Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

When is your VM not your VM?

Published: 2008-03-19
Last Updated: 2008-03-19 23:42:43 UTC
by Adrien de Beaupre (Version: 1)
0 comment(s)

When your provider seems to own it?

A reader sent us a link to a story which ends well, a gentleman who's spouse had passed away had asked his VM provider to restore the greeting she had made. My first reaction was isn't that wonderful! Then Darren and I started to discuss the implications. The original story is here.

  1. Who owns your voicemail?
  2. if you delete a VM message, is it deleted?
  3. If you delete a VM, can it be restored if you ask?
  4. Who authorized the backups of my VM?
  5. Are the backups subpoenable?
  6. Do providers adequately authenticate requests to retrieve VM?
  7. What logs are kept of such requests?

 I think we have only scratched the surface of the privacy and security implications raised by this case.

Cheers,
Adrien de Beaupré
Bell Canada

Keywords:
0 comment(s)
Diary Archives