Re: Support for TLS / SRTP

#3
Every enquiry about encryption here gets dismissed, unfortunately.

The closing paragraph of the 'Pragmatic Guide' to VOIP security on the main website states Voipfone's interesting stance on the subject:

"Hackers will attempt to get into these new services but they’ll start where they can find the most lucrative or high profile challenge. If small businesses and individuals take normal sensible precautions there is no reason to believe that VoIP will create any new or increased threat. "

Re: Support for TLS / SRTP

#4
I don't particularly care about SRTP or who can listen in to the call.
But as far as my SIP trunk header goes, I'd really like the option to encrypt this.

However, it's also possible I've misunderstood the risks here. As I understand it, the SIP header salts and hashes the password with MD5. Great!

And it took < 10 seconds to crack my own default password on my cheap $5 baseline single cpu VPS with 8 lines of javascript - hardly a hackers toolkit!

http://www.kapejod.org/en/2013/02/rever ... t-node-js/

But according to http://www.voipfone.co.uk/how-do-i-chan ... ssword.php, the password can be easily changed, but I'm also confused here:
However, if you are comfortable entering a new password into your phone, send us a new 6 digit number and we will change it on your account.

The password can be anything but if you use a number it can be entered from a telephone keypad when using some services such as call conferencing.
So, is it a number, or is it anything?

So, I thought I would try a workaround - if you buy an extension, it looks like you can enter any password into:
SERVICES > MASTER ACCOUNT > VIRTUAL PBX > EXTENSION NUMBERS

So, I tried a 12 digit alphanumeric password, no special characters, it appeared to accept it. However, it also carried on accepting the OLD password, and rejected authentication when I updated my end password to be the new password.

In other words, what is the point of that Extension password box?
And is there really no other way of transmitting passwords other than a method which can be cracked in seconds even on the lowest end PC?

Thanks!

Who is online

Users browsing this forum: No registered users and 1 guest

Copyright 2004 - 2017, iNet Telecoms® Ltd. All rights reserved.


cron