Voip, you next security hole

[Gary]

Quote from the BBC "A new type of identity fraud, which sees hackers tapping into voice-over IP telephony accounts, has been highlighted by a VoIP equipment maker.

Usernames and passwords from voice-over IP (VoIP) phone accounts are selling online for more than stolen credit cards, Newport Networks has found.

The information allows someone to use the telephone service for free.

Net telephony fraud is still in its infancy, with eavesdropping on calls being the most common security flaw"

Why am I not surprised, this year is forcast to be one of the worse for internet fraud, the full voip story can be found here

[Dangerjunkie]

Unfortunately it seems that providers don't seem to be worried about this yet and they haven't enabled security. That being said, if you're at home then I don't think this is much to worry about. Nobody at IDNet is going to steal your passwords and the risk at big bandwidth providers is, IMHO, low. The big risks are if you get a password-stealing virus/trojan (which can be mitigated by using an up-to-date antivirus or prevented by switching to Mac/Linux.) If you detect any kind of virus/spyware/trojan on your machine it would be a sensible step to change the passwords to anything important, like your VOIP, email, banking, etc.

The big risks of being compromised seem to be when you're using someone else's network. If you log in from a hotel, coffee shop, internet cafe, that tempting hotspot called "Free public wifi" (a.k.a. "Please use all your juicy passwords here") or you're a naughty boy/girl and use people's open wireless points then you don't know who could be listening. It may be the operator of the network or, as most hotspots don't use encryption anybody with a laptop or PDA within range.

Good luck and be careful out there
Paul.