Microsoft Outlook Support

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Monday, 14 September 2009

Toll-Free PBX hack highlights need for code auditing

Posted on 09:59 by Unknown

Toll-Free PBX hack highlights need for code auditing says Fortify

September 2009 (Eskenzi PR) - Reports that a North Carolina business has been left with a $2,500 phone bill after phone phreakers hacked its PBX via the firm's toll-free (freephone) number shows the danger of failing to audit all aspects of a systems' software, says Fortify, the application vulnerability specialist.

"What this case shows is that, although the PBX supplier may have verified the security of the front line telephony interface on its PBX systems software, the hackers were able to break in via the side door effectively offered by the toll-free number," said Richard Kirk, Fortify's European Director.

"This is because a growing number of toll-free service providers support access to the direct dial inwards (DDI) numbers seen on the PBX systems of small-to-mid-sized enterprises," he added.

And, says Kirk, since these DDI numbers are mapped directly on to PBX extensions, the security levels on this side door method of access is often a lot less than the front door, the firm's main telephone number.

Of course, he explained, what makes matters worse about this hack is that the firm ended up paying for the hackers' incoming calls to its toll-free number, as well as the subsequent calls to foreign destinations.

According to the Fortify Director, the case proves that hackers can - and will - exploit the weakest link in the security of any public-facing computer system, whether that system if it is Internet or telephone network-facing.

"It's therefore vitally important for any code developers working on such a system, whether it's PBX systems software, or an e-commerce application, to secure the side door entrances, as well as the front entrance," he said.

"Just because the side door is not directly accessible at the moment, does not mean it won't become accessible at some time in the future, as new features and services are added to the software. Code auditing requires the use of lateral thinking in this regard," he added.

For more on the toll-free PBX hack: http://preview.tinyurl.com/mo876o

For more on Fortify Software: http://www.fortify.com

<>

Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • DDoS-Attacks disable many shopping websites, including Amazon
    Just in time for last minute Christmas shopping major shopping sites disabled by Michael Smith (Veshengro) London, December 26, 2009: An...
  • Open Source Software in Business & Government
    by Michael Smith (Veshengro) Lots of Open Source in use in mainland Europe, including EU member states, very little in the UK and less still...
  • Cyber-Ark Expands RSA Secured Partner Program Certification Status
    Cyber-Ark Privileged Identity Management Suite, Inter-Business Vault and Sensitive Document Vault Now Formally Interoperable with RSA enVisi...
  • Infosecurity Adviser applauds forensics lab training facilities at key UK university
    London, UK. May 2009: Infosecurity Adviser, Infosecurity Europe’s online community for the information security industry, has published a r...
  • Scientific company discusses simultaneously protecting applications and data
    Simultaneously protecting applications and data: The next evolution in security? September 2009 (Eskenzi PR) – In a recent Imperva podcast...
  • TUFIN TECHNOLOGIES WINS the PRESTIGIOUS 2010 Computing Security Award for ‘Best bench tested solution of the Year’
    Network Computing and Computing Security Magazine Editors Select Tufin’s SecureChange Workflow as the Top Product Reviewed in 2010 Londo...
  • Brocade Service Could Help Reduce Billions in Data Centre Operations Costs
    New Energy Efficiency Review provides holistic assessment and remedial strategies to help companies optimise efficiency and reduce costs Ene...
  • Infosecurity Europe 2011 Hall of Fame nominations now open
    London UK, February  2011 – The time is ripe to elevate the greatest movers and shakers in the world of information security as nominations ...
  • Tufin survey reveals the truth about fudging audits, IT cost cutting and buying equipment online
    Ramat Gan, Israel – May 27, 2009 – Tufin Technologies today announced the results of its “Reality Bytes” security survey. The survey parti...
  • ISACA’s EuroCACS Conference Demystifies the Cloud
    Event for IT Professionals Will Take Place 20-23 March, Manchester London, England, (8 th March 2011)— Global business and information ...

