Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: When is your VM not your VM? - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
When is your VM not your VM?

When your provider seems to own it?

A reader sent us a link to a story which ends well, a gentleman who's spouse had passed away had asked his VM provider to restore the greeting she had made. My first reaction was isn't that wonderful! Then Darren and I started to discuss the implications. The original story is here.

  1. Who owns your voicemail?
  2. if you delete a VM message, is it deleted?
  3. If you delete a VM, can it be restored if you ask?
  4. Who authorized the backups of my VM?
  5. Are the backups subpoenable?
  6. Do providers adequately authenticate requests to retrieve VM?
  7. What logs are kept of such requests?

 I think we have only scratched the surface of the privacy and security implications raised by this case.

Adrien de Beaupré
Bell Canada

I will be teaching next: Intrusion Detection In-Depth - SANS Cyber Defence Australia 2022

Adrien de Beaupre

353 Posts
ISC Handler
Mar 19th 2008

Sign Up for Free or Log In to start participating in the conversation!