Disruptive Telephony

Back on Sunday, Dustin Trammell wrote about the "lie detector for Skype" over on the Voice of VOIPSA blog, and I have to say that this certainly is a curious use of the Skype API. Real Geek has another writeup along with the picture to the right. Blogs, of course, have been writing about it. Naturally, Gizmodo and Engadget weighed in. However, even though it is theoretically available from the Skype Extras Gallery, I'm not seeing people actually writing about using it. In the comments area of that page on Skype's site, I mostly see people expressing their frustration with trying to install it. It's strange, I was able to get to the kishkish website the other day, but not today. Perhaps they are a victim of their own success. I did notice that they had cute marketing with their use of a snippet of video of former US President Bill Clinton talking about Monica Lewinsky. It's unclear about pricing, though... it seems to be free from the Skype Extras page but the Gizmodo article references a $49.95 annual fee. Hmmmm....

Call me skeptical... voice stress analysis has been around for a long time and, well, just consider me skeptical. Oh, sure, I'll give it a try, but I don't hold out any great hope. Of course, right now when I tried to download it I can't seem to get it to run. (Which also seems to be a problem others are having.) However, I may have a larger issue in that the "Do More" link in my Skype 3.0 is greyed out, so perhaps I messed something up in my tinkering with it a couple of weeks ago (although I've since upgraded to the released version of 3.0).

In any event, regardless of whether this works or not, it certainly is a fun little example of what can potentially be done by developers given access to an API...

Technorati Tags: kishkish, skype

So the news floating around the VoIP part of the blogosphere is that the long-awaited and long-debated "iPhone" was released yesterday... but it turns out NOT to be from Apple! Instead, as noted by Gizmodo, the trademark for "iPhone" belongs to, of all people, Cisco! ( Tip of the hat to Tom Keating, where I first read it and saw this graphic.)

On one level, the Linksys press release seems to be mostly a re-branding exercise for their existing "CIT" Cordless Internet Telephone series but as noted over on the Skype Gear blog, there actually is some real product news mixed in with all the fixation on the name.

The CIT400 is a DECT-based cordless phone that does not require a PC to run Skype. That apparently is the function of the grey box "base station" in the picture. You plug it into your network and your phone is off and running. It can apparently also plug into your landline to give you true "dual-mode" operation. Very much like the Dualphone 3088 and other similar products.

On the other hand, the WIP320 is a true WiFi handset that again does not require a PC. So it joins the other phones like Netgear SPH101 (which, interestingly, looks very similar) and the Belkin WiFi phone, both of which also don't need a PC to run Skype.

Now, while the WIP320 seems like it might be something nice for the home office (although I like the ergonomic of the Dualphones better, I have to confess), it doesn't strike me as being as useful (and disruptive) as it could be. Why not? Because you can't use it at hotspots that require authentication!

I took a quick scan at the User Guide, and while you can use it with WPA and WEP encryption, it doesn't have a web browser so you can't take it to a WiFi hotspot and authenticate with the hot spot provider. Obviously, if you take it somewhere where someone can just give you a WPA key, you're okay... but that's not the real world of public hotspots. Per Cisco's product family page, the web browser is only in their SIP handset, the WIP330. Perhaps next go-around they'll give that to Skype users.

All in all I would expect Cisco to get a lot of press out of the name "iPhone", if for no other reason than the fact that Apple can't use that name anymore. Beyond that, unless I'm really missing something, the announcement itself really just shows that Cisco/Linksys is now catching up with its competitors.

Other coverage:

• Engadget
• Greg Galitzine
• Gizmodo on what Apple might call their phone
• Om Malik

Technorati Tags: apple, cisco, iphone, sip, skype, DECT, voip, wifi, wireless, wlan

(Originally posted to http://dyork.livejournal.com/258085.html)

Now I realize that often in sales and marketing, some folks tend to exaggerate claims... or split hairs to make various claims... or (more often) don't do enough fact-checking to verify their claims... but it rather annoys me when I see someone making claims that are just wrong - especially when the claims overlook products made by my own employer! As readers know, I don't really tout Mitel products here all that much, but in this case, I feel compelled to write a bit about one. In the recent announcements by Siemens of their new OpenStage SIP phones, which Ken Camp covered so well here, Siemens makes the claim in their PowerPoint presentation (available from Ken's post):

The first time an enterprise desktop phone has been able to connect to both wired and wireless infrastructures.

Um... no. You see, Mitel has been shipping this little product called the "Mitel WLAN Stand" since July of this year (2006) which just clips onto the back of any of our enterprise desk phones and allows that phone to connect to a 802.11 network. I've got one here in my home office... I'd be glad to show anyone if they'd like. In fact, our product has a few advantages over what Siemens announced:

1. It is available and shipping today.
   
2. It works with existing Mitel sets. You don't need to purchase new sets... just use your existing (52xx/53xx) sets and order some WLAN stands to make them wireless.
   
3. It works across our full range of sets, not just the top two most expensive sets.
   
4. A PC can be plugged into the PC port on the back of the IP phone and use the wireless connection (in fairness, I don't know from the info provided thus far in the announcements whether the OpenStage phones would support this... but ours can).
   
5. A Mitel set with a WLAN stand can be either a 802.11 client or a 802.11 access point.

Think about this last point for a moment if you have a rapid deployment you want to make. Say you want to drop a team of auditors into a client company location for a few weeks. You have Internet access at the location, but you want the employees to have extensions off of your main office wherever that may be and you want them to securely be able to talk back to your main office. So you ship to the location a bunch of Mitel sets with WLAN stands - all configured as Teleworker sets that will connect back to your Teleworker server on the edge of your corporate network. One of those sets gets a connection to the local wired network and has its WLAN stand configured in AP mode. All the other sets have their WLAN stands configured in client mode... and previously all the appropriate WPA/WPA2 keys were set up so that all communication between the sets is secured. Ta da... beautiful little rapidly-deployed "branch office"... all secure... wireless... and to make it even more convenient, through our "hot desking" the auditors can login with the same extension that they use at the main office. Powerful stuff... and it works today.

On the more mundane level, I have a WLAN Stand here in my home office which gives me the flexibility to move my IP phone to wherever I want to plug it in. So if I wanted to work out on the back patio (a wee bit too chilly right now), I just run an extension cord out there, plug in the phone, and I'm operational. (Next summer I'll have to get some pics sitting in our hammock...) In an corporate office environment, these stands could be used to locate phones in areas that are not served by LAN connectivity... or where you don't want the various cables running across the floor or tables (of course, you still need power).

So the net is that someone there at Siemens needed to do a wee bit more fact-checking, I'd say. Perhaps someone junior was assigned the task. Perhaps they just simply missed it. I know a good number of folks there at Siemens and I have great respect for what they do... so I'm certainly inclined to think this was just a fact-checking mistake.

Now, I'll grant them that their OpenStage USB key is definitely a neat solution. Smaller form factor and very easy to distribute updates when you want to support a new 802.11 variant. (Of course, the security guy in me also thinks... "very easy for someone to steal or misplace".) So if they want to make the claim:

The first time an enterprise desktop phone has been able to connect to both wired and wireless infrastructures using a USB WLAN adapter.

Well, okay... they are probably right on that one. It's that last clause that's the important part.

Technorati Tags: 802.11, mitel, openstage, siemens, sip, wlan, unified communications, voip, wireless

(Originally posted at http://dyork.livejournal.com/257414.html)

Finally getting caught up on content recorded for Blue Box, I finished up on Monday night the interview I did with Ken Camp out at Internet Telephony in San Diego and posted the interview today. Ken responded with his post: "I've been Blueboxed", which gave me a laugh because I don't think I've ever seen the show name used as a verb before!

Technorati Tags: blue box, bluebox, security, ken camp, voip, voip security, voipsa, voipsecurity

(Originally posted at http://dyork.livejournal.com/256998.html)

Tom Cross over at Techtionary.com dropped a note to let me know that his team had released a 'fastcast' on the topic of "SIP Essentials". Not having a clue what a "fastcast" was, I found the answer in Tom's news release:

Fastcasts are fast-track audio/video animated 10-60 second advertorials for web, webseminar, PC and iPod formats.

• SIP Basics
• SIP Trunking
• SIP QoS
• SIP Firewalls and Security
• SIP Applications
• SIP TCO-Total Cost of Ownership
• Integrated/Converged Access
• Key VoIP Options – IAS, Hosted, Managed
• SIP Total Tutorial with Future Outlook

Technorati Tags: sip, techtionary, tutorials, voip, voip security

(Originally posted at http://dyork.livejournal.com/256267.html)

I have to say that it's been rather fascinating to lurk in the "Skype English Blog Chat" public chatroom that was created as part of the beta of Skype 3.0. Many of the Skype employees familiar from the Skype blog pages have been in there, such as Jaanus Kase, and they are taking comments and questions from other Skype 3.0 beta users who have been trying out the beta and then giving the feedback directly in the chat room. Because it's a "persistent" chat room that you always stay in (regardless of whether you are online, offline, or even whether you have the Skype client running at all) until you actually press the "Leave" button, you can always go back in and read the chat history to see what's been going on and what people are saying. I'll give credit to Skype for showing how public chats can be part of an effective beta process. And it's been quite interesting to see the issues that have gone on, as well as the links that people have provided to different things as they have tried them out. I've really only checked into it maybe once a day, although I do have an alert notification set so that any time certain terms are mentioned (such as my name or "security") I get an audible notification and can check it then.

