VOIP over Wi-Fi subject to eavesdropping? - PGP

This is a discussion on VOIP over Wi-Fi subject to eavesdropping? - PGP ; "NotMe" writes: >"Floyd L. Davidson" >| > >| >IF your VOIP is is not encrypted then yes it could be "overheard". >| >If the wireless link from your laptop to the access point is not >encrypted, >| >then yes, it ...

+ Reply to Thread
Page 2 of 3 FirstFirst 1 2 3 LastLast
Results 21 to 40 of 52

Thread: VOIP over Wi-Fi subject to eavesdropping?

  1. Re: VOIP over Wi-Fi subject to eavesdropping?

    "NotMe" writes:

    >"Floyd L. Davidson"
    >| >
    >| >IF your VOIP is is not encrypted then yes it could be "overheard".
    >| >If the wireless link from your laptop to the access point is not
    >encrypted,
    >| >then yes, it could be overheard. I have no idea if VoicePulse encrypts
    >the
    >| >stuff.
    >|
    >| So you are admitting it is exactly as I said. If *you* don't
    >| provide the encryption, it is *not* secure.
    >|
    >| And I *guarantee* you that on occasion there *are* people
    >| listening.


    >Do not assume that if it is encrypted that at some point it will not be
    >decrypted, either today, tomorrow or some n-th day after tomorrow.


    And the conclusion anyone is to draw from this? /do not assume that time
    travel or mind reading cannot occur in the future. So what does that mean?
    One lives life rationally by examining alternatives and the liklihhod of
    them. One does not live by simply listing all possibilities no matter how
    outlandish and stopping at that point.




  2. Re: VOIP over Wi-Fi subject to eavesdropping?

    > And the conclusion anyone is to draw from this? /do not assume that time
    > travel or mind reading cannot occur in the future. So what does that mean?
    > One lives life rationally by examining alternatives and the liklihhod of
    > them. One does not live by simply listing all possibilities no matter how
    > outlandish and stopping at that point.


    Without wishing to get into the issue of what is possible now or in the
    future, capturing and playing back VoIP is NOW:-

    http://vomit.xtdnet.nl/

  3. Re: VOIP over Wi-Fi subject to eavesdropping?

    Dan wrote:

    > I always joke to my friends to explain tele snooping that they just need
    > to talk about killing the president and watch the FBI show up at their
    > door step. But yes to guarantee privacy use a encrypter before the tele
    > mic and be in a sound proof room, etc,,,


    Use the Cone of Silence!

    Thanks,
    Don



  4. Re: VOIP over Wi-Fi subject to eavesdropping?

    On 5 Aug 2005 08:49:07 GMT, Unruh wrote:

    >"NotMe" writes:
    >
    >>Do not assume that if it is encrypted that at some point it will not be
    >>decrypted, either today, tomorrow or some n-th day after tomorrow.

    >
    >And the conclusion anyone is to draw from this? /do not assume that time
    >travel or mind reading cannot occur in the future. So what does that mean?
    >One lives life rationally by examining alternatives and the liklihhod of
    >them. One does not live by simply listing all possibilities no matter how
    >outlandish and stopping at that point.


    Of course not. Especially when it comes to individuals, the vast majority
    of credit card and identity theft is still done via old fashioned social
    engineering, digging through garbage, or gas station clerks who compile
    lists.

    As far as time travel or mind reading... we'll just have to take comfort in
    the concept of mutually assured destruction. *Everyone* is going to have
    some dirt. But in the end it will probably be far more of a benefit since
    even the people with very weird experiences that they would never want to
    admit will suddenly find thousands of other people who also felt they were
    completely alone.


    --
    "Don't you see that the whole aim of Newspeak is to narrow the range of
    thought? In the end we shall make thoughtcrime literally impossible,
    because there will be no words in which to express it."

    - George Orwell as Syme in "1984"


  5. Re: VOIP over Wi-Fi subject to eavesdropping?

    CyberDroog wrote:

    > >And the conclusion anyone is to draw from this? /do not assume that time
    > >travel or mind reading cannot occur in the future. So what does that mean?
    > >One lives life rationally by examining alternatives and the liklihhod of
    > >them. One does not live by simply listing all possibilities no matter how
    > >outlandish and stopping at that point.

    >
    > Of course not. Especially when it comes to individuals, the vast majority
    > of credit card and identity theft is still done via old fashioned social
    > engineering, digging through garbage, or gas station clerks who compile
    > lists.
    >
    > As far as time travel or mind reading... we'll just have to take comfort in
    > the concept of mutually assured destruction. *Everyone* is going to have
    > some dirt. But in the end it will probably be far more of a benefit since
    > even the people with very weird experiences that they would never want to
    > admit will suddenly find thousands of other people who also felt they were
    > completely alone.


