breach Archives | VoIP Review

The National Data Protection Commission (CNIL), France’s data protection office, has imposed a fine of €50 million against Google LLC for breaching the European Union online data privacy rules. This is the first major case where a fine is being imposed under the EU’s stringent General Data Protection Regulation (GDPR) that came into force last year. The French watchdog found the US search engine giant guilty of “lack of transparency, inadequate information, and lack of valid consent regarding ad personalisation.” This case stems from concerns that were raised over Google’s applied methods of collecting data, and the lack of clear options provided for the users to consent to personalised ads. “The general structure of the information chosen by the company does not enable [it] to comply with the Regulation,” read a CNIL statement. “Essential information, such as the data processing purposes, the data storage periods or the categories…

Security researchers from Rapid7 have found a large number of insecure UDP Internet services in Germany, which are used for VoIP. The researchers found nearly six million exposed SIP services on port 5060 / UPD, more than any other country in the world. The Session Initiation Protocol (SIP) is used to establish a communication session in Internet telephony and is particularly difficult to secure. Only encrypted SIP (SIP-TLS on port 5061 / TCP) provides adequate protection against active and passive eavesdropping and toll fraud, but plain text SIP is still widely used in Germany. This is demonstrated by Rapid7’s new National Exposure Index, an annual ranking that examines the extent to which countries around the world are at risk of active cyber attacks. For the study, Rapid7s security researchers scoured the entire Internet for TCP / IP services that, for example, are not secured with modern encryption methods or offer…