Dan York

Just a guy in Vermont trying to connect all the dots...

Author's posts

Dec 07

The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoIP Security?”


Does anyone really care about VoIP security? Why should they? What are the main issues? At the 2011 Real-Time Communications Conference sponsored by the Illinois Institute of Technology (IIT), Dan York spoke about all these questions and gave a view of the overall state of the industry. A video recording of the Oct 5, 2011, session will be available and will be able to be found at http://www.voipsa.org/blog/ when it is ready.

Dec 07

New Github for Mac 1.1 Release Nov 23rd…

GitHubforMac

I just noticed yesterday that a new version of Github for Mac was released on November 23rd. The blog post about the 1.1 release highlights the major changes as:

  • The “Changes” view has been completely redesigned.
  • The ability from the GUI to commit individual lines of code.
  • A “Commit & Sync” feature so that you have just one step to get your code on Github (or wherever it is hosted).
  • Full screen support for Lion.
  • Tracking repositories if they are moved or renamed.

I’ve gone ahead and downloaded Mac for Github 1.1 and am looking forward to seeing how it works.

P.S. And yes, being perhaps old-skool, I mostly use the command line to work with git. But there are times when a GUI is nice, particularly when looking at changes between versions.

Dec 06

New version 0.1.3 of Tropo-webapi-python: Build Tropo voice/SMS/IM/Twitter apps using python

Tropo Logo

My former colleague Justin Dupree just posted a new version of the Tropo-webapi-python package to Pypi at:

http://pypi.python.org/pypi/tropo-webapi-python/

To install the package, assuming you have pip installed, you should be able to just type:

pip install tropo-webapi-python

and then you can get started building Tropo applications that use voice, SMS, IM or Twitter as channels to communicate with people. The documentation for the Tropo WebAPI provides a full explanation of the API and also sample applications. Samples are also provided in the distribution.

The “tropo-webapi-python” package lives on Github at:

https://github.com/tropo/tropo-webapi-python

and those of you wanting to live on the edge can simply clone the repository from Github and use it there.

I’ll also mention that at this point I’ve completely stepped away from the maintenance of this ‘tropo-webapi-python’ package (as I’m no longer with Voxeo) and Justin and the Voxeo Labs team are now maintaining the package.

Have fun with it! I definitely enjoy creating Tropo apps using python!

Dec 05

What Is The Future of the PSTN? FCC Holding Workshops Dec 6th and 14th

FCC logoWhat is the future of the Public Switched Telephone Network (PSTN)? As we transition away from traditional telecom technologies to a world based on IP communications, what are the policy, technical and economic implications?

As I recently wrote over on CircleID, the United States Federal Communications Commission (FCC) is holding two workshops on this topic of what comes next for the PSTN.

The first workshop, tomorrow, December 6, 2012, will cover "what obstacles and opportunities the transition may create regarding public safety, accessibility, and ubiquitous service".

The second workshop on December 14, 2012, will cover "a wide array of economic, technological, and policy issues that need to be addressed as consumers choose to subscribe to, and rely on, new technologies and services."

The FCC's Public Notice about these PSTN Transition Workshops contains information about how to attend, both in person and via the FCC's live stream at http://www.fcc.gov/live.

The meeting tomorrow will begin at 9:00 am US Eastern time.

If you are in the Washington, DC, area and able to get to these workshops, it may be a great opportunity to join with others in expressing to the FCC a vision for what we want for the post-PSTN communications infrastructure.

If you found this post interesting or useful, please consider either:

Dec 05

Borders, In Bankruptcy, Aims To Sell 65,536 IPv4 Addresses at $12/Address (Featured Blog)

With IPv4 address exhaustion upon us, it appears that the going market rate for IPv4 addresses is now $12/address. Over at the Register, Kevin Murphy reports on a bankruptcy filing from Borders seeking to sell a /16 block of to healthcare software vendor Cerner for a total of $786,432. At $12 per IPv4 address, this sets a new public record given that the previous high was Microsoft's acquisition of a block of Nortel IPv4 addresses... More...

Dec 02

Unix Turns 40 – And IEEE Provides a Historical Look Back

Ieee spectrum

As the Unix operating system turns 40 this year, writer Warren Toomey published an excellent historical piece in this month’s IEEE spectrum:

The Strange Birth and Long Life of Unix: The classic operating system turns 40, and its progeny abound

I’ve been using Unix myself in various forms since the mid-1980’s. Much of my time was, of course, spent in the land of Linux… but even now I’m writing this post on an operating system that evolved out of that early Unix work (Mac OS X).

It is very hard to understate the role that Unix has played in our technology history… and this post provides some nice stories from those early days.

Well worth a read… (I say while stroking my beard that is now definitely grey… 🙂

Dec 02

Today’s VUC Call – Philippine Phone Phreaking Funding Terrorists

For those interested in telecommunications security, today's (Dec 2, 2011) VoIP Users Conference (VUC) call at 12 noon US Eastern will cover the recent arrests of 4 Philippine men who defrauded AT&T of close to $2 million and were employed by an alleged terrorist organization who was using the proceeds of the scam to fund their activities.

Eric Klein of Humbug Labs will be the guest on the VUC call discussing this and other fraud issues. It should be an interesting discussion.

You can join the live call via SIP, Skype or the regular old PSTN. There is also an IRC backchannel that gets heavy usage during the call. It will be recorded so you can always listen later.

