My new blog at sbin.cn

January 30, 2007

Due to the publicly known reasons, this blog at wordpress.com has been not accessible at China for a long time till last Spring festival (Feb.2006). It’s very difficult for me to update and manage this blog, while most of my readers from mainland can not read it since then. So I decide move it to a new site with good performance.

Hope you guys can change your bookmark and RSS feeds. I am sorry for the unconvenience for this move. Thanks for the great pleasure WP community gave me.

Advertisements

SANS Top 20 Internet Security Attack Target List for 2006 includes VoIP for the first time

November 16, 2006

Today SANS announced the 2006 version of their annual “Top-20 Internet Security Attack Targets” and for the first time, VoIP is included as one of the threats. It was listed as N1:

 N1.1 Description

VoIP technology has seen rapid adoption during the past year. At the same time, there has been an increase in security scrutiny of typical components of a VoIP network such as the call proxy and media servers and the VoIP phones themselves. Various products such as Cisco Unified Call Manager , Asterisk and a number of VoIP phones from various vendors have been found to contain vulnerabilities that can either lead to a crash or a complete control over the vulnerable server/device. By gaining a control over the VoIP server and phones, an attacker could carry out VoIP phishing scams, eavesdropping, toll fraud or denial-of-service attacks.

Since many VoIP servers especially the ones at VoIP service providers are an interface between SS7 (traditional phone signaling) and IP networks, an attacker capable of compromising a vulnerable VoIP server could even potentially manipulate the SS7 signaling interconnection to disrupt services on the Public Switched Telephone Network (PSTN).

See more comments and report at VoIPsa blog.


What Hamachi brings?

July 28, 2006

Bill recommended one “new” application to me. That’s Hamachi. It gave me a very complicated feeling.

It’s a wonderful software application, which provides us a virtual LAN over Internet. It’s a typical overlay network application, which makes use of P2P technology and has the capability to tranverse the NAT/FW enterprise perimeter. Additionally, it brings us an interesting function – Web Proxy:

Built-in Web proxy
An option to use Hamachi as a simple web proxy. This way your Hamachi peers may configure their Web browsers to access the Internet via your computer and therefore protect their Web traffic while it is in transition between you and them.

This feature is typically used for securing Web surfing from untrusted locations including cybercafes, coffee houses, hotels, etc

Obviously, founders of Hamachi have learned the lesson from Skype. They has done a lot of effort to open their protocols and algorithm in the identity, authentication, and communications among system components. That will be a door-knocker to those enterprise IT managers, because there must be growing security and system management software to support Hamachi, as long as Hamachi’s installation get enough base. According to their website, Hamachi has over 3,000,000 users at June 17, while this number was merely 2,000,000 in April, growing 50% in two months.

It’s a wonderful remote collaboration tool, as well as a virtual networking platform, particularly in the current booming broadband world.

At the other hand, the overspreading of such kind of softwares (for others, see vnn.cn, softether.com) has been eroding and further eliminating the enterprises’ network perimeter, leading the compomise of security policy. It requires that firewalls and networking devices should support more and more layer-7 applications, in particular P2P overlay networking traffic. Morever, Traditional IDS and UTM won’t work in face of virtual LANs.

Let’s keep an eye on them together. See my comment in chinese.


VoIPsa Blog

June 1, 2006

Here is coming an eye-catching blog at VoIP security at VoIPsa Blog.


Will Net Neutrality come again?

April 29, 2006

See comment at Register, named "Net Neutrality bid gone for good" by Andrew.  A bunch of Internet giants expressed their discontent to Net Neutrality, for its mistiness and injustice. Andrew is hoping a "more coherent and professional fashion", and even "with better branding". The key point in my brain, for its possible recoming, is the benefit balance between transmission network (typically those tradional telcos) operators and CP/SPs. The latter would not like to let the former "tame" the Internet, but "foster".  

See the story by Andrew…. Read the rest of this entry »


Incredible Skype censoreship by China

April 20, 2006

FT.com reports that "Skype says texts are censored by China" by Alison Maitland. It's incredible, both from technical and political aspects. I do believe it's a distorted story by western reporters. Every skypers can testify the lie and absurdness. It betrays the fact that the scepticism and bias to China are expanded from VoIP to text chat. See what he said at the below:

Skype, the fast-growing internet communications company that belongs to Ebay, has admitted that its partner in China has filtered text messages, defending this compliance with censorship laws as the only way to do business in the country. In a Financial Times interview, Niklas Zennström, Skype’s chief executive, responded to accusations that the company had censored text messages containing words like “Falun Gong” – a banned movement – and “Dalai Lama”. He said that Tom Online, its joint venture partner in China, was complying with local law.

“Tom had implemented a text filter, which is what everyone else in that market is doing,” said Mr Zennström. “Those are the regulations.”

He claimed that compliance with Chinese censorship was no different from obeying rules governing business in western countries. China, along with the US and Germany, is one of Skype’s three biggest markets in terms of active users of its free telephony service, which routes encrypted calls between computers via the internet.

Entering the controversy that has seen Yahoo, Google and Microsoft heavily criticised for working with China’s censorship rules, Mr Zennström said: “I may like or not like the laws and regulations to operate businesses in the UK or Germany or the US, but if I do business there I choose to comply with those laws and regulations. I can try to lobby to change them, but I need to comply with them. China in that way is not different.”


ISP Rise Against P2P Users

April 17, 2006

There are pungent comments, criticism, satire, etc to those ISPs and telecom operators on their blocking, filtering and even passive attitude to P2P, from all over the internet. However, from the stand of ISPs, they have a lot of broken-hearted story to tell to their subscribers, shareholders, and those regulatory authorities. It seems that the earth has been divided into two camps: one is P2P pros, one is the P2P cons. But who is the judge ?

See an absorbing discussion named ISP Rise Against P2P Users at slashdot.org. The below is some excerpt…

bananaendian writes “Spencer Kelly from BBC’s Click program writes about the emerging backslash against high bandwidth P2P users. Apparently it has been estimates that up to one third of internet’s traffic is caused by BitTorrent file-sharing program. Especially ISPs who are leasing their bandwidth by the megabyte are more inclined to resort to ‘shaping your traffic’ by throttling ports, setting bandwidth limits or even classifying accounts according services used. What is your ISPs policy regarding P2P and is it fair for them to put restrictions and conditions on its use.”

ISP: Backslash
P2P: Forward slash. Riposte.
ISP: Touche. QOS Packet Filtering!
P2P. Lunge. Encryption!
ISP: En guard. Subpoena compliance.
P2P: Aahaaah! Ubiquitous Mesh Networks.
ISP: Arrrgh! [dies].

Where is BadAnalogyGuy when you need him?

Hello, Dad? I’m in jail.