Reuters
By Andy Sullivan

WASHINGTON (Reuters) - Internet phone services have drawn millions of users looking for rock-bottom rates. Now they're also attracting identity thieves looking to turn stolen credit cards into cash.

Some Internet phone services allow scam artists to make it appear that they are calling from another phone number -- a useful trick that enables them to drain credit accounts and pose as banks or other trusted authorities, online fraud experts say.

Either you didn't read the article, or ???. The article was about using Voip in conjunction with caller ID spoofing in order to get information from other people. PEOPLE NOT NECESSARILY using Voip.

Like calling up some idiot and having his cid showing 'citibank' and saying, 'Hi this is bill from citibank. We need to confirm your card number and expiration date- could you read them to me'.

What exactly does this have to do with the topic at hand?

Posts: 24 · Vonage Forum Associate Joined: Aug 02, 2004 Posts: 24

troth wrote:

its alot easier to do the butt set thing (no climbing poles necessary) then to sneak in a sniffer.

I'd like to hear your theory as to why this is less secure then an ordinary co line!

Absolutely! I've got a pedestal in my back yard. If I was so inclined, I could go out there and listen in on all my neighbors. Should they stop using the phone?

If you're worried about credit cards numbers being stolen- as someone else pointed out, do you give your card to store/restaurant personel? There have been more than a few times that waiters, cashiers and the like have stolen numbers and used them. Do you follow them to the machine and back 'just to make sure'?

Yes, there are vulnerablities in Voip. As there are vulnerabliities in life.

Posts: 36 · Posted: Sun Mar 27, 2005 1:21 pm Post subject:

GardRailz wrote:

That's where you're mistaken, if Vonage is your only service, or you mistakenly communicate credit card or other privacy-act information via it's service. Yes, there's a lot of data that is sent, but depending on the amount of conversation that happens, one minute of conversation is ~ 1MB of raw captured data. With hard-disk storage technology and compression, hundreds of minutes of conversation can be captured and reviewed at a later date.

Better yet, it could be triggered based on the phone call... if you call your bank, someone could kick off an automated capture and gather information about your banking habits, or what not.

What if you call a company to order PC parts, or other equipment via the phone. You have to provide a method of payment which typically includes a credit card number, expiration date, and potentially the code on the back of the credit card (the security number).

With all that information, and the ability to actually play back your voice providing that information, who is to stop individuals from making fraudulent purchases with your financial data?

Why do you think banks require https encryption for that data, should not voice communications go through the same process? I do this for a living, I know what I'm talking about. I'm not taking this personally, I'm just trying to make sure people are aware of the dangers associated with unencrypted data communications.

Heck I can demonstrate how easy it is to capture conversations, or decode AIM messages, or even to show you how easy it is to decode your webpages you surf and display them via a simple perl script, and tcpdump (or other libpcap compatable capture program).

This is a serious matter that Vonage needs to consider if they want to continue to grow, and compete with traditional telephone service.

First of all, who in their wrong mind would try to capture your credit card numbers from a phone conversation?
Of all phone conversations available from the net what percentage would contain CREDIT card info? Hit and miss...more miss than hit.
To further prove this point, the reason credit card fraud is so rampant is more from software that can generate hundreds of thousands of credit card number per hour. any half-witted moron can create this piece of software with no more than 50K of code.
Secondly, the security coding on th ecredit networks is better than it' s ever been, maybe not great, but with AVS and the security code on the back all you need is a diligent merchant and it's foiled.
also take into account someone as paranoid as yourself would have online access to bank accounts as well as credit card accounts. All transactions are protected by the issuing providers and you'd have instant access to all activity plus visa/mc rules give you 3 years to initiate chargebacks on disputed transactions against merchants.

I can go on and on an on.. if you're that paranoid, you own no electronic devices, you have multiple social security numbers, nultiple passports and don't have bank accounts.

Let's get real.
We're as safe as we were before with POTS.
I believe we're safer.

We don't need to scare people with this crap! When the internet was new, ECOMMERCE was dampened by horror stories of credit card fraud and people taking control of computers from "providers' offices" and hackers etc. Mostly pure trash and non-factual information was passed around and today these 10 year old stories still surface.

Be diligent, but your data is there everywhere.
As soon as I enrolled one child in school, he/she began getting credit card offers. How's this possible? Simple. The information is sold the VERY MINUTE it's created.

I stand by this:

If you want to snoop on me... go ahead. you'll be very disappointed.
I have SUPER POOR credit..so steal my identity! Go Ahead! I dare you!
Listen to my Voip conversations, I have Vonage and PAcket8.
Will you hear anything others don't know? Nope!
Do I have skeletons? Nope!
Do I care? Nope!

I'm not paranoid - just careful.
I'm not important enough to anyone to be chased, snooped, listened to, spyed on etc.
I'm a nobody and proud to be one!

Posts: 23 · Vonage Forum Associate Joined: Mar 07, 2005 Posts: 23

Martlet wrote:

Do any Voip companies encrypt their service? Is it possible? How would that affect QoS?

Skype does it as long as you make skype2skype calls. However, placing a call to PSTN doesn't..