Graves On SOHO VoIP

Earlier this week Dan Berninger, CEO of the newly formed HDConnect trade group offered up another guest post on Jeff Pulver’s blog. In this post, entitled “Telecom Turnaround,” Dan outlines the decline in demand for traditional voice services over the past decade. He also hints at the typical arguments that nay-sayers offer against wideband telephony. It’s all good stuff.

There’s something that I’d like to add to what Dan puts forward. By whatever name it’s known, HDVoice, HD VoIP, or simply wideband telephony…improved call quality is only the beginning. When voice is just another application on an IP network there are a many advantages that can be realized. Improved call quality is just the first benefit that we’ll see (hear?), and possibly the easiest to sell both to the public and regulators.

Read the rest of this entry »

Earlier today the DECT Forum issued a press release in response to news from last months Chaos Communications Congress (25C3) that the DECT encryption has been cracked. Their press release (PDF) is about what you’d expect. It merely asserts their willingness to work with researchers to develop new and better security provisions as part of the CAT-iQ standard that replaces DECT.

I would hope that they would not only develop a better standard, but also ensure that the encryption provisions are in fact implemented by manufacturers. To my mind the most frightful part of the DeDECTed groups work was finding that some DECT implementations were not encrypted at all. Further, that there was essentially no way for a non-technical user to know if the DECT system that they were buying was encrypted or not.

Read the rest of this entry »

The Voice Report has today released a nice podcast on cellular and smartphone security called “The Secret Agent Phone.”

The FBI release last Friday about vishing & Asterisk touched off a bit of a fury. It now appears that they have restated their warning acknowledging Digium’s original response to the matter in question (AST-2008-003) That being, all current v1.2 and 1.4 Asterisk systems will have been patched already. Asterisk v1.6 was never effected. Digium provides further clarification as well.

As always, keep your systems current!

The FBI’s Internet Crime Complaint Center has issues a warning with respect to the use of Asterisk to create vishing attacks. According to a post at Slashdot someone from PCWorld checked with Digium who was puzzled about the matter. Digium’s own John Todd responds with a blog post this morning.

The FBI alert is extremely vague, making only a non-specific reference as follows:

The FBI has received information concerning a new technique used to conduct vishingi attacks. The recent attacks were conducted by hackers exploiting a security vulnerability in Asterisk software. Asterisk is free and widely used software developed to integrate PBXii systems with Voice over Internet Protocol (VoIP), digital Internet voice calling services; however, early versions of the Asterisk software are known to have a vulnerability. The vulnerability can be exploited by cyber criminals to use the system as an auto dialer, generating thousands of vishing telephone calls to consumers within one hour.

It must be really challenging for the FBI to get their heads around how to deal with something like Asterisk. It’s a telecom & networking toolkit to build whatever you like. It’s a major enabling mechanism for anyone in the telecom space, and for whatever purpose.

Security is one of the next big issues in VoIP. It remains largely unaddressed in the residential / SOHO space. IMHO the question is not if we’ll address it, but more simply when. For those with an interest in the matter may I suggest reading at www.voipsa.org especially their excellent blog and mailing list. Also, the Bluebox Security Podcast by Dan York and Jonathan Zar.

Update: Here a link to the PCWorld article on the matter.

Update2: Digium’s Bill Miller offers a clarification that Digium was only contacted after the FBI warning was issued and the PC World article was already published.

So it appears that we have before us a classic example of brilliant government in action supported by a comparably skilled press. That Digium was the singular reference source that should have been contacted should have been patently obvious to everyone involved.

For the past three years I’ve used Stanacard as the basis for placing overseas calls from my cell phone.This has recently changed as I’ve leveraged our company’s OnSIP account to provide a similar capability to all of our US staff.

Stanacard describes themselves as a “next generation calling card service.” The service is simple enough. Like most calling card services they have a variety of US points-of-presence (POPs) with local numbers. You dial that number, then authenticate using a PIN to get at a second dial-tone, and finally dial the overseas number you want to reach.

Read the rest of this entry »

A short while ago VUCs Randulo tweeted that he had recently updated the firmware on his Polycom phones. He said that he did this using a local provisioning server setup temporarily just for the task. If you’re using a hosted IP-PBX then you may not have a suitable server running 24/7/365.

If you don’t run a provisioning server all the time then booting the phones can take a lot longer. On boot-up the phones simply fail to contact the provisioning server and eventually boot using their existing internal settings. But this means waiting through a series of time-outs, which is the principle source of delay.

Read the rest of this entry »

Over the past week Skype has been making some waves, starting with a speech at ITXPO where they declared “VOIP is Dead.” Then Michael Robertson of Gizmo5 fired back in response to their petition to the FCC arguing for more open wireless networks (aka cellular.) What folly, a closed network operator (Skype) preaching open networks to other closed network operators (cellular carriers.)

Dan York has collected up the actions & reactions, as well as the Calliflower conference call on the matter from last Friday. Michael Robertson was on that call. It’s definitely worth a listen.

Read the rest of this entry »