    Just like teh interweb!

    My kink is OK because I found some similar preverts!

    Thanks,
    Don



  6. Re: VOIP over Wi-Fi subject to eavesdropping?

    In article <87y87hrltg.fld@barrow.com>, floyd@apaflo.com says...
    > Leythos wrote:
    > >In article <871x5az1qa.fld@barrow.com>, floyd@apaflo.com says...
    > >>
    > >> Let me explain 10 important things about telephones to you...
    > >> which comes from 34 years, before retiring, in the telephone
    > >> long distance business.
    > >>
    > >> 1) Do *not* *ever* say *anything* on a telephone that you cannot
    > >> live with seeing on the front page of tomorrows local newspaper.
    > >>
    > >> (Items 2 through 9 have precisely the same words as item 1.)
    > >>
    > >> 10) There is no such thing as a secure telephone connection,
    > >> unless *you* provide the encryption at both ends.

    > >
    > >11) Never say anything in E-Mail or Usenet or other medium that you
    > >would not want to see in public/news/by your mother.

    >
    > Different list, so that should be item 1. However, you're not
    > quite getting the picture (probably too young?).
    >
    > 1) Don't post anything to Usenet that you don't want your
    > *grandchildren* to see, because they probably will.
    >
    > You worry about what you mother will see... I'm amazed at what
    > my grandchildren know about.


    I was on Usenet in 84, on the older net before that, getting paid for
    code in the 70's, so I don't think I'm "younger".

    Most people respect their mother more than their children and many
    people don't have children - it's about the age thing, what we find
    unacceptable in our moral values the newer generation is more tolerant
    of, and so it goes.


    --

    spam999free@rrohio.com
    remove 999 in order to email me

  7. Re: VOIP over Wi-Fi subject to eavesdropping?

    Unruh wrote:

    > >Do not assume that if it is encrypted that at some point it will not be
    > >decrypted, either today, tomorrow or some n-th day after tomorrow.

    >
    > And the conclusion anyone is to draw from this? /do not assume that time
    > travel or mind reading cannot occur in the future. So what does that mean?
    > One lives life rationally by examining alternatives and the liklihhod of
    > them. One does not live by simply listing all possibilities no matter how
    > outlandish and stopping at that point.


    Now I'm afraid to LEAVE THE HOUSE!
    Now I'm afraid to TOUCH THE COMPUTER!
    AAARRRGGGHHH!

    Thanks,
    Don



  8. Re: VOIP over Wi-Fi subject to eavesdropping?

    On Fri, 05 Aug 2005 09:55:43 GMT, David Taylor
    wrote:

    >Without wishing to get into the issue of what is possible now or in the
    >future, capturing and playing back VoIP is NOW:-
    >http://vomit.xtdnet.nl/


    Yech. You don't have to resort to such hacker tools to sniff VoIP.

    The industry has a variety of commercial vendors who sell VoIP test,
    quality monitoring, and call analysis tools. For example:
    http://www.touchstone-inc.com/Produc...eQ/WinEyeQ.htm
    http://www.niksun.com/Products_NetVoice.htm
    http://www.telrex.com/callrex.htm
    http://www.3com.com/voip/redbox.html
    http://www.accuratealways.com
    These are commonly found in telemarketing tanks and large corporate or
    government networks.

    Ethereal will also capture and decode most VoIP protocols and RTP
    streams. It's a bit tricky but not impossible. Here's some clues:
    http://www.voice2sniff.org
    http://www.ethereal.com/lists/ethere.../msg00092.html

    There are some technical difficulties with wiretap via wireless which
    are obvious to anyone that has ever tried to actually obtain useful
    data from a wireless sniff or capture. I won't mention what they are
    as I believe that aspiring criminals should learn such things the hard
    way.


    --
    Jeff Liebermann jeffl@comix.santa-cruz.ca.us
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 http://802.11junk.com
    AE6KS 831-336-2558

  9. Re: VOIP over Wi-Fi subject to eavesdropping?

    > The industry has a variety of commercial vendors who sell VoIP test,
    > quality monitoring, and call analysis tools. For example:


    Jeff, you're dangling that word "sell" again!

    I don't think too many of dubious intent will be rushing to buy when
    there's something for free which I took as the initial concern.

