Hackers Can Now Exploit IP Streams
Please support our Web Development advertiser: Programming Forums
Nov 14th, 2008, 5:57 pm
Isn't anything safe from hackers? Now they've apparently found a way to hack into systems through a media stream, threatening users with denial of service attacks that can bring down servers and desktops alike. The vulnerability was reported yesterday by VoIPshield Laboratories, a security tools maker in Canada.
The flaws were found in Microsoft Office Communications Server 2007, Office Communicator and Windows Live Messenger, which Microsoft said could impact as many as 250 million people. The flaws also affect many other applications and systems that use the Real-time Transport Protocol (RTP), including those from Avaya, Cisco and Nortel, according to the report.
"Securing the media stream is particularly challenging because once the messaging session is established, the flow of packets is not always monitored and managed by the call server," according to a statement from VoIPshield Labs, the research division of VoIPshield Systems. Microsoft is investigating the flaws, it said, but so far has not issued any security advisories or updates.
But denial of service are not the only threats to worry about. Andriy Markov, director of VoIPshield Labs, told TMCnet.com that "many other media stream attacks exist that have more severe implications than service availability. We’re presently validating new research that shows an attacker can gain unauthorized access to an unsuspecting user’s laptop by manipulating the packets of a VoIP phone call. We believe that these attacks can even be made to traverse a PSTN gateway.”
Is this the real world or a Wachowski brothers movie?
The flaws were found in Microsoft Office Communications Server 2007, Office Communicator and Windows Live Messenger, which Microsoft said could impact as many as 250 million people. The flaws also affect many other applications and systems that use the Real-time Transport Protocol (RTP), including those from Avaya, Cisco and Nortel, according to the report.
"Securing the media stream is particularly challenging because once the messaging session is established, the flow of packets is not always monitored and managed by the call server," according to a statement from VoIPshield Labs, the research division of VoIPshield Systems. Microsoft is investigating the flaws, it said, but so far has not issued any security advisories or updates.
But denial of service are not the only threats to worry about. Andriy Markov, director of VoIPshield Labs, told TMCnet.com that "many other media stream attacks exist that have more severe implications than service availability. We’re presently validating new research that shows an attacker can gain unauthorized access to an unsuspecting user’s laptop by manipulating the packets of a VoIP phone call. We believe that these attacks can even be made to traverse a PSTN gateway.”
Is this the real world or a Wachowski brothers movie?
•
•
•
•
This blog entry was written by Edward J Correia, staff writer aka EddieC. It has been filed under the Web Development category. It has received 2,429 views, 0 comment(s), and 27 linkbacks. It was promoted to featured news status Nov 14th, 2008.
Related Blog Entries
- Michael Jackson sparks celebrity death hoax epidemic (5 Days Ago)
- Reading a 200 year old newspaper in the hot tub (6 Days Ago)
- Michael Jackson and web events (9 Days Ago)
- Barmy Ballmer and his Ba Da Bing Billions (11 Days Ago)
- Montana City Demands Passwords from Job Applicants (17 Days Ago)
Related Forum Threads
- Help with automatic update problem and more (Viruses, Spyware and other Nasties)
- Windows Media Player will play video but not audio but (Windows NT / 2000 / XP / 2003)
- Pidgin Mplayer and v4l (IT Professionals' Lounge)
- Live Stream Connection problems. (IT Professionals' Lounge)
- Hijackthis report, I just don't know (Viruses, Spyware and other Nasties)
- Video and audio playing too fast? (Troubleshooting Dead Machines)
- DVD+RW/+R Burning problems Update (Storage)
- Audio & Video Stuttering (Windows NT / 2000 / XP / 2003)
- Video/Audio decompiler reccomendations? (Windows Software)