One of the benefits of being one of the 100 folks in the chat room is that you do get some nice advance notice... such as when I just checked the chat room this morning and saw this message:

[9:21:20 AM] Raul Liive says: 3.0 went to Gold just. Get it from www.skype.com

So Skype 3.0 is officially out there... (and I have naturally downloaded a copy). Now we'll see if it works better than the beta where I was having some wacky problem with people's presence not actually showing correctly.

Technorati Tags: skype, voip

(Originally posted to http://dyork.livejournal.com/254735.html)

Just confirmed late last week that I'll definitely be speaking at O'Reilly's Emerging Telephony Conference (aka "ETel") this coming February 27 - March 1, 2007 in San Francisco. The topic I will be speaking on will, of course, be VoIP security. Two sessions, actually... one a 15-minute plenary session providing an overall view of VoIP security and then the second a 90-minute workshop going into much more detail, providing info about security tools, best practices and much more. Both, of course, will be later put out as part of Blue Box. Should be a lot of fun, and given that it's in the SF area, I'll probably be able to pull Jonathan Zar in as well, which would be cool. Now I just need to put up a picture, bio and session abstracts...

As I've said to a number of folks, ETel 2006 was one of the very best out of all the conferences that I attended all year. No real trade show... just conference sessions full of the "alpha geeks" that O'Reilly conferences tend to attract. People really on the bleeding edge of trying out new and different things with telephony. They had a "fair" at one point that showcased startups that were doing really wacky things... it was all great stuff. Definitely a place to meet the people pushing the true leading edge of IP telephony. Here's a brief part of the promotional material:

ETel captures and telegraphs the excitement around ahead-of-the-curve telephony technologies, bringing together all layers of the telephony community to compare and contrast web telephony technology, business, and culture in a collaborative, spirited environment. ETel highlights the people, projects, and activities pushing the boundaries of what's possible with IP telephony. ETel provides a map of the evolving telephony horizon and gives you the charts you need to navigate the new communication opportunities ahead.

Technorati Tags: etel, oreilly, security, voip, voip security, voipsa, voipsecurity

(Originally posted at http://dyork.livejournal.com/253120.html)

If you look at the front cover of "Hacking Exposed VoIP" (either click on the small image to the right or follow this link), you will see a review quote from a certain someone:

If you are a security professional charged with protecting a network infrastructure that includes VoIP, you definitely must read this book! Failure to do so will seriously put your VoIP systems - and your network - at risk!"
-Dan York, Producer and Co-Host, Blue Box: The VoIP Security Podcast

McGraw-Hill left out the first part of what I sent them, namely "This is a dangerous book.". (UPDATE: The full quote is on the first page inside the book.) It is a dangerous book, really, because Dave and Mark have brought into one book an amazing amount of information that previously was only found through diligent searching of many places. I stand by my quote - security professionals responsible for the security of VoIP systems really do need to read this book!

On a different note, I have to wonder if this is the first time a review quote from a podcaster has appeared on a published book that does not have anything to do with social media. Quotes from podcasters have been on books about podcasting... and perhaps books on blogging (I don't know, but I could see them there). But I wonder how many review quotes from podcasters have been on books in other fields. There is no way to easily find this info, of course, so I have no clue. Perhaps this book is among the first to feature a podcaster (maybe even the first)... perhaps not. The only reason I mention it is that it really becomes just one more sign of the rise in the recoginition of podcasting and podcasters. Cool to see.

Meanwhile, if you are dealing with VoIP security, you really should buy the book. (And no, I don't receive any income or a kickback for promoting the book. I just think it is an extremely good book.)

Technorati Tags: security, hacking voip, voip, voip security, voipsa, voipsecurity

(Originally posted to http://dyork.livejournal.com/251845.html)

I do not know precisely why, but the Australian VoIP media seems to pick up a lot of good news items about VoIP security, if you take a look at any Blue Box episode, you'll often see that many of the news items we talk about come from Down Under. I don't know why, but they seem to have security as a partial focus. It's great to see and they are a very good source of news. One site there, VoIP News, is also the only one I've really seen to write a post about the VOIPSA Best Practices Project. We weren't really expecting people to write about it on news sites... the launch is really more low-key and we didn't do any active PR beyond blog posting and sending to email lists. Now, when we have the finished product that will be a different story.

Of course, to finish one must first start.. hopefully later today... just in time for me to start travelling for a week!

In the meantime, it's great to see this VoIP News site writing about us... I've seen several subscriptions already today from Australia.

Technorati Tags: security, voip, voip security, voipsa, voipsecurity

(Originally posted at http://dyork.livejournal.com/250114.html)

As I wrote about over on Voice of VOIPSA, the Register posted an article yesterday "VoIP - open season for hackers". The article is mostly good PR by a security company promoting itself and doesn't really seem to add anything brilliantly new to what we've already known in the VoIP security field... but the fact that it's posted in the Register pretty much guarantees high visibility.

Another good reason for VOIPSA to get the Best Practices document done soon...

Technorati Tags: security, voip, voip security, voipsa, voipsecurity