As if they needed more stress, organizations are facing evolving and increasingly stringent compliance regulations from the Payment Card Industry, as well as Sarbanes-Oxley, HIPAA and others. Here are a few security compliance products that can make the audit process less excruciating.
Here are 10 of the distributor's hottest new offerings winning over solution providers.
New smartphones from Sony, Motorola and the first-ever Twitter-only mobile device -- the TwitterPeek -- headline a busy week for handset makers as the holiday shopping season heats up.
Security Flaw Opens Cisco VoIP Phones To Eavesdropping
2:01 PM EST Thu. Nov. 29, 2007
The San Jose, Calif.-based vendor issued a security alert Wednesday that identified 11 models of its Cisco Unified IP Phone 7900 Series handsets that are vulnerable to the attack. All Cisco IP phones that support Extension Mobility, a feature that allows users to log into a phone and configure it as their own on a temporary basis, are vulnerable, the company said.
Cisco classified the alert as a low-level risk with a base score of 4.0 on the Common Vulnerability Scoring System. No updates are available, though Cisco identified several workarounds to combat the problem.
Cisco's security alert came in response to a presentation given at the Hack.Lu 2007 security conference by researcher Joffrey[STET] Czarny, a penetration tester for the security research division of Telindus, a Belgium-based systems integrator.
An attacker with valid Extension Mobility authentication credentials could use a properly configured Cisco IP phone to eavesdrop on ongoing conversations around the affected device, a breach that could lead to the disclosure of sensitive information, according to the alert.
For attackers to exploit the vulnerability, the internal Web server of the IP phone must be enabled, which is a default setting. The IP phone must also be configured to use the Extension Mobility feature, which is not a default setting. In addition, the attacker must have valid Extension Mobility authentication credentials. An attacker could procure authentication credentials by gaining physical access to the network and inserting a sniffing device between an IP phone and switch port, according to the alert.
Phones would exhibit visual queues if they were being exploited by the vulnerability, including illuminated speakerphone buttons and an off-hook indication on their LCD displays.
Cisco identified three workarounds to ward off attack, including disabling the internal Web server on IP phones, disabling the Extension Mobility feature and disabling the speakerphone/headset functionality on IP phones. The vendor also said the attack can be mitigated by restricting access to the internal Web server of IP phones (TCP port 80) using an access control list.
Avnet 0% Lease PromotionThe Avnet Capital Solutions “0% Lease Promotion” has been extended to December 31, 2009! This offering significantly reduces ...
ITAVOS 17" & 19" LCD RACK CONSOLES ITAVOS is the only LCD Rack Console that's price competitive and manufactured in the US.