    > Ethereal will also capture and decode most VoIP protocols and RTP
    > streams. It's a bit tricky but not impossible. Here's some clues:
    > http://www.voice2sniff.org
    > http://www.ethereal.com/lists/ethere.../msg00092.html


    Yep, quite.

    However either way, my point was that VoIP capture is NOW not something
    that may happen in the future.

    David.

  10. Re: VOIP over Wi-Fi subject to eavesdropping?

    Leythos wrote:
    >In article <87y87hrltg.fld@barrow.com>, floyd@apaflo.com says...
    >> Leythos wrote:
    >> >In article <871x5az1qa.fld@barrow.com>, floyd@apaflo.com says...
    >> >>
    >> >> Let me explain 10 important things about telephones to you...
    >> >> which comes from 34 years, before retiring, in the telephone
    >> >> long distance business.
    >> >>
    >> >> 1) Do *not* *ever* say *anything* on a telephone that you cannot
    >> >> live with seeing on the front page of tomorrows local newspaper.
    >> >>
    >> >> (Items 2 through 9 have precisely the same words as item 1.)
    >> >>
    >> >> 10) There is no such thing as a secure telephone connection,
    >> >> unless *you* provide the encryption at both ends.
    >> >
    >> >11) Never say anything in E-Mail or Usenet or other medium that you
    >> >would not want to see in public/news/by your mother.

    >>
    >> Different list, so that should be item 1. However, you're not
    >> quite getting the picture (probably too young?).
    >>
    >> 1) Don't post anything to Usenet that you don't want your
    >> *grandchildren* to see, because they probably will.
    >>
    >> You worry about what you mother will see... I'm amazed at what
    >> my grandchildren know about.

    >
    >I was on Usenet in 84, on the older net before that, getting paid for
    >code in the 70's, so I don't think I'm "younger".
    >
    >Most people respect their mother more than their children and many
    >people don't have children - it's about the age thing, what we find
    >unacceptable in our moral values the newer generation is more tolerant
    >of, and so it goes.


    You are *still* missing the point.

    It isn't just what your contemporaries can see (which in the
    case of a perspective employer can in fact be significant,
    though I suppose your concern about your mother is equally
    valid), but the fact that we are leaving a legacy that will
    outlive us individually.

    If posters want to be taken seriously by anyone, today or
    tomorrow, they need to write for an audience that includes "your
    *grandchildren*", and that is true for people who are 15 years
    old just as well as it is for people who a childless at 85 years
    of age.

    --
    Floyd L. Davidson
    Ukpeagvik (Barrow, Alaska) floyd@apaflo.com

  11. Re: VOIP over Wi-Fi subject to eavesdropping?

    > http://jvoip-sip.sourceforge.net/index.php
    > One problem is that it's mostly in Italian.


    C'mon, Google translation services are always fun!

    > Agreed. Wireless VoIP sniffing is easy enough and can be done. Also,
    > there's a problem with some clients. The voice payload might be
    > encrypted but the SIP setup data is by necessity unencrypted.


    Yes, frustratingly I have both Vonage and an alternate service. Only
    Vonage was their router to be connected to the cable modem and my Sipura
    wants to be connected there too. I asked Vonage what the SIP account
    details were as the firmware is crippled and doesn't display the SIP
    page and although their router is a 2 POTS port, I couldn't enter my
    second provider for the same crippled firmware reason. I was going to
    simply sniff the Vonage auth data but in the end just did a bit of
    reconfiguration and the result works.

    David.

  12. Re: VOIP over Wi-Fi subject to eavesdropping?

    On Fri, 05 Aug 2005 10:05:05 -0800, floyd@apaflo.com (Floyd L. Davidson)
    wrote:

    >If posters want to be taken seriously by anyone, today or
    >tomorrow, they need to write for an audience that includes "your
    >*grandchildren*", and that is true for people who are 15 years
    >old just as well as it is for people who a childless at 85 years
    >of age.


    Wouldn't that kind of ruin the stew? It's like going out on a first date
    having pre-conceived every line you will speak so that you make a good
    impression. That is perhaps useful as a means to an end, but rarely
    anything approaching the truth. Maybe our descendents would prefer a more
    realistic view of us just being ourselves.

    Sometimes I wish we had some stories of America's founding fathers getting
    soused and falling off their horses. Not that I believe that having myths
    and legends is necessarily bad. But would we value the Declaration of
    Independence any less if we were to find out that Thomas Jefferson was
    wearing a dress and six petticoats when he wrote it?

    I don't think so. In fact that would really kind of drive home the concept
    of the individuals right to pursue happiness.