Categories

  • ASUS
  • AVG Link Scanner
  • BeCrypt
  • book review
  • Brocade
  • Codenomicon
  • Columbian USB stick loss
  • computer recycling
  • Conficker worm
  • Credant Technologies
  • cyber crime
  • Cyber-Ark
  • Cyber-Ark®
  • Data Center
  • data encryption
  • DeviceLock
  • Digital Pathways
  • diskGenie
  • Eclypt
  • Eee PC
  • Eee PC Seashell 1008HA
  • F5 Networks
  • Facebook
  • Finjan
  • Finjan Inc.
  • Finjan MCRC
  • Firewall Management
  • Fortify
  • Fortify 360
  • Fortify Software
  • Fortify® Software
  • gadgets
  • Google
  • Google Chrome
  • green computing
  • green IT
  • IBM
  • Infosec
  • Infosec Europe 2009
  • Infosecurity Adviser
  • Infosecurity Europe
  • Infosecurity Europe 2009
  • Internet privacy
  • iStorage
  • iStorage diskGenie
  • iStorage Ltd.
  • Juniper Networks
  • Lakeland
  • Lapdesk
  • LLC
  • Logitech
  • malware
  • ManageEngine
  • McAfee International Ltd
  • MI6
  • MI6 data loss
  • Microsoft
  • MiFi™ 2352
  • Mio
  • Mobile Broadband
  • MS Office
  • National Cybersecurity Advisor
  • Navman
  • Navman Spirit
  • Netac
  • Novatel
  • Novatel Wireless Intelligent Mobile Hotspot 2352
  • OneClick IntelliPanel Desktop
  • online social media
  • open source
  • OpenOffice.org
  • Optenet
  • Origin Data Locker
  • Origin Storage
  • PNDs
  • product review
  • Red
  • SaaS
  • Sat Nav
  • saving energy
  • Security
  • Shavlik Technologies
  • SIS
  • spam
  • Stonewood Group
  • Storage Area Networks
  • Storage Expo
  • Storage Expo 2009
  • Sun Microsystems
  • Swine Flu
  • Syphan Technologies
  • Throwing Sheep in the Boardroom
  • Tufin Technologies
  • Twitter
  • U256
  • Unisys Security Index
  • USB drives
  • Vektor
  • VisionRacer
  • VisionRacer VR3
  • VMware
  • Weast
  • Web Apps Security
  • WebFilter PC Solution
  • WebSpy
  • XSS-driven attacks

Blog Archive

  • ►  2012 (1)
    • ►  January (1)
  • ►  2011 (67)
    • ►  December (1)
    • ►  April (1)
    • ►  March (14)
    • ►  February (30)
    • ►  January (21)
  • ►  2010 (192)
    • ►  December (20)
    • ►  November (22)
    • ►  October (19)
    • ►  September (5)
    • ►  August (8)
    • ►  July (5)
    • ►  June (22)
    • ►  May (13)
    • ►  April (11)
    • ►  March (13)
    • ►  February (27)
    • ►  January (27)
  • ▼  2009 (240)
    • ►  December (25)
    • ►  November (9)
    • ►  October (21)
    • ▼  September (19)
      • Five Best Practices for Mitigating Insider Breaches
      • Encryption is the equivalent of a seat belt for data
      • Scientific company discusses simultaneously protec...
      • UK firms need to tighten up on Web app security
      • Storage Expo - free advice on cloud issues from Go...
      • DeviceLock host Webinar on securing businesses aga...
      • Bye Bye Baby
      • Toll-Free PBX hack highlights need for code auditing
      • Could your mobile device land your CEO in court?
      • Cyber-Ark Launches latest Privileged Identity Mana...
      • Hard disks will be boosted by Intel's Braidwood
      • Imperva says new SQL injection attacks from China ...
      • Increase in Cyber Criminals Targeting SMBs Online ...
      • HACKERS SAY TAKE SUMMER OFF BEFORE THE WINTER SPIKE
      • Hammer to Distribute Data Locker Encrypted Disk Drive
      • Finjan Welcomes Initiatives for Public Disclosure ...
      • Social Networking Poll Shows Users More Vulnerable...
      • Blogger asks CPS to 'take one for the team' in Gar...
      • RSA® Conference Europe 2009 Launches Registration ...
    • ►  August (30)
    • ►  July (35)
    • ►  June (30)
    • ►  May (21)
    • ►  April (42)
    • ►  March (8)
Powered by Blogger.

About Me

Unknown
View my complete profile