December 2011 archive

The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoIP Security?”


Does anyone really care about VoIP security? Why should they? What are the main issues? At the 2011 Real-Time Communications Conference sponsored by the Illinois Institute of Technology (IIT), Dan York spoke about all these questions and gave a view of the overall state of the industry. A video recording of the Oct 5, 2011, session will be available and will be able to be found at http://www.voipsa.org/blog/ when it is ready.

The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoIP Security?”


Does anyone really care about VoIP security? Why should they? What are the main issues? At the 2011 Real-Time Communications Conference sponsored by the Illinois Institute of Technology (IIT), Dan York spoke about all these questions and gave a view of the overall state of the industry. A video recording of the Oct 5, 2011, session will be available and will be able to be found at http://www.voipsa.org/blog/ when it is ready.

New Github for Mac 1.1 Release Nov 23rd…

GitHubforMac

I just noticed yesterday that a new version of Github for Mac was released on November 23rd. The blog post about the 1.1 release highlights the major changes as:

  • The “Changes” view has been completely redesigned.
  • The ability from the GUI to commit individual lines of code.
  • A “Commit & Sync” feature so that you have just one step to get your code on Github (or wherever it is hosted).
  • Full screen support for Lion.
  • Tracking repositories if they are moved or renamed.

I’ve gone ahead and downloaded Mac for Github 1.1 and am looking forward to seeing how it works.

P.S. And yes, being perhaps old-skool, I mostly use the command line to work with git. But there are times when a GUI is nice, particularly when looking at changes between versions.

New version 0.1.3 of Tropo-webapi-python: Build Tropo voice/SMS/IM/Twitter apps using python

Tropo Logo

My former colleague Justin Dupree just posted a new version of the Tropo-webapi-python package to Pypi at:

http://pypi.python.org/pypi/tropo-webapi-python/

To install the package, assuming you have pip installed, you should be able to just type:

pip install tropo-webapi-python

and then you can get started building Tropo applications that use voice, SMS, IM or Twitter as channels to communicate with people. The documentation for the Tropo WebAPI provides a full explanation of the API and also sample applications. Samples are also provided in the distribution.

The “tropo-webapi-python” package lives on Github at:

https://github.com/tropo/tropo-webapi-python

and those of you wanting to live on the edge can simply clone the repository from Github and use it there.

I’ll also mention that at this point I’ve completely stepped away from the maintenance of this ‘tropo-webapi-python’ package (as I’m no longer with Voxeo) and Justin and the Voxeo Labs team are now maintaining the package.

Have fun with it! I definitely enjoy creating Tropo apps using python!

What Is The Future of the PSTN? FCC Holding Workshops Dec 6th and 14th

FCC logoWhat is the future of the Public Switched Telephone Network (PSTN)? As we transition away from traditional telecom technologies to a world based on IP communications, what are the policy, technical and economic implications?

As I recently wrote over on CircleID, the United States Federal Communications Commission (FCC) is holding two workshops on this topic of what comes next for the PSTN.

The first workshop, tomorrow, December 6, 2012, will cover "what obstacles and opportunities the transition may create regarding public safety, accessibility, and ubiquitous service".

The second workshop on December 14, 2012, will cover "a wide array of economic, technological, and policy issues that need to be addressed as consumers choose to subscribe to, and rely on, new technologies and services."

The FCC's Public Notice about these PSTN Transition Workshops contains information about how to attend, both in person and via the FCC's live stream at http://www.fcc.gov/live.

The meeting tomorrow will begin at 9:00 am US Eastern time.

If you are in the Washington, DC, area and able to get to these workshops, it may be a great opportunity to join with others in expressing to the FCC a vision for what we want for the post-PSTN communications infrastructure.


If you found this post interesting or useful, please consider either:


Borders, In Bankruptcy, Aims To Sell 65,536 IPv4 Addresses at $12/Address (Featured Blog)

With IPv4 address exhaustion upon us, it appears that the going market rate for IPv4 addresses is now $12/address. Over at the Register, Kevin Murphy reports on a bankruptcy filing from Borders seeking to sell a /16 block of to healthcare software vendor Cerner for a total of $786,432. At $12 per IPv4 address, this sets a new public record given that the previous high was Microsoft's acquisition of a block of Nortel IPv4 addresses... More...

