VoIP Tech Chat

I do love their logo.

Ward Mundy, of Nerd Vittles / PBX in a Flash fame, warns of a FreePBX Security Vulnerability allowing a system to be compromised simply by displaying a CDR report in the FreePBX browser.

There is a very serious security vulnerability that needs to be patched by loading the very latest version of FreePBX Framework as soon as it becomes available for your version of FreePBX. Just displaying a CDR report in the FreePBX browser could compromise your system.

The 2.5 and 2.6 patches already have been released and probably 2.7 as well. Load this patch IMMEDIATELY!!!

Setup, Module Admin, Check for Updates on Line, Upgrade All

2.5.2.3: #4223 Security Vulnerability
2.6.0.2: #3805, #3707, #4188, #4223 Security Vulnerability

For more information, check out the PBX in a Flash Forum.

Or cleverly disguised secret agent for the video phone revolution?

I R Eatz U R Dataz!

I love my netbook. I love my netbook so much, I have two of them (okay, one is the wife’s). Surprisingly, I managed to survive months on nothing but my netbook doing fairly intensive SQL / VoIP / Web work. The hard drive is a little slow, but the overall performance is outstanding.

When I travel, I can use Skype to video chat with the built in webcam and get great quality (both ways) for both picture and sound. It’s like a giant smart phone. It reminds me of the $1000+ “video phones” that were supposed to be the future of talking on the phone… then people realized they really didn’t want to “get pretty” to use the phone. Now, for around $250 a unit, you can have that and so much more.

Read the rest of this entry »

Whoops. Our Bad.

McAfee released a “faulty update” this morning causing the security program to believe a good file had gone bad. In what the company calls a “False Positive Issue,” the anti-virus software identifies a good windows file, svchost.exe, as the W32/Wecorl.a virus; causing the system to continuously reboot and lose network access.

At the University Hospital in Syracuse, NY 2,500 computers were affected; however the hospital stated that patient care was not compromised. Other public service/safety organizations were also impacted, including the Kentucky State Police, the National Science Foundation, and Illinois State University.

Read the rest of this entry »

Despite rumors, Princeton has not banned the iPad from campus. It has however, found a bug (and workaround) with Apple’s latest device.

Describing what they feel is a bug with the iPad’s operating system, Princeton recently announced (via their Knowledge Base):

Network monitoring has shown that many iPad devices have caused a problem on the campus network. These devices continue to use an IP address they have been leased well beyond the time they should. (In technical terms, the device’s DHCP client software stops renewing its lease, but the device keeps using the IP address after the DHCP lease expires. This is not a WiFi issue.) This behavior causes a disruption on the campus network.

Read the rest of this entry »

Last year, the Senate passed the Truth in Caller ID Act of 2009 (S. 30 passed unanimously) and this year, the House moved forward on their own version. Of course, moving at the speed of government, the House passed the Truth in Caller ID Act of 2010.

Truth in Caller ID Act of 2009 – Amends the Communications Act of 1934 to make it unlawful for any person in the United States, in connection with any telecommunication service or VOIP (voice over Internet protocol) service, to cause any caller identification service to transmit misleading or inaccurate caller identification information (“spoofing”) with the intent to defraud or cause harm. Prohibits construing these provisions to prevent blocking caller identification or to authorize or prohibit law enforcement or U.S. intelligence agency activities.

Read the rest of this entry »

Attacks from the cloud.

Update #1: 12 APR 2010. Amazon NOC’s response.
Update #2: 12 APR 2010. Amazon Statement.
Update #3: 13 APR 2010. Amazon Response.

Complaints of rampant SIP Brute Force Attacks coming from servers with Amazon EC2 IP Addresses cause many admins to simply drop all Amazon EC2 traffic. Generally, SIP brute force attacks attempt to register various peer names to a system and/or attempt to guess passwords of known/guesses peers or endpoints.

The complaints mentioned this weekend show an excessive amount of traffic; with some providers claiming 6GB of traffic dedicated to such attacks. Since we ourselves received an attack from an Amazon hosted server, we also reported and complained to the Amazon NOC/Abuse depts. As of this posting, no response or acknowledgement has been received from Amazon. The response from Amazon is below. Read the rest of this entry »

Time for the negotiator

A recent incident (ok 2 recent incidents) shows how scary dependence on DNS can be. Hosted VoIP solutions are particularly prone to hijacking attacks / errors.