    Thomas Jefferson - a hell of a guy, and my kind of woman...

    --
    The plans differ; the planners are all alike...

    - Fredric Bastiat


  13. Re: VOIP over Wi-Fi subject to eavesdropping?

    CyberDroog wrote:
    >On Fri, 05 Aug 2005 10:05:05 -0800, floyd@apaflo.com (Floyd L. Davidson)
    >wrote:
    >
    >>If posters want to be taken seriously by anyone, today or
    >>tomorrow, they need to write for an audience that includes "your
    >>*grandchildren*", and that is true for people who are 15 years
    >>old just as well as it is for people who a childless at 85 years
    >>of age.

    >
    >Wouldn't that kind of ruin the stew? It's like going out on a first date
    >having pre-conceived every line you will speak so that you make a good


    You do not need to "pre-conceive" every line before the date
    starts. But *thinking* before talking is clearly a good idea on
    first dates as well as in Usenet posts.

    >impression. That is perhaps useful as a means to an end, but rarely
    >anything approaching the truth. Maybe our descendents would prefer a more
    >realistic view of us just being ourselves.


    If the "real you" spouts off without thinking, go for it! ;-)

    >Sometimes I wish we had some stories of America's founding fathers getting
    >soused and falling off their horses. Not that I believe that having myths
    >and legends is necessarily bad. But would we value the Declaration of
    >Independence any less if we were to find out that Thomas Jefferson was
    >wearing a dress and six petticoats when he wrote it?


    Why not? J Edgar Hoover was wearing something like that when
    he made the FBI into a legend...

    >I don't think so. In fact that would really kind of drive home the concept
    >of the individuals right to pursue happiness.
    >
    >Thomas Jefferson - a hell of a guy, and my kind of woman...


    Well, apparently several Presidents felt somewhat that way about
    Hoover too.

    --
    Floyd L. Davidson
    Ukpeagvik (Barrow, Alaska) floyd@apaflo.com

  14. Re: VOIP over Wi-Fi subject to eavesdropping?

    CyberDroog wrote:

    >
    > Sometimes I wish we had some stories of America's founding fathers getting
    > soused and falling off their horses. Not that I believe that having myths
    > and legends is necessarily bad. But would we value the Declaration of
    > Independence any less if we were to find out that Thomas Jefferson was
    > wearing a dress and six petticoats when he wrote it?


    I think you need to read more history - there are plenty of such stories.



    --
    Tony Lawrence
    Unix/Linux/Mac OS X resources: http://aplawrence.com

  15. Re: VOIP over Wi-Fi subject to eavesdropping?

    At about the time of 8/3/2005 6:45 PM, Steve stated the following:

    > I use VOIP (Voicepulse) over my laptop while on the road, connected via
    > Wi-Fi hotspots.
    >
    >
    > My question- Are my phone conversations secure over these connections?
    > I am talking for "all practical purposes", absent CIA or KGB with
    > advanced technology.
    >
    > THANKS!
    >


    One thing that I want to point out is that if you are using a Wi-Fi
    hotspot, then chances are that your conversations are *NOT* secure.

    The FBI recently had a demonstration where they broke 128bit WEP
    security inside of 5 minutes. No SSID was being broadcast and MAC
    address filtering was turned on. And they did it using readily
    available software and equipment that everyone has access to.

    If you want security over a Wi-Fi link, then use a VPN or other
    encryption agent.

    --
    Daniel Rudy

    Email address has been encoded to reduce spam.
    Remove all numbers, then remove invalid, email, no, and spam to reply.

  16. Re: VOIP over Wi-Fi subject to eavesdropping?

    On Sat, 06 Aug 2005 12:51:32 GMT, Daniel Rudy
    wrote:

    >The FBI recently had a demonstration where they broke 128bit WEP
    >security inside of 5 minutes.


    why were they wasting their time and your money on that. WPA etc were
    invented precisely because WEP is known to be weak.

    Phil
    --
    Remember - Global Warming is only a weather forecast :-)

  17. Re: VOIP over Wi-Fi subject to eavesdropping?

    > why were they wasting their time and your money on that. WPA etc were
    > invented precisely because WEP is known to be weak.


    Possibly because the vast majority of wireless LANs still run either WEP
    or no encryption.

    David.

