This somewhat frightful claim has been reverberating around the inter-web the past few days. I do agree that YOUR IP phone(s) might be a candidate target for such an exploit. I’m not worried simply because my IP phones don’t suffer the particular vulnerability in question. More on that in a bit.
This claim stems from Paul Moore, a security consultant, hacking a snom 320 IP phone. He found that with the default admin credentials in place he could penetrate the phone, achieving broad control of the device. Then he used that control to do various nefarious things.
For example, he could place calls. Further, he could setup routing to send all calls via a premium service that paid him for every minute of connect time. Thereafter he’d just leave the phone on a long running call without the user ever becoming aware that it was busy. Cha-ching!
According to Bob Dylan, “The times they are a-changing.” I certainly hope so. I’ve made some changes to our broadband service hereabouts, and I’m hopeful about a new alternative. The details of these two things are worth sharing.
I’ve long held that someone in a technology business, who works from a home office full time, should have redundant forms of internet access. If you’re going to have redundant access they should use different modes of connection. That way a single errant truck or backhoe doesn’t take out both of your services.
This belief was strengthened by our own experience in events like Hurricane Ike in 2008. We lost Comcast service for several weeks, falling back to our stodgy old DSL circuit. The DSL meant that we had IP phones running the morning after the storm, when even cellular service was down, amazed and confounded our neighbors.
Our first broadband service to this location was a DSL circuit. The name on the bill changed numerous times. What started out as Sprint Ion devolved into Earthlink, then Covad, Megapath, and most recently Global Capacity. The data rate was slow, but reliability was high.
It wasn’t that long ago that I reminded you of how much I admire Lightningbase. Here’s just one more reason why these guys rock. Lightningbase has recently made it very easy to deploy SSL for WordPress sites by integrating Let’s Encrypt.
Lightningbase founder Chris Piephoannounced the effort in a blog post. Since I’ve wanted to use SSL for a while, but not had the time to work through the details, I took the new offer as a sign that I should go ahead with the implementation.
I must say that I was floored by how easy this was! The entire process of getting this domain running on SSL took me less than 15 minutes.
A long time ago, when I was still in school in Toronto, I became fascinated with an obscure form of surround sound recording known as Ambisonics. In researching a paper for school I became smitten by the approach conceived by English mathematician Michael Gerzon. It’s a truly elegant system, something beyond the commercially successful surround sound approaches that we all know.