From BGPmon.net:

This morning many BGPmon.net users received an alert regarding a possible prefix hijack by AS23724. Normally AS23724 CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation only originates about 40 prefixes, however today for about 15 minutes they originated about ~37,000 unique prefixes that are not assigned to them. This is what we typically call a prefix hijack. This incident follows another concerning incident from China 2 weeks ago.

Although it seems they have leaked a whole table, only about 10% of these prefixes propagated outside of the Chinese network. These include prefixes for popular websites such as dell.com, cnn.com, www.amazon.de, www.rapidshare.com and www.geocities.jp.

A large number of networks impacted this morning were actually Chinese networks. These include some popular Chinese website such as www.joy.cn , www.pconline.com.cn , www.huanqiu.com, www.tianya.cn and www.chinaz.com. A list of all prefixes that were announced/hijacked can be found here

Read the full article at BGPmon.net.

Comcast fought the law, and the law lost. In a big win for Comcast and a big loss for net neutrality advocates, a Federal Appeals court ruled that the FCC lacks the authority to regulate how an internet provider handles network traffic. The case stemmed from an order in 2008 prohibiting Comcast from blocking bit-torrent traffic.

The 36 page ruling written by Judge Tatel (download here), cites many cases and regulations concerning both the FCC and their powers. While acknowledging that Congress gave the FCC broad powers to regulate rapidly changing technology, the Court stated that the FCC failed to tie it’s authority to regulate Comcast’s Internet service to any “statutorily mandated responsibility.”

Although I wished to have a stronger decision for Net Neutrality, I do welcome the reigning in of the FCC. It’s a lose/lose case (in my humble opinion). Either Comcast loses and the FCC grows stronger. Or Comcast wins and Net Neutrality grows weaker. Can’t say that the Average Joe would have won in the long run either way.

Additional Information:

• Download the Court ruling (VoIP Tech Chat)
• Court: FCC has no power to regulate Net Neutrality (cNet)
• US court rules against FCC on ‘net neutrality’ (AP via Yahoo!)

Great cast, ok movie.

That phone call I got, it came from outside high walls and fancy gates; it comes from a place you know about maybe from the movies. But I come from out there, and everybody out there knows, everybody lies: cops lie, newspapers lie, parent’s lyin’. The one thing you can count on – word on the street… yeah, that’s solid. — Suicide Kings

Word on the street tells us that Microsoft plans to “unveil” their new phones (code-name PINK) on April 12th. The phones, rumored to be manufactured by the Danger team, will be aimed at a “younger” crowd and we expect features such as Facebook integration, social media connectivity, and music to be heavily marketed. Of course, we still haven’t forgotten the T-Mobile Sidekick/Danger fiasco…

The April 12th date follows the highly expected iPhone OS 4.0 release from Apple. Looks like April’s showers may make for a big May.

Suggested Readings:

• Microsoft to unveil ‘Pink’ phones on April 12 (The Money Times)
• Microsoft “Pink” Phone to Launch April 12? (TG)
• Microsoft ‘Pink’ Phones Due Monday? (Information Week)

Got iPad?

As newspapers (what are those?), media outlets, and even tv sitcom’s have reported, this past weekend Apple’s iPad hit the shelves to every Apple fanboy’s and gadget aficionado’s delight. Come Monday, we now have our first reported issues.

Several users and news organizations report experiencing a much smaller wifi range when using the iPad compared to any other wifi device. Here’s an account from TechCrunch’s Michael Arrington:

Count me in as someone who’s having iPad Wifi issues as well. The device works fine near the router, but on the other side of the house, nada. But my Macbook pro and my Nexus One and other various devices I’ve brought into the house pick up wifi just fine in that area.

Early Macbook Air users complained of Wifi issues, too. I eventually abandoned the computer because the only place Wifi worked was in the Apple store, even though I was using Apple networking equipment at home.

So, are you one of the estimated 700,000 people who purchased an iPad this weekend? Are you experiencing any issues with wifi signal?

Suggested Reading

• Trouble In Paradise: iPad Users Complain Of Wifi Issues (TechCrunch)
• Report: Wi-Fi issues plague iPad owners (TG Daily)
• Apple iPad owners report Wi-Fi connection issues (Apple Insider)
• iPad Fail: Users Experiencing Issues (PC World)