VoIP Tech Chat

I r muzikal n delishus

1spam n. \ˈspam\  unsolicited usually commercial e-mail sent to a large number of addresses

Millions of dollars are spent every year by companies and individuals combating spam. Spam filters, email systems with integrated spam management, reviewing spam emails for real emails that got inappropriately flagged, storing spam, deleting spam, reporting spam, it all adds up.

Read the rest of this entry »

Fanatical Support

Got Rackspace? Got WordPress? If so… you may just have a problem.

We’ve been getting calls today from Rackspace clients (hosting WordPress sites) that have been compromised similarly to the GoDaddy hack a few weeks back. The Unmask Parasites Blog has an excellent article on the attack posted on their, well, their blog.

There are some huge sites that have been hit, and some not-so-large as well (we personally were hit by an earlier attack). In the “Is Cloud the answer” debates, this will surely become an example of how a compromise in the cloud, can devastate an entire farm.

Update 6/19/2010

Shortly after this article was initially posted, Rackspace via their Rackcloud Twitter account posted the following message: Read the rest of this entry »

Whoops. My bad.

LifeLock promises to “take control” of your identity — they just don’t tell you who gets to take control. Patrick and I chatted a while back about Todd Davis, the CEO of LifeLock, and how his ads promoting the ability of his company to protect identity, actually helped with the theft of his own. Back in 2007, a gentleman in Texas had used Davis’ identity to obtain a $500.00 without Davis’ knowledge. In fact, Davis only had learned about it after the unpaid loan was sold to a debt collection agency — but that’s old news.

Today, thanks to the Phoenix News Times, we learn that Davis had his identity stolen a grand total of 13 times. Or, at least 13 times that we know of.

With attention grabbing ads that published Davis’ Social Security Number, LifeLock caught the attention of many customers; as well as the FTC — who accused the company of running a scam operation and fined them $12 million dollars.

Additional Reading

• Cracking LifeLock: Even After a $12 Million Penalty for Deceptive Advertising, the Tempe Company Can’t Be Honest About Its Identity-Theft-Protection Service (Phoenix New Times)
• Lifelock Dinged $12 Million for Deceptive Business Practices (wired.com)

Attacks from the cloud.

Just over a month ago, we reported that SIP attacks from the Amazon EC2 cloud were on the rise. While the attacks we received last month were limited to “extension only” registration attempts, one of the attacks we received this morning included what we assume was a standard dictionary attack.

The first attack came from 204.236.245.101. In less than 60 seconds, this IP attempted more than 11,500 registrations against our server. Most of these were 4 digit extensions (download the log (zipped) here). The second attack came from 184.73.4.183. In less than 90 seconds, this IP attempted more than 21,000 registrations against our server; including what we think is a standard dictionary attack complete with root, postmaster, pixadmin, etc. (download the log (zipped) here).

Read the rest of this entry »

Our Hero

Early humans found hollowed out rocks to turn into homes, originating the term “Cave men”. ¹ This constraint made community difficult, so humans advanced to creating homes from natural materials, such as wood. Primitive homes were modeled on the cave, with nothing but some closed walls and an uncovered opening. Thousands of years of evolution lead us to create doors that open, close, and lock, and windows that allow us to see out and in, then glass to keep what’s out out and what’s in in, then curtains to cover what’s both out and in. In the end, we have the same caves we had before, with our darkness and privacy. Read the rest of this entry »

Or cleverly disguised secret agent for the video phone revolution?

I R Eatz U R Dataz!

I love my netbook. I love my netbook so much, I have two of them (okay, one is the wife’s). Surprisingly, I managed to survive months on nothing but my netbook doing fairly intensive SQL / VoIP / Web work. The hard drive is a little slow, but the overall performance is outstanding.

When I travel, I can use Skype to video chat with the built in webcam and get great quality (both ways) for both picture and sound. It’s like a giant smart phone. It reminds me of the $1000+ “video phones” that were supposed to be the future of talking on the phone… then people realized they really didn’t want to “get pretty” to use the phone. Now, for around $250 a unit, you can have that and so much more.

Read the rest of this entry »

Whoops. Our Bad.

McAfee released a “faulty update” this morning causing the security program to believe a good file had gone bad. In what the company calls a “False Positive Issue,” the anti-virus software identifies a good windows file, svchost.exe, as the W32/Wecorl.a virus; causing the system to continuously reboot and lose network access.

At the University Hospital in Syracuse, NY 2,500 computers were affected; however the hospital stated that patient care was not compromised. Other public service/safety organizations were also impacted, including the Kentucky State Police, the National Science Foundation, and Illinois State University.

Read the rest of this entry »

Despite rumors, Princeton has not banned the iPad from campus. It has however, found a bug (and workaround) with Apple’s latest device.

Describing what they feel is a bug with the iPad’s operating system, Princeton recently announced (via their Knowledge Base):

Network monitoring has shown that many iPad devices have caused a problem on the campus network. These devices continue to use an IP address they have been leased well beyond the time they should. (In technical terms, the device’s DHCP client software stops renewing its lease, but the device keeps using the IP address after the DHCP lease expires. This is not a WiFi issue.) This behavior causes a disruption on the campus network.

Read the rest of this entry »

Time for the negotiator

A recent incident (ok 2 recent incidents) shows how scary dependence on DNS can be. Hosted VoIP solutions are particularly prone to hijacking attacks / errors.

From BGPmon.net:

This morning many BGPmon.net users received an alert regarding a possible prefix hijack by AS23724. Normally AS23724 CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation only originates about 40 prefixes, however today for about 15 minutes they originated about ~37,000 unique prefixes that are not assigned to them. This is what we typically call a prefix hijack. This incident follows another concerning incident from China 2 weeks ago.

Although it seems they have leaked a whole table, only about 10% of these prefixes propagated outside of the Chinese network. These include prefixes for popular websites such as dell.com, cnn.com, www.amazon.de, www.rapidshare.com and www.geocities.jp.

A large number of networks impacted this morning were actually Chinese networks. These include some popular Chinese website such as www.joy.cn , www.pconline.com.cn , www.huanqiu.com, www.tianya.cn and www.chinaz.com. A list of all prefixes that were announced/hijacked can be found here

Read the full article at BGPmon.net.

Comcast fought the law, and the law lost. In a big win for Comcast and a big loss for net neutrality advocates, a Federal Appeals court ruled that the FCC lacks the authority to regulate how an internet provider handles network traffic. The case stemmed from an order in 2008 prohibiting Comcast from blocking bit-torrent traffic.

The 36 page ruling written by Judge Tatel (download here), cites many cases and regulations concerning both the FCC and their powers. While acknowledging that Congress gave the FCC broad powers to regulate rapidly changing technology, the Court stated that the FCC failed to tie it’s authority to regulate Comcast’s Internet service to any “statutorily mandated responsibility.”

Although I wished to have a stronger decision for Net Neutrality, I do welcome the reigning in of the FCC. It’s a lose/lose case (in my humble opinion). Either Comcast loses and the FCC grows stronger. Or Comcast wins and Net Neutrality grows weaker. Can’t say that the Average Joe would have won in the long run either way.

Additional Information:

• Download the Court ruling (VoIP Tech Chat)
• Court: FCC has no power to regulate Net Neutrality (cNet)
• US court rules against FCC on ‘net neutrality’ (AP via Yahoo!)