Sipera Systems reports that VoIP toll fraud continues to escalate, based on evidence uncovered in numerous VoIP and UC architectures. Across dozens of security architecture reviews and solution deployments, Sipera's security experts have discovered numerous cases of vulnerabilities commonly exploited for toll fraud, including confirmed fraud resulting in losses ranging from a few thousand dollars to hundreds of thousands of dollars.

Research and Markets has announced the addition of John Wiley and Sons Ltd's new report "SIP Security" to their offering.

This book gives a detailed overview of SIP specific security issues and how to solve them While the standards and products for VoIP and SIP services have reached market maturity, security and regulatory aspects of such services are still being discussed. SIP itself specifies only a basic set of security mechanisms that cover a subset of possible security issues. In this book, the authors survey important aspects of securing SIP-based services. This encompasses a description of the problems themselves and the standards-based solutions for such problems. Where a standards-based solution has not been defined, the alternatives are discussed and the benefits and constraints of the different solutions are highlighted.

Recently published reports predict that nearly 75 percent of corporate phone lines will be using VoIP in the next two years; expectations are that half of small-to-medium sized businesses and two-thirds of all enterprise organizations will be using VoIP. By this year's end, the global total number of VoIP subscribers (residential and commercial) is expected to reach nearly 100 million users. Because of the ubiquity of VoIP, it is quickly emerging as a new and substantive threat vector to businesses worldwide. The following are the leading threats to business networks that use VoIP:

Mark Collier, a leading telephony and VoIP security scientist, author, and blogger, announces the release of his “VoIP Security Trends and Predictions for 2009.” The latest edition of Collier’s annual prognostications was posted today to his popular VoIP security blog at www.voipsecurityblog.com, alongside a “2008 VoIP Security Year in Review” companion discussion posted on January 13, 2009. Collier is CTO and VP of engineering of SecureLogix Corporation, an enterprise telephony security, optimization, and management company.

The FBI has identified a new technique used to conduct vishing attacks where hackers exploit a known security vulnerability in Asterisk software. Asterisk is free and widely used software developed to integrate PBX systems with VoIP digital Internet voice calling services; however, early versions of the Asterisk software are known to have a vulnerability. The vulnerability can be exploited by cyber criminals to use the system as an auto dialer, generating thousands of vishing telephone calls to consumers within one hour.

How the world crisis affects telecoms? What tricks can you expect and how is it possible to protect yourself from them? We decided to talk about it with Daniel, executive manager of www.voipfraud.net – so far the most reliable anti-fraud web-portal concerning VoIP business. He noted that during the last month the number of publications about cases of fraud on www.voipfraud.net increased by about 20 percent against the previous month. “We had 5 companies added only during the last two days” – he says, - “the number of registered users on our portal has essentially increased as well. We believe, it shows that people are concerned about the situation on telecommunications’ market and they are trying to get as much information, as they can, to protect themselves.”

VoIPshield is making its first-ever announcement in a new category of research related to security vulnerabilities in VoIP and Unified Communications systems. These vulnerabilities affect applications that use media stream protocols like RTP, a popular standardized packet format for delivering audio and instant messaging over the Internet.

VoIP is an increasingly widespread new technology that allows users to escape the tyranny of big telecom and make phone calls over the Internet. But while VoIP may be cheap and convenient, it's notoriously lacking in security. With little effort, attackers can eavesdrop on conversations, disrupt phone calls, inject content into existing conversations, change caller IDs, and access sensitive information—all without the awareness of the VoIP users making the phone calls.

Hacking VoIP approaches VoIP security from two angles, explaining VoIP's many security holes to both hackers and administrators. The book raises awareness of the importance of VoIP security, describes potential attacks, explains VoIP's biggest weaknesses, and offers solutions for protecting against potential exposure and attacks. Readers learn how to defend against VoIP attacks as they explore issues with VoIP security and the boundaries of VoIP protocols.

Cellcrypt is on a mission to appoint key channel partners worldwide to address the increasing concern about voice security. Many individuals and organisations have recognised the issue of voice security, however traditional encrypted mobile phones have severe limitations. Cellcrypt Mobile breaks through these barriers allowing resellers to offer dramatically improved solutions to existing customers and to reach customers whose problems they haven’t been able to solve until now.

VoIPshield made its third announcement of security vulnerabilities in VoIP systems marketed by Avaya, Cisco and Nortel. This brings the total number of vulnerability groups reported to VoIP vendors in 2008 to over sixty, representing over 200 unique vulnerabilities. The vulnerability groups will be disclosed in limited detail at noon EDT today on VoIPshield's website at www.voipshield.com/research.

Under its Responsible Disclosure Policy, VoIPshield works with the VoIP vendors to assist them in reproducing the vulnerabilities in their labs, thus facilitating the development of software patches for the affected products. Avaya, Cisco and Nortel are acknowledging these vulnerabilities today on their websites, and issuing their own security advisories and patches.

VoIPshield announces the VoIPguard VoIP Intrusion Prevention System product family has been expanded to address the growing market for VoIP in small and medium business, and the increase in VoIP trunking services being made available by carriers and telcos. The new entry-level model, the VIPS 10, is designed for small businesses or branch offices. The high-end model, the VIPS 1000, is a carrier-class product.

XConnect and Acme Packet successful test new methods that assist in the prevention of Spam over Internet Telephony (SPIT), also known as voice spam. Unlike email spam, SPIT is still relatively uncommon and was somewhat obscure prior to the recent significant worldwide growth of VoIP communications. Now that VoIP has become more ubiquitous, the disruptive and intrusive nature of unwanted calls, coupled with the difficulty in detecting SPIT, has made this up-and-coming threat hard to ignore. Consequently, industry bodies such as the Internet Engineering Task Force have recently begun placing increased focus on developing approaches to dealing with SPIT.

Empirix announces that ZONE Telecom has installed its Hammer XMS monitoring solution. Hammer XMS provides ZONE Telecom with a consistent, proactive approach to managing and monitoring its VoIP network by gathering statistics and conducting trend analyses that allow for better, more accurate capacity planning for long-term growth.

ZONE Telecom offers a full array of telecommunications products and services by utilizing proven telephony technologies as well as taking advantage of the newest developments in the field to deliver value and high-quality service to its customers. The company chose Empirix's Hammer XMS monitoring solution because it offers the following features:

Find out the features after the jump.

VoIPshield Laboratories made its second announcement of security vulnerabilities in Voice over IP systems marketed by Avaya, Cisco and Nortel. This brings the total number of vulnerability groups reported to VoIP vendors in 2008 to over fifty, representing over 175 unique vulnerabilities. The vulnerability groups will be disclosed in limited detail on VoIPshield's website at, available at noon EDT today. Vulnerabilities are categorized into four exploit types based on their most likely malicious intent: remote code execution; unauthorized access; denial of service; and information harvesting.

Appia Communications is making available a white paper on VoIP Security.

“VoIP security is not yet a major problem, but if the history of the Internet is any guide, it will be,” said Victor von Schlegell, Appia’s president and the paper’s author.

“The purpose of the white paper is to provide a brief, high-level and non-technical overview of the challenges of VoIP security. Our goal is to inform owners and managers so that they can ensure that their organizations are prepared when VoIP security becomes an issue,” continued von Schlegell.