May 2011 archive
As I note in that blog post, this wasn't a "VoIP security" attack as much as it was a social engineering attack. This group went to rather remarkable lengths to convince ITSPs that they were legitimate businesses to whom the ITSPs should extend credit... and then they abused that credit once it was given.
In the book, I talk about these issues of both fraud and social engineering. From a protection point-of-view, this latest fraud case really highlights the uncertainties in the "SIP Trunking" space (a topic I focused on in Chapter 5) and the need to perform adequate due diligence on the ITSPs from whom you are purchasing SIP connectivity. (Although, admittedly, this particular group went to such lengths that it is not surprised they duped do many companies.)
The reality is that as the market for Unified Communications and IP communications continues to grow and expand, it will only become more tempting for scammers and thieves... so I expect we'll see even more fraud cases in the time ahead.
If you are a Github user and also interested in building SMS apps, please feel free to “watch” that repo and follow along with my own experiments. Code will probably be a mixture of python and Node.js, with occasional other languages thrown in.
In the process of writing about the site that lets you run Linux in your web browser, I learned about Skulpt.org that is essentially the same idea only for a python command line.
The demo at www.skulpt.org is pretty cool… just modify the python code in the screen and press Ctrl+Enter to execute the code and have the output appear in the box below.
I haven’t installed it myself… again, like the “Linux in your browser” experiment, I think this is very cool but I’m not entirely sure where I’d personally ever use. Still, I’m very glad people build projects like this – if for no other reason than showing that this could be done!
By way of a Hacker News post, I learned of this great post by Greg Bayer:
I’ve actually had a couple of cases where I’ve wanted to move some files and keep the history. I couldn’t easily figure it out and opted to just copy the files into the new repo and lose the history. This looks like a workable solution instead. Thanks to Greg Bayer for writing it up.
P.S. a comment to the HN post also mentions this “git-subtree” tool, which does look interesting.
Today Voxeo launched SMSified a new service that lets you use a really simple RESTful API to send text messages within the US for only 1 cent per message. I and other colleagues have been writing about SMSified on the SMSified blog and after writing a tutorial about using SMSified with curl, I figured I’d play around with python a bit and code up an example of sending a SMS via python.
So here it is… stored up in my Github account, but also here:
# Really simple python app for playing with sending SMS messages
# via SMSified – http://www.smsified.com/
# Created by Dan York – May 2011
senderid = "dandemo" #SMSified account
password = "notmyrealpassword" #SMSified password
sendernum = "5853260800" #SMSified phone number
apiurl = "https://"+senderid+":"+password+"@api.smsified.com/v1/
address = "14079678424" # Phone num to which you want to send
message = "Hello there" # Whatever msg you want to send
data = urllib.urlencode(((‘address’,address),(‘message’,message)))
f = urllib.urlopen(apiurl,data)
As you can see in the code, there are really only three lines of importance: the one building “apiurl”; the one urlencoding the data; and the one opening the URL. The rest are really just for the convenience of using variables.
The final line simply prints out the info included in the result JSON. I was going to (and still may) make that print out prettier or say something more… and if you are reading this sometime in the future, the version on Github may have already morphed and evolved into something different. The point is that now that you get JSON back, you can parse it and start to take action on it.
Anyway, this was just a quick sample app to experiment with SMSified. If you have checked out the new service, it’s free to set up a developer account and currently is free entirely during the beta period.
 In full disclosure, Voxeo is my employer.
Watch the boot sequence… and… ta da… you’ve got a Linux root prompt! Use basic Linux commands, edit files with vi, compile apps in C using “tcc”.
Also check out:
- Hacker News discussion about this tool
- Fabrice Bellard’s home page showing his other tools
- Article about him: “Fabrice Bellard: Portrait of a Superproductive Programmer”