Security: Lack of response from customercare...

Posts: 90 · Vonage Forum Senior Joined: May 05, 2005 Posts: 90

That doesn't include tapping your own conversations.

It is easy to trap packets at one end or the other of a conversation. So for the sender (you) or the receiver to "intercept" their own phone calls is like shooting fish in a barrel. I don't think it proves a lot.

Can a third party really tap into your conversation from some other node in the network?

Just asking. You seem to know about this stuff.

If so, why hasn't anyone tried to do this? Why do we not read about this in the paper every day?

My gut reaction is that it is not as easy as you make it out to be. Tapping your own call is easy, as you can access the entire packet stream and also know when the call is being made and know the addresses of the packets.

But I suspect that it would not be as easy for someone elsewhere at some random node on the net.

One would have to trap the packets of data at some node in the stream, correct? And one would have to insure that all packets traveled through that node, right? And you'd have to be looking for particular packets and the right time, too.

Frankly, for $24.99 a month, I'm not too worried about it. I'm not doing anything illegal or that top secret (that isn't already Patent Pending).

And there is darn little anyone could garner from my phone calls that would be worth much.

If you want a total lack of security, an analog POTS line is far easier to tap. Heck, anyone with a couple of bucks can buy the necessary gear at the local spy store. Even a moron with 50 feet of copper and an old dial phone can tap into your network interface box.

Are you sure you are not over-thinking this?

Do you REALLY want to go back to twisted pair? That is more secure? Sorry, but I think you are being alarmist on this issue.

Posts: 90 · Vonage Forum Senior Joined: May 05, 2005 Posts: 90

..the whole "identity theft" thing is far over-stated.

Yea, the local news always leads with it on "sweeps week" because fear sells. And TV news is all about fear-mongering.

But if you READ the details of most identity theft stories, you'll find very few are all that high tech, and most are caused or enabled by the users themselves.

Many are from folks who are "phishing" victims.

Quite a few are frauds perpetrated by the alleged "victim" (they run up their credit cards and then claim "idenity theft").

Most of the theft takes place using quite old fashioned techniques - stealing credit card info from stores or by illegal swipes from insiders, or folks stealing mail (as happened to a friend of mine), or stealing trash.

And in every instance I have read about, the person whose identity was "stolen" was not held liable for one penny of the bogus amounts.

While the security issue is interesting, I think it is a silly reason to cancel your service. You are at far greater risk elsewhere.

Posts: 1 · New Forum Member Joined: May 22, 2005 Posts: 1

As a new Vonage user, I'd like to thank GardRailz (he pulled the plug?) and libove for the education. I know I'm vey late to this discussion. Too bad it degenerated into politics.

My PC was hacked twice years ago. Years later, my home network is now very secure (I think).

Back then, someone pushed Back Orifice Server onto my machine; they were able to rummage my PC's hard drive at will. I eventually found some tools, and used visualroute to trace the attacking IP to Russia!

On another note, I recently did a 10 mile wardrive in San Diego. Of 500 wireless networks, only half even had WEP enabled.

It would be very easy to push a simple packet sniffer / client app onto PCs in these unsecured networks to report the protocol types being used. If Voip is being used, it can be compromised along with everything else on the network. This is just an elaboration on the scenario GardRailz presented previously. Users who install Voip probably also have wireless devices in their networks too. Put me in the paranoid camp... I'm running 3 routers. The Voip phone is sitting in a DMZ for now.

Smile

Posts: 73 · Posted: Mon May 23, 2005 5:50 am Post subject:

Even though robertplattbell has turned this peticular thread into a political piece of toilet paper, the same security concerns exist.

You touched on a subject that i'd rather not get started on. Open access points is a security vulnerability, but doesnt' necessarily apply to the topic i started. No disrespect intended, and i'm not downplaying your findings... The upstream carriers are of concern when it comes to Voip security.

As far as wireless security goes... 'eh, slap encryption on it. If there are 5 unencrypted access points around you, chances are people will go after the open ones before they go after your network Wink

Posts: 281 · Posted: Mon May 23, 2005 9:22 am Post subject:

seattlezoid wrote:

Maybe Maxwell Smart could loan you "The Cone Of Silence" Very Happy

Seriously, if security is very important to you mabe POTS is better for you.
As Voip is still fairly new, I'm sure that in the future encrypted lines will be avaiable. ( For more $) Lol

Sorry to dissapoint you.. but any operator.. switchman... or kid can listen to your POTS connection.. Yes to do it 'legally' you need to have paperwork in place and such... but just to DO IT.. any switchman can pull up your trunk... any operator can tap into your line... any kid can walk up outside your house at night and plug into the NID outside your home!

Posts: 3198 · Posted: Mon May 23, 2005 9:31 am Post subject:

haha, I did that. even built a weatherproof box I buried that could connect to a nid and vox record.

Posts: 73 · Posted: Mon May 23, 2005 12:23 pm Post subject:

Just because someone can break a window in your house doesn't mean you want to leave the back door unlocked.

That statement sums it up right there.

Posts: 90 · Vonage Forum Senior Joined: May 05, 2005 Posts: 90

Why do you persist in posting when you have already said you have dumped Vonage in favor of POTS? Go Away Then!

Or do you work for Verizon?

I suspect the latter.

Thus "security" BS is overblown.

Again, please point to SPECIFIC EXAMPLES of people hacking Voip or even e-mails.

It don't exist. All this "could happen", "possibly might" and such is utter B.S.

This is a non-issue being blown up into something just to bash Vonage.

If you don't like Vonage - GO BACK TO MA BELL!

Personally, I prefer to save $100 a month on my phone bill. Call me crazy, but I can do a lot with $1200 a year.

Posts: 281 · Posted: Tue May 24, 2005 3:13 pm Post subject:

The only "security" issues I've ever had with Voip are that when I was with broadvoice they gave me my sip password without verifying I was who I said I was.... (needless to say I've since canceled my account.. oh yes... without verification from them BTW!!! eeek!)...

But as far as the DEVICE goes... yeah they really aren't hackable.

Posts: 73 · Posted: Tue May 24, 2005 7:13 pm Post subject:

Everyone else who reads this thread can determine for themselves based on the evidence provided if they are willing to accept the risk.

Quite honestly, your name calling is quite amusing. You truly have no idea what you're talking about and I love it.

I'm a government contractor, and I work with information security. I believe I said that earlier in the post. If it makes you feel better calling me a bell employee, go right ahead. You're only showing how ignorant you really are.