If you found this post interesting or useful, please consider either:

Dec 02

Philippine Phone Phreakers Arrested After Funding Terrorists

CIDG

One of the big news items in telecom security this past week was the arrest in Manila of 4 men accused of defrauding AT&T of almost $2 million USD and then using those funds to finance a terrorist organization. The Philippine National Police issued a statement (annoyingly you have to scroll down to the “November 24, 2011″ entry) that explained the terrorist link:

Sosa said that Kwan and the other hackers in Manila were being used by the Zamir’s terrorists group to hack the trunk-line (PBX) of different telecommunication companies including the AT&T. Revenues derived from the hacking activities of the Filipino-based hackers were diverted to the account of the terrorists, who paid the Filipino hackers on a commission basis via local banks.

The joint operation between the Philippine Criminal Investigation and Detection Group (CIDG) and the US FBI is per the statement a result of a long-standing effort within the FBI to combat this kind of fraud.

It’s not clear yet exactly how the fraud was perpetrated and whether or not there was any “VoIP” involved. Ars Technica, in a lengthy piece, “How Filipino phreakers turned PBX systems into cash machines for terrorists, indicates that the attackers used traditional attacks against PBXs to compromise voicemail systems that allow outbound calling (DISA) and then passed that list of compromised PBXs along to others who sold this access as a way to cheaply call into premium rate services (similar to 900-numbers in the US).

There’s also a note in the Ars Technica article that the attackers used good old default passwords to get into many of these PBXs. :-( Assuming the prosecutions move forward we will hopefully learn more as the cases go to trial.

Regardless of the precise mechanism, it’s a great reminder that people need to check the traditional security mechanisms of their PBX systems, and REMOVE/CHANGE default passwords!

If you are interested in discussing this case, it will be the topic of today’s (Dec 2, 2011) Voip Users Conference (VUC) call at 12 noon US Eastern. All are welcome to join – or to listen to the conversation later once the recording is posted.

Dec 01

Goodbye Black Bar, Hello Grey Bar – Google+ Gets a Visual Update

Logging into Google+ today I was immediately drawn to the new visual look:

Google+Grey

Quite a departure from the "black bar" that we've come to expect from Google+. Here's what it looked like yesterday - and interestingly still looks like on another computer of mine (I'm guessing there is a browser refresh issue there):

Old Google+ look

You'll note that in the old style of header, you had quick access to other Google services. This has now been moved to a drop-down menu when you hover over the "Google+" logo in the upper right:

Google+dropdown 1

This is all part of Google's overall effort to bring a stronger visual identity and simpler user interface across its various products and services.

So far in brief period of using it, I like the new redesign. How about you? What do you think?

P.S. If we aren't already connected on Google+, how about adding me to a circle on Google+?

If you found this post interesting or useful, please consider either:

Dec 01

Google+ Turns Hangouts Into a Free Conference Calling Service With Free Voice Calls in US and Canada

Fascinating move by Google today... Google+ now allows you to add voice-only phone calls into a "Hangout", allowing you to create conference calls of both video and voice participants. Announced by Googler Jarkko Oikarinen, it is available inside of "Hangout with extras" and allows voice calls out to US and Canadian numbers for free.

When I launched a Hangout (with extras) and then chose the link to invite others, I was presented with an extremely simple screen to add a voice call:

Googleplusinviteothers

Once the participant had joined, they showed up in the hangout screen above the video participants (only me in this trial case):

Google Plus Hangout With Voice

No word that I've seen yet on a maximum number of people that can be conferenced into a Google+ Hangout, but I'm sure someone will try that out shortly and we'll have an answer.

UPDATE: Jarkko Oikarinen has clarified in a comment to his post that "each hangout participant can have at most two simultaneous PSTN calls ongoing." From that wording I'm guessing that I could call out to 2 people on the PSTN, and another participant could call out to two more, and so on...

Calls are limited to the US and Canada, although TechCrunch is reporting that Google recommends Google Voice for low rates on international calls.

Now, mixing voice and video calls together is not something dramatically new. Skype has done this for quite some time now within their Group Video Calling service. Still, it's a cool step forward for Google+ and may provide an way to get more people using the Hangouts service.

At the very least, it may provide a way for some of the folks using Hangouts as a way of hosting regular video podcasts to include guests or callers who are not able to establish a video connection or use Hangouts directly. I'm thinking particularly of people who may be mobile or in places with low bandwidth. Or just simply a guest who doesn't want to use video or isn't a user of Google+.

Free conference calls?

I suspect some folks may certainly use this as a way to create free conference calls. As I proved in my own testing, only the originator of the Hangout needs to use the Hangouts feature of Google+. He or she can then simply call everyone else and bring them into the conference call.

However, given that

  1. you can't yet choose from a list of contacts and have to instead enter each phone number individually; and

  2. people can't call in to the hangout; and

  3. per the update above, each participant can only conference in 2 PSTN callers.

I don't expect people to instantly stop using the zillion conference calling services out there. However, it certainly shows a sign of Google's direction and given the rate of change within Google+ I wouldn't be surprised to see enhancements to, for instance, at least store phone numbers coming at some point soon.

It would be very cool if there was a way to start a Hangout with a Circle... and have Google+ automagically connect out everyone in the circle via either video or phone... but who knows, that may come, too!

P.S. And if you are on Google+, why not add me to a circle if you haven't already done so?

If you found this post interesting or useful, please consider either: