Archive for the 'VoIP' Category

UMA FemtoCell Security Concerns

idea1.jpgRecently completed a write up on Unlicenced Mobile Access (UMA) and FemtoCell Security Concerns. It’s available online under the articles section, check it out.

Top VoIP Vulnerabilities in 2008

Sipera recently announced its list of Top 5 VoIP Vulnerabilities in 2007. A similar more detailed list was also released “Top 9 VoIP Threats And Vulnerabilities” by CMP Channel. Sipera has provided some input to the article so they are essentially the same list with a few more thrown in to make the list Top 9. These VoIP vulnerabilities stated are nothing new and have existed and remain almost the same since VoIP hit mainstream, however its good to release a Top 10 list every year to keep reminding people that it still exists!!

Top 5
Remote eavesdropping
VoIP Hopping
Vishing (Caller ID spoof and identity theft)
Toll fraud
The Skype worm

Read more »

Skype and Anti-Debugging protections

If you are one of the casual reversers like me and only reverse code when you feel you are wronged by a software manufacturer, skype should be the software for you.

I have a software installed on my machine and upon starting skype I got this interesting error:

So I set out on my hunt to find what instructions were being executed on my CPU (there’s nothing wrong with that …isn’t it?). I found that there was an interesting piece of code that was checking for the presence of debuggers.  Specifically the presence of \\.\ntice which is the name of the service which CompuWare Device DriverStudio runs the debugger as.  Click on the thumbnail below to look at the disassembly.

Inside a debugger

What was interesting was a simple JMPS instead of a JE could help someone change the way their CPU was behaving (i.e., not allowing skype to run).

As Stewie Griffin would say “Victory is mine!”.