VoIP Tech Chat

When my little girl went from being a benign, unmoving lump of sleeping, drooling baby to a terroristic unplugging, biting, chewing, eating, swallowing, gagging, breaking, pulling, tugging beast of a toddler, my home decor changed. When we moved into our excessive 4 bed / 2.5 bath home in 2007, we had dreams. We had a guest room, and a Disney room, and my home office taking up about 25% of the under A/C space. When the beast began terrorizing our home, we retreated into a fallback position and isolated her to the safest room in the house, my former office. I was relegated to Read the rest of this entry »

Note: You can play or download the MP3 audio of the “Telemarketer Torture” calls towards the end of the article.

When I first started working with VoIP, I began to hate telephony, and any and all things telephone related. This bothered me on many levels. You see, as a kid, I loved telephones. Growing up in the “big city,” pay phones seemed to be on every corner. Family stories talk about walking several blocks extra, just to avoid me seeing and wanting to play with a phone. But, as usual, I digress…

When I worked with an unnamed switch (let’s just say it rhymed with Broadmoft), I hated working with VoIP. I knew there had to be a better way and started playing with Asterisk. Soon, my memories of playing with phones started coming back and my love rekindled. Now, I look forward to working with phone systems, only because I truly feel that the use of a phone can only be limited by your imagination. And with companies like Twilio, Adhearsion, and Digium, the community of telephone developers seems only to grow.

With that long winded introduction, let’s discuss today’s topic — telemarketer torture. Read the rest of this entry »

Firefox has released version 3.5.1 to address a security flaw announced earlier this week. For more information, please read the post at Team Forrest.

How's the view up there?

Cloud Computing, the buzz phrase that won’t go away, attracts new users daily. The most common “cloud” approach uses resources, accessible through the public internet, as a service. Although this computing approach provides (generally) much higher rates of reliability and lower rollout cost, an organization looking to the cloud may find some grey skies on the security forecast.

Besides unknown physical access concerns to your data (as well as not truly knowing who can access your “system”), the main security risk resides with the end user. Take for example Twitter. For the third time this year, someone accessed sensitive corporate documents via an employee email account. If a password can be guessed, cracked, or obtained, chances are your security just became a little foggy (ok, no more cloud puns).

Storing sensitive information in the cloud (including your web accessible email accounts) seems to be the 2009 equivalent of leaving your briefcase on the front seat of your car parked in a very open driveway. The AP recently posted an article on the Twitter reference, and it’s not a bad read. Read the rest of this entry »

Our sponsor, Team Forrest, is reporting a serious security flaw in Firefox 3.5. The Zero-day exploit allows malicious javascript code to take control of a end-user.

For more information, please read the post at Team Forrest.

John Todd (with Digium) sent a great email on SIP Security. Although written towards the Asterisk audience, this email provides a very good guideline towards increasing your VoIP SIP Security. It’s a must read and reprinted here for your easy viewing.

In case any of you were wondering why there has been a fairly notable upswing in the attacks happening on SIP endpoints, the answer is “script kiddies.”  In the last few months, a number of new tools have made it easy for knuckle-draggers to attack and defraud SIP endpoints, Asterisk-based systems included.  There are easily-available tools that scan networks looking for SIP hosts, and then scan hosts looking for valid extensions, and then scan valid extensions looking for passwords.  You can take steps, NOW, to eliminate many of these problems.  I think the community is interested in coming up with an integrated Asterisk-based solution that is much wider in scope for dynamic protection (community-shared blacklists is the current thinking) but that doesn’t mean you should wait for some new tool to defend your systems.  You can IMMEDIATELY take fairly common-sense measures to protect your Asterisk server from the bulk of the scans and attacks that are on the increase. The methods and tools for protection already exists – just apply them, and you’ll be able to sleep more soundly at night.

Seven Easy Steps to Better SIP Security on Asterisk: Read the rest of this entry »

Microsoft announced today several critical warnings for Microsoft products, including Windows 2000, Windows 2003 Server, and Windows XP. Microsoft Security Advisories are a way for Microsoft to communicate security information to customers about issues that may not be classified as vulnerabilities and may not require a security bulletin. Each advisory will be accompanied with a unique Microsoft Knowledge Base Article number for reference to provide additional information about the changes. Read the rest of this entry »

Note: For information on Ann Arbor DDA blocking this application, click here.

VoIP is Fun

Patrick and Fred eat, breathe, and live telecommunication. So, when the chance to make fun little phone applications come around, we like to jump on it. Recently, while discussing parking issues with Ann Arbor’s Edward Vielmetti, and idea came to mind. Mr. Vielmetti is active within the Ann Arbor community and among the many hats he wears, one seeks to provide access to accurate information concerning downtown transportation and parking (wow that was a mouthful). While discussing the lack of accurate bus information in Ann Arbor, the conversation took a tangent (yes, how odd that conversations with Fred or Patrick take tangents) on the area of parking.

The parking garages in Ann Arbor provide nice signs in front displaying in brightly lit numbers, the amount of available spaces remaining. Ann Arbor also posts this information on the web at the A2DDA website. An idea came to mind that basically, you can tell the available spots either from the website or right when you reach the garage — but what if you wanted to know while driving to the garage?

So, with that long introduction, we present “using asterisk, cepstral, and perl to get parking and weather updates.” Ok, for the non-techs, don’t panic! We’ll talk about the techie stuff in a little bit. The bottom line is using Asterisk, Cepstral, and Perl, you can check the internet for the spaces available and let the caller know — all in real time. For a working example, call +1 (212) 937-7844 and press 6 +1 (734) 272-0909 (this is not a toll-free number).

Read the rest of this entry »

VoIP Geeks Rock

Note: This is one of VoIP Tech Chat’s more technical articles. If you’re not a techie (or a trekkie), you may want to skip this one. In fact, we’d love it if you instead read our What is a VoIP? article instead.

Here’s a quick little perl script to create a static html/xml file that can be displayed on your Polycom’s microbrowser. The script uses the Google weather API to check the weather based on a given zip code. The script, of course, is just an example and can be customized as needed.

For PHP coders, the same script can be modified to PHP and save yourself a step. For those of us that really like Perl, this script will create a static page. Using a cron job, you can easily make the page update every 10 minutes or so, and keep weather information current.

You can download the zipped file (weather.pl), or view the code and geeky discussion below… Read the rest of this entry »

Randulo/Zeeek created a fantastic Twitter directory for those VoIP experts / geeks / aficionados / stalkers using Twitter. To add your twitter name to the directory, please go here:

• http://tr.im/voipform

And, to view the directory, point your favorite web browser to:

• http://tr.im/voipview

About VoIP Users Conference

The VoIP Users Conference is open to all levels of VoIP expertise — from the total beginner to the experienced developer. The idea of the conference is to share knowledge, bring new people into the community, and to promote VoIP. Although the conference talks a lot about Asterisk, it is not limited to that. For more information, please visit (and join) www.voipusersconference.org.

About Twitter

Twitter is a service for friends, family, and co–workers to communicate and stay connected through the exchange of quick, frequent answers to one simple question: What are you doing? 

More Resources

• Fred’s Twitter Feed
• Patrick’s Twitter Feed
• VoIP Users Conference Twitter Feed