The WABAC Machine: John Todd On Asterisk

Every so often it’s fun to look back. Such is the case with this episode of Revision 3’s Systm from December 2005. John Todd takes Kevin Rose through a basic Asterisk configuration. Thanks to Michael Iedema for pointing this out during his recent appearance on FLOSS Weekly.

Reflecting Upon My First Astricon

Astricon2009This year marks the first time that I have attended Astricon. This is mildly paradoxical since Asterisk hasn’t been at the core of my IP telephony activities for a while. However, the opportunity to talk about HDVoice with a group of Asterisk users was just too good an opportunity to pass up.

My experience of Astricon was better than I had expected on a number of levels. Meeting up with  a number of the VUC regulars was probably the highlight of the event. Though we might speak every week or so to have a sit down and talk in one location remains a treat. Meatspace still trumps cyberspace in some ways.

Continue reading “Reflecting Upon My First Astricon”

Venture VoIP Interview Digium’s John Todd

digium_rgb-160Matt Riddell has a nice interview with Digium’s John Todd over at Venture VoIP. It covers some interesting ground, including an outline of John’s typical week and how he came to be involved with Digium. Not too be too gushy, but from where I stand John is doing an exemplary job handling community relations for Digium.

I was also happy to see a reference to the VoIP Users Conference. We truly appreciate John’s regular involvement in our little group. It’s the kind of experience he brings to the conversation, and the willingness to share it, that helps us draw people in to the group every week.

John is however, extraordinarily committed to a narrowband existence. Perhaps one day he’ll see the light…

Skype For Asterisk Open Beta Now Available

SkypeForAsteriskLogo.160px-2009It’s been over nine months since the announcement of Skype For Asterisk, but after all that time the open beta program gets underway this week.

For those of you who don’t follow the sometimes heavily trafficked Asterisk Users Mail List here’s the announcement from John Todd, Asterisk Open Source Community Director at Digium.

Continue reading “Skype For Asterisk Open Beta Now Available”

Put Down The Telephone and Noone Gets Hurt!

The FBI release last Friday about vishing & Asterisk touched off a bit of a fury. It now appears that they have restated their warning acknowledging Digium’s original response to the matter in question (AST-2008-003) That being, all current v1.2 and 1.4 Asterisk systems will have been patched already. Asterisk v1.6 was never effected. Digium provides further clarification as well.

As always, keep your systems current!

Asterisk Implicated In FBI Security Warning

The FBI’s Internet Crime Complaint Center has issues a warning with respect to the use of Asterisk to create vishing attacks. According to a post at Slashdot someone from PCWorld checked with Digium who was puzzled about the matter. Digium‘s own John Todd responds with a blog post this morning.

The FBI alert is extremely vague, making only a non-specific reference as follows:

The FBI has received information concerning a new technique used to conduct vishingi attacks. The recent attacks were conducted by hackers exploiting a security vulnerability in Asterisk software. Asterisk is free and widely used software developed to integrate PBXii systems with Voice over Internet Protocol (VoIP), digital Internet voice calling services; however, early versions of the Asterisk software are known to have a vulnerability. The vulnerability can be exploited by cyber criminals to use the system as an auto dialer, generating thousands of vishing telephone calls to consumers within one hour.

It must be really challenging for the FBI to get their heads around how to deal with something like Asterisk. It’s a telecom & networking toolkit to build whatever you like. It’s a major enabling mechanism for anyone in the telecom space, and for whatever purpose.

Security is one of the next big issues in VoIP. It remains largely unaddressed in the residential / SOHO space. IMHO the question is not if we’ll address it, but more simply when. For those with an interest in the matter may I suggest reading at www.voipsa.org especially their excellent blog and mailing list. Also, the Bluebox Security Podcast by Dan York and Jonathan Zar.

Update: Here a link to the PCWorld article on the matter.

Update2: Digium’s Bill Miller offers a clarification that Digium was only contacted after the FBI warning was issued and the PC World article was already published.

So it appears that we have before us a classic example of brilliant government in action supported by a comparably skilled press. That Digium was the singular reference source that should have been contacted should have been patently obvious to everyone involved.