Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: When is your VM not your VM? - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
When is your VM not your VM?

When your provider seems to own it?

A reader sent us a link to a story which ends well, a gentleman who's spouse had passed away had asked his VM provider to restore the greeting she had made. My first reaction was isn't that wonderful! Then Darren and I started to discuss the implications. The original story is here.

  1. Who owns your voicemail?
  2. if you delete a VM message, is it deleted?
  3. If you delete a VM, can it be restored if you ask?
  4. Who authorized the backups of my VM?
  5. Are the backups subpoenable?
  6. Do providers adequately authenticate requests to retrieve VM?
  7. What logs are kept of such requests?

 I think we have only scratched the surface of the privacy and security implications raised by this case.

Cheers,
Adrien de Beaupré
Bell Canada

Adrien de Beaupre

353 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!