haqistan

aboutcontactdonatelicensearchives

Several Flaws Discovered in ZRTPCPP Library Used in Secure Phone Apps | Threatpost

206 words by attila written on 2013–07–01, last edit: 2013–07–01, tags: pgp, security, voip, vul, zimmerman, zrtpPrevious post: McDonald’s: Stop putting employee wages on fee-riddled debit cards | SumOfUsNext post: Farming subsidies: this is the most blatant transfer of cash to the rich | George Monbiot | Comment is free | The Guardian


Several Flaws Discovered in ZRTPCPP Library Used in Secure Phone Apps | Threatpost.

This is important and worth noting. I have been considering putting together an Asterisk installation on my server in NYC that has ZRTP enabled somehow (not sure how you do that but I’m sure it is possible) so that I could set up a secure telephony system for myself. ZRTP looked like a pretty cool thing to me; I read about it when Zimmerman released it and even downloaded his Linux background app and used it a few times.

It is therefore instructive to note that you should always temper your enthusiasm for and trust of any software you rely on. If you write it yourself then you have the classic problem of self-serving blinders that keep you from seeing or looking for flaws. If you use someone else’s, no matter how studly a hacker they might be you have to consider the possibility that there are flaws in their work. I should definitely set up my telephony system with ZRTP but I should also be extremely careful in how I do it. The attitude that some aspect of security is ever “handled” is always wrong. Always. Even Homer nods.


Copyright © 1999–2017 by attila <attila@stalphonsos.com>. All Rights Reserved.