  18. Re: VOIP over Wi-Fi subject to eavesdropping?

    On Fri, 05 Aug 2005 18:45:47 -0400, Tony Lawrence wrote:

    >CyberDroog wrote:
    >
    >>
    >> Sometimes I wish we had some stories of America's founding fathers getting
    >> soused and falling off their horses. Not that I believe that having myths
    >> and legends is necessarily bad. But would we value the Declaration of
    >> Independence any less if we were to find out that Thomas Jefferson was
    >> wearing a dress and six petticoats when he wrote it?

    >
    >I think you need to read more history - there are plenty of such stories.


    Mostly anecdotal. Since the press back then wouldn't report such stories,
    the facts are pretty clouded. Kind of the way that the antics of sports
    figures were rarely reported in the past.

    --
    FAITH, n. Belief without evidence in what is told by one who speaks
    without knowledge, of things without parallel.

    - Ambrose Bierce


  19. Re: VOIP over Wi-Fi subject to eavesdropping?

    > What is the risk? If the contents of Fort Knox were housed in an old

    We don't know, he didn't tell us what his conversations were about so
    now we'd have to make assumptions.

    > If Steve's telephone conversations are similarly "dusty" and
    > "anonymopus"... lets say boring, then likewise, they are practically
    > secure because they will be of no interest to anyone, and even if


    We don't know that, he didn't state.

    > somebody happenned to overhear, the conversation would need to be of
    > interest to the eavesdropper to even begin to carry the threat of any


    Not necessarily. Lets say there were bored teenagers who made a habit
    of searching around for VoIP data to sniff, just to see if it *was*
    interesting.

    > From a technical point of view, "WiFi" transmissions carrying VOIP
    > are far more secure than conventional analogue phone traffic. Even


    I'd disagree. In order to sniff VoIP over WiFi what do I need, a
    laptop, an antenna and a wireless card. Everything else is free. Oh
    and that's the same equipment I can use for everyday networking. On the
    otherhand, if I want to start hooking up to telephone lines, the
    problems are somewhat different to plopping down my laptop and attaching
    an antenna.

    > with the proliferation of sophisticated consumer electronics,
    > eavesdropping on digitised sound is not simple. Specific packets have
    > to be captured then the contents have to be reassembled and using
    > appropriate codecs, have to be converted back to analogue. With the


    Ethereal and Vomit are free. Jeff gave other links to other tools.

    > Consider that the WiFi eavesdropper also needs to be within reception
    > range and his task becomes even more difficult.


    That's hardly a problem with a decent antenna. People have been
    sniffing round for open AP's for ages, similarly screwing up Bluetooth.
    Maybe VoIP credit card detail hijacking is next. It's not that
    difficult.

    > Finally, If Steve's conversations are highly confidential then he
    > would not be asking this question here.


    We still don't know that, maybe that's why he was asking.

    > My answer to " ..are MY phone conversations secure over these
    > connections?"..." for all practical purposes", ... .YES


    I don't have a problem with agreeing with that considering that you can
    listen to half of a mobile phone conversation any day you like by
    standing next to someone and depending on the earpiece volume, maybe
    full duplex.

    David.

  20. Re: VOIP over Wi-Fi subject to eavesdropping?

    In article ,
    jnitron wrote:
    :But, lets's consider the qualifier, "all practical purposes".

    :What is the risk? If the contents of Fort Knox were housed in an old
    :dusty anonymous warehouse, which nobody knew about, then it would be
    :100% secure. Nobody would know about it so there would be no threat
    :and no risk.

    Nope. Kids have a hobby around here: they wander around and
    break into or set fire to old dusty buildings.

    "dusty anonymous" warehouses are also subject to "traffic analysis":
    People enter and leave Fort Knox all the time, but people
    mostly leave anonymous warehouses alone.


    :If Steve's telephone conversations are similarly "dusty" and
    :"anonymopus"... lets say boring, then likewise, they are practically
    :secure because they will be of no interest to anyone, and even if
    :somebody happenned to overhear, the conversation would need to be of
    :interest to the eavesdropper to even begin to carry the threat of any
    otential adverse consequence.

    Right. And "Echelon" is merely an organizational unit.

    The USA denies it, but there is fairly solid evidence in Europe
    (UK especially) and Australia, that there is widespread -automatic-
    sorting through domestic and international telephone conversations --
    automatically checking *all* calls through major exchanges
    (not just calls from "suspects".) To the kind of people that set up
    such massive checking, encrypted calls *by definition* are
    "suspicious" and, if practical such calls should be broken and
    analyzed.

    --
    "This was a Golden Age, a time of high adventure, rich living and
    hard dying... but nobody thought so." -- Alfred Bester, TSMD

+ Reply to Thread
Page 2 of 3 FirstFirst 1 2 3 LastLast