SIP XSS attacks and Spam Over Skype (SOS), they come in pairs.
There are many a ways that hackers (Malicious ones) used to get on your PC or PCs. Now they have one more way to get on your PC and steal valuable information.
There are two warnings by two companies released together, advises how a SIP account is used by those bad people to access computers.
A vulnerability in the Linksys SPA-941 (version 5.1.8) found last week by a security researcher, allows a malicious hacker to conduct a cross-site scripting (XSS) attack using the Session Initiation Protocol (SIP), one of the major voice-over-IP (VoIP) standards. These type of attacks are similar to those that attacks Web 2.0 sites. I visited the Linksys site and there is no information about this issue. There was also no new firmware for the device either, if the problem solvable via a new firmware. It might simply have to be managed with the Firewall Security.
But then again, according to this post to a security e-mail list, researchers from India, note that while attacking VoIP devices over SIP tends to be difficult because the devices in question often have custom architectures and operating systems, many of them also have embedded Web servers that can be hacked using a buffer overflow exploit. "Most firewalls/IPS will not protect the internal network against XSS attacks delivered over SIP, Additionally, users will connect to these devices directly from the internal network and therefore the internal network can be compromised.", researchers stated.
Separately, researchers at Websense Security Labs issued an alert about a spike in new spam techniques over Skype, SOS (Spam Over Skype), the widely-used VoIP service. Spam is being sent over Skype warning users that their system has been infected with malware. The spam is designed to dupe the user into buying software that claims to clean the spyware from their systems. Instead of removing spyware, however, the spammer is able to steal sensitive data that could be used for identity fraud. This post at Websense Blog has a complete sequence of the SOS.
0 comments:
Post a Comment