Unix Turns 40 – And IEEE Provides a Historical Look Back

Ieee spectrum

As the Unix operating system turns 40 this year, writer Warren Toomey published an excellent historical piece in this month’s IEEE spectrum:

The Strange Birth and Long Life of Unix: The classic operating system turns 40, and its progeny abound

I’ve been using Unix myself in various forms since the mid-1980’s. Much of my time was, of course, spent in the land of Linux… but even now I’m writing this post on an operating system that evolved out of that early Unix work (Mac OS X).

It is very hard to understate the role that Unix has played in our technology history… and this post provides some nice stories from those early days.

Well worth a read… (I say while stroking my beard that is now definitely grey… 🙂

Today’s VUC Call – Philippine Phone Phreaking Funding Terrorists

For those interested in telecommunications security, today's (Dec 2, 2011) VoIP Users Conference (VUC) call at 12 noon US Eastern will cover the recent arrests of 4 Philippine men who defrauded AT&T of close to $2 million and were employed by an alleged terrorist organization who was using the proceeds of the scam to fund their activities.

Eric Klein of Humbug Labs will be the guest on the VUC call discussing this and other fraud issues. It should be an interesting discussion.

You can join the live call via SIP, Skype or the regular old PSTN. There is also an IRC backchannel that gets heavy usage during the call. It will be recorded so you can always listen later.


If you found this post interesting or useful, please consider either:


Philippine Phone Phreakers Arrested After Funding Terrorists

CIDG

One of the big news items in telecom security this past week was the arrest in Manila of 4 men accused of defrauding AT&T of almost $2 million USD and then using those funds to finance a terrorist organization. The Philippine National Police issued a statement (annoyingly you have to scroll down to the “November 24, 2011″ entry) that explained the terrorist link:

Sosa said that Kwan and the other hackers in Manila were being used by the Zamir’s terrorists group to hack the trunk-line (PBX) of different telecommunication companies including the AT&T. Revenues derived from the hacking activities of the Filipino-based hackers were diverted to the account of the terrorists, who paid the Filipino hackers on a commission basis via local banks.

The joint operation between the Philippine Criminal Investigation and Detection Group (CIDG) and the US FBI is per the statement a result of a long-standing effort within the FBI to combat this kind of fraud.

It’s not clear yet exactly how the fraud was perpetrated and whether or not there was any “VoIP” involved. Ars Technica, in a lengthy piece, “How Filipino phreakers turned PBX systems into cash machines for terrorists, indicates that the attackers used traditional attacks against PBXs to compromise voicemail systems that allow outbound calling (DISA) and then passed that list of compromised PBXs along to others who sold this access as a way to cheaply call into premium rate services (similar to 900-numbers in the US).

There’s also a note in the Ars Technica article that the attackers used good old default passwords to get into many of these PBXs. :-( Assuming the prosecutions move forward we will hopefully learn more as the cases go to trial.

Regardless of the precise mechanism, it’s a great reminder that people need to check the traditional security mechanisms of their PBX systems, and REMOVE/CHANGE default passwords!

If you are interested in discussing this case, it will be the topic of today’s (Dec 2, 2011) Voip Users Conference (VUC) call at 12 noon US Eastern. All are welcome to join – or to listen to the conversation later once the recording is posted.

Goodbye Black Bar, Hello Grey Bar – Google+ Gets a Visual Update

Logging into Google+ today I was immediately drawn to the new visual look:

Google+Grey

Quite a departure from the "black bar" that we've come to expect from Google+. Here's what it looked like yesterday - and interestingly still looks like on another computer of mine (I'm guessing there is a browser refresh issue there):

Old Google+ look

You'll note that in the old style of header, you had quick access to other Google services. This has now been moved to a drop-down menu when you hover over the "Google+" logo in the upper right:

Google+dropdown 1

This is all part of Google's overall effort to bring a stronger visual identity and simpler user interface across its various products and services.

So far in brief period of using it, I like the new redesign. How about you? What do you think?

P.S. If we aren't already connected on Google+, how about adding me to a circle on Google+?


If you found this post interesting or useful, please consider either: