Archive for the ‘mobile’ Category

Microsoft (SFB/O365) Dropping Support for PBX Connections leaving Legacy Platforms behind

Wednesday, July 26th, 2017

Microsoft recently announced that it will no longer provide session border controller (SBC) support for PBX systems accessing Office 365.

Essentially, the news means that starting July 2018, users of Exchange Online Unified Messaging (UM) will have to use an alternative method of connecting voicemail with Outlook. Microsoft won’t support PBX connections using SBCs for that purpose.

In its announcement, Microsoft suggested that only “a small number of customers are affected by this change” and that it was making it to “provide a higher quality of service for voicemail.” Microsoft also offered four alternative options, though they likely won’t be cheap or simple for affected organizations, said Paul Cunningham, a Microsoft Most Valuable Professional, commenting in a Practical 365 blog post. The move could simplify things for Microsoft, though, he suggested.

“I see this simply as part of Microsoft’s grand strategy to jettison legacy platforms and solutions that are complex and not highly profitable, and focus on services like Cloud PBX that they can deliver more efficiently,” Cunningham added.

Microsoft is discontinuing its SBC support on the Office 365 side so that it won’t have to rely on “a third-party system” that’s difficult to manage, suggested Jeff Guillet, a Microsoft certified solutions master and Microsoft MVP. He explained the technical aspects of Microsoft’s move in this blog post, adding that giving companies just one year to move is “asking a lot,” since the switchover likely will affect large companies.

Some Help for Orgs
Meanwhile, AVST, a Microsoft Gold partner on Skype for Business and Exchange, and a voicemail pioneer, is indicating that it has the means to support organizations faced with Microsoft’s one-year deadline.

The company’s CX-E Unified Communications platform offers a quick solution that can integrate with leading PBX systems, such as systems from Avaya, Cisco, Microsoft and others. The platform permits organizations to continue to use Outlook forms to link voicemail with e-mail. Because of the potential pain involved in such moves, it’s currently offering discounts via its Value-Added Reseller partners.

How AVST can address the issue was explained by Tom Minifie, AVST’s chief technology officer, as well as Denny Michael, senior vice president of sales and marketing at AVST, in a phone interview last week.

AVST has been addressing the unified communications space for decades.

“The company goes back over 30 years and we were one of the folks that brought voicemail to the marketplace,” Michael said. “We’ve been around for a long time, and we primarily service the enterprise space. We’re very strong in healthcare, state and local government, regulated industries, higher education and other horizontal industries as well.”

Minifie explained that organizations with third-party (or non-Microsoft) PBX systems using Office 365, or thinking about moving to Office 365, will be affected by Microsoft’s change. Most options, of the four listed by Microsoft, will require moving to Skype for Business and scrapping PBX systems. It’ll be “disruptive,” he said.

“Clearly, from Microsoft’s position, they want that alternative to be ‘Get rid of your PBX and use Skype for Business,'” Minifie said. “So, for customers that have already been planning for that, that’s a good option for them. They move to Skype for Business and continue to use the Exchange [Online] UM component. But for customers that aren’t interested in doing that or aren’t ready to do that, then this is pretty disruptive because it’s not something that they’ve planned for already.”

AVST, with its CX-E Unified Communications platform, specializes in the fourth option presented by Microsoft.

“And what that is, it’s really saying is that instead of directly connecting the Exchange [Online] UM environment to the PBX, I’m going to have a different unified messaging solution that performs that same functionality, and that’s how we approach it,” Minifie said. “Because of our history, we evolved the integrations into the various phone systems, so whatever phone system or PBX the customer is using, we’ll be able to integrate into that, but then we also integrate into the Exchange environment so that we can provide unified messaging through Exchange.”

End users also get the same familiar Outlook look and feel with AVST’s platform.

“In our eyes, we’re providing the best of both worlds,” Minifie said. “We’re solving the problem, which is you can no longer connect Exchange [Online] UM into your PBX. So we take care of that PBX connection. But you get to continue to use the familiar Outlook interface that the end users are used to.”

Minifie affirmed that Microsoft was essentially eliminating the SBC on its end. The change was aimed at improving the quality of service of voicemail, according to Microsoft.

The Time Factor
AVST and its partners validate phone systems and architectures. They perform application discovery to address any functionalities that organization may want. The time it takes to deploy will depend on the solution chosen.

“As far as the amount of time, that kind of depends on the solution,” Minifie said. “Ours is quick because you really aren’t changing anything. Your phone system doesn’t change. Your Exchange doesn’t change. We just get put in the middle of it. And so that can be deployed very quickly.”

Other approaches can get delayed.

“With the other solutions, you’re getting into having to order telecom things,” Minifie said. “You need SIP trunking and have to order from the carrier, and there are whatever delays for that to get delivered.”

AVST’s solution can be installed on premises or it’s provided as a hosted software-as-a-service solution via subscription. More information about AVST’s replacement offerings for Exchange Online UM can be found at this page.

By Kurt Mackie

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.

Source: Microsoft Dropping Support for PBX Connections Using SBCs — Redmond Channel Partner

Understanding Open Source Agility – Watching revenue upside in SD-WAN, UCaaS services.

Thursday, July 13th, 2017
“A penny saved is a penny earned” –Wise Anonymous person’s words that I heard from my mother growing up.
R O I should be an initial checkpoint and a major focus of any technological investment.  What is the solution solving?  I can’t stop adding items to the list.  I found the article below rather interesting – The service and cloud scene is poppin right now.
–Aaron
business meeting

SatPhone Encrypted Calls Can be Cracked in Fractions of a Second

Thursday, July 13th, 2017

Decrypting-Satellite-Phone-Calls

Security researchers have discovered a new method to decrypt satellite phone communications encrypted with the GMR-2 cipher in “real time” — that too in mere fractions of a second in some cases.

The new attack method has been discovered by two Chinese security researchers and is based on previous research by German academicians in 2012, showing that the phone’s encryption can be cracked so quickly that attackers can listen in on calls in real time.

The research, disclosed in a paper published last week by the security researchers in the International Association for Cryptologic Research, focused on the GMR-2 encryption algorithm that is commonly being used in most modern satellite phones, including British satellite telecom Inmarsat, to encrypt voice calls in order to prevent eavesdropping.

Unlike previous 2012 research by German researchers who tried to recover the encryption key with the help of ‘plaintext’ attacks, the Chinese researchers attempted to “reverse the encryption procedure to deduce the encryption-key from the output keystream directly.”

The attack method requires hitting a 3.3GHz satellite stream thousands of times with an inversion attack, which eventually produces the 64-bit encryption key and makes it easier to hunt for the decryption key, allowing attackers to decrypt communications and listen in to a conversation.

“This indicates that the inversion attack is very efficient and practical which could lead to a real time crack on the GMR-2 cipher,” the research paper reads. “The experimental results on a 3.3GHz platform demonstrate that the 64-bit encryption-key can be completely retrieved in around 0.02s.”

According to the duo, the attack can eventually crack the satellite phone call encryption in a fraction of a second when carried out successfully, allowing the attacker to break into the communications in real time for live eavesdropping.

The new findings spark concerns surrounding the security of satellite phones, which are mostly used by field officers in war zones that protect our land, air, and water, as well as people in remote area precisely because of no other alternatives.

Such attacks could pose a significant threat to satellite phone users’ privacy.

“Given that the confidentiality is a very crucial aspect in satellite communications, the encryption algorithms in the satellite phones should be strong enough to withstand various eavesdropping risks,” researchers said.

“This again demonstrates that there exists serious security flaws in the GMR-2 cipher, and it is crucial for service providers to upgrade the cryptographic modules of the system in order to provide confidential communication,” researchers concluded.

The research was carried out by Jiao Hu, Ruilin Li and Chaojing Tang of National University of Defense Technology, Changsha, China. For more details, you can head on to their research paper [PDF], titled “A Real-time Inversion Attack on the GMR-2 Cipher Used in the Satellite Phones.”

Story Credit ::
Swati - Hacking News
Technical Writer, Security Blogger and IT Analyst.
She is a Technology Enthusiast with a keen eye on the Cyberspace and other tech related developments.

Tech and religion intersect at ‘Code for the Kingdom’ hackathon

Wednesday, October 7th, 2015
Aaron Stockton, whose team last year built a gaming app last year that won $2500 for best original code, works in the Impact Hub spaces (Will Mari / Geekwire).
Aaron Stockton, whose team last year built a gaming app last year that won $2500 for best original
code, works in the Impact Hub spaces (Will Mari / Geekwire).

All over the world technologists are increasingly using the hackathon model to solve societal problems. Whether it’s to fight government corruption or to help feed the homeless or to enhance education, hackathons for a higher purpose are going strong.

Here in the Northwest, a group of faith-motivated programmers echoed that idea. They assembled for the second time at Pioneer Square’s Impact Hub for Code for the Kingdom Seattle, part of a network of religious hackathons happening across the globe in the U.S., Canada, Indonesia, the United Kingdom, Kenya and Ethiopia.

The event, now in its second year, was sponsored by the Deaf Bible Society, the Leadership Network and World Vision. The latter is a huge international NGO based in Federal Way that routinely partners with the Gates Foundation. Other sponsors included Seattle startup TheoTech and Bellingham-based Faithlife.

Over this past weekend about 80 people, many of whom work by day as developers and engineers for local tech giants (or tech giants with local offices), including Amazon, Google and Microsoft, coded through Friday night, Saturday and in some cases Saturday night. They focused on issues such as mental illness, strengthening families, human trafficking, helping the deaf community and connecting NGO’s to their supporters. Others worked on Android versions of apps that debuted last year, including one that’s designed to connect one’s prayer life online.

The winners

VisionCaster, the runner-up for best new code, included World Vision staff and volunteers. Inspired by an app built by the UN to increase awareness of what’s going on in Syria (via Samsung’s Milk VR video service), it uses Google Cardboard to immerse viewers in the NGO’s field projects. The idea is to replicate experiences in the field, like seeing clean water access at work or ongoing disaster response efforts.

Aaron Stockton, whose team last year built a gaming app last year that won $2500 for best original code, works in the Impact Hub spaces (Will Mari / Geekwire).
Aaron Stockton, whose team last year built a gaming app last year that won $2500 for best original
code, works in the Impact Hub spaces (Will Mari).

In addition to solving problems during the hackathon, Worldvision was eager to connect to potential future hires, according to Leslie Annis, who recruits tech staff for the NGO.

“We want to get in front of technologists and let them know that we’re here in this area and we need them to join us in the work that we do,” she said. “It was really fun to see that many technologists together in a room creating really cool things for purposeful, missional work.”

Steadfast, an app to encourage spouses to concretize their support for each other, won the people’s choice and best new code awards. The app reminds people to do kind things for their spouse, like sending flowers or notes of encouragement.

StudyChurch won for best existing code. An online e-learning platform, it’s intended for use by weekly “small groups” that meet in homes and coffee shops, allowing collaboration and conversation over a shared text and eventually through video and audio content.

A common motive

Although more than $1,200 in prizes was on the line, the chance to sit down and write code with others for a good cause was the primary draw for many of the participants.

“There’s no limitations, really, any idea can be the best idea,” said Allen Wong, a graduate student at Northeastern and a contractor at Google. Wong, who works on the Google Maps team, was filming a vodcast from the hackathon.

Wong’s passion is creating vodcasts and podcasts that talk about the intersection between faith and technology in applied ways. “To actually see people take a shot at these things – you don’t see that often.”

A team that did not place among the prize-winners but was still regarded as important was Seattle Against Slavery (SAS)’s pilot project. SAS, an anti-human-trafficking nonprofit, has collected data on people, mostly men, who seek sex online. Their goal is to intervene early in the process and keep buyers from connecting with sex workers, who are often underage, migrants or otherwise exploited. By working with former users and survivors of trafficking, and with support for ad buys from Google, SAS is revising its messages to make them more effective and empathetic.

By finding more about the typical user in King County, and targeting them with ads that persuade them to think twice, the idea is to reduce the supply and thus the demand, said Robert Beiser, SAS’ executive director. SAS participated for the first time in a hackathon specifically to get help from software engineers like Kirsten Stark.

“I wanted to be in a place where there’s a stronger connection between my work and my faith,” said Stark, an engineer at Midfin Systems in Redmond.

“We love Jesus and other people and want to help them.” Helping the users and offering them alternatives by showing that others care for their underlying needs is a ‘very Christian approach’ to intervention,” she said.

Sarah Williams, whose team won a $2,500 prize last year for best original code at the inaugural event in Seattle, was back this year as a mentor and volunteer.

Calvin Freitas, a senior front-end engineer at Amazon, works on Ceaseless, at the second-annual Code for the Kingdom Seattle (Will Mari / Geekwire).
Calvin Freitas, a senior front-end engineer at Amazon, works on Ceaseless, at the second-annual Code for the Kingdom Seattle (Will Mari / Geekwire).

Now a manager at Amazon, she’s valued the colleagues and connections that came from last year and continue into the present.

“Now more people know about it… and know what I’m talking about,” she said, of sharing the event with her network.

A common community

Event organizers hope that the hackathon’s participants can continue to meet monthly to code and collaborate. To that end, they maintain an active Meetup.com group and Facebook page and invite interested Seattle-area coders to join. An upcoming conference in November will also tackle faith and tech from a more academic perspective.

Meeting together for a common cause – and creating and sustaining community – is part of the ongoing legacy of niche hackathons.

Wendy Stevens, a health specialist at a small Tumwater-based company, N2N and Associates, was at the hackathon on Saturday working on an online-based system for crisis management.

To her, the fact that programmers from rival companies were working together was part of what made the event inspiring.

Their faith was a “point of reference,” she said.

Geeks Give Back

What happens when Geeks Give Back?

Bank of America and GeekWire are joining forces to help raise $500,000 for the Washington State Opportunity Scholarship – providing local students interested in STEM with scholarships to fund their higher education goals. Support the next generation of scientists, engineers and mathematicians by clicking here to learn more and give back!

Stagefright: SMS Text Message Can Hack Android Phones – Fortune

Monday, July 27th, 2015

Share icons “Stagefright” is one of the worst Android vulnerabilities to date. So listen: Can I have your number? Can I have it? Can I? Have it? Um…maybe not. Actually, you should think twice before giving away your cell phone number—especially if you happen to own a phone that runs on Google’s Android operating system. That’s the only thing a hacker needs to compromise a handset. A mobile security researcher has uncovered a flaw that leaves as many as 95% of Android devices—that’s 950 million gadgets—exposed to attack. The computer bug, nicknamed “Stagefright” after a vulnerable media library in the operating system’s open source code, may be one of the worst Android security holes discovered to date. It affects Android versions 2.2 and on. Should a hacker learn someone’s cell phone number, all it takes is for that person to send a malware-laced Stagefright multimedia message to an affected phone in order to steal its data and photos or to hijack its microphone and camera, among other nefarious actions. Worse yet, a user might have no idea that his or her device has been compromised. Joshua Drake, vice president of research and exploitation at the mobile security firm Zimperium zLabs, says an attacker can delete the message before a victim has any idea.   “These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited,” he writes on his company’s blog. “Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone.” When Drake reported the severe vulnerabilities along with potential fixes to Google GOOG 0.73% in April (as well as another set May), the company, he writes, “acted promptly and applied the patches to internal code branches within 48 hours.” That doesn’t mean the problem is resolved, however. As Forbes reporter Thomas Fox-Brewster writes, device manufacturers will still need to push the updates out in order to safeguard their customers. Google’s major Android partners, which include phone-makers like LG, Lenovo LNVGY -5.20% , Motorola MSI -1.33% , Samsung SSNLF -3.23% , and Sony SNE -1.33% were not immediately available to comment. (Fortune has reached out to these handset makers and Google. We will update this when we hear back.) An HTC HTC 0.00% spokesperson responded: “Google informed HTC of the issue and provided the necessary patches, which HTC began rolling into projects in early July. All projects going forward contain the required fix.” Drake praises the security firm Silent Circle, based in Geneva, Switz., which makes the Blackphone handset, for its quick response protecting users since it released PrivatOS version 1.1.7. He also praises Mozilla, maker of the Firefox web browser, for including fixes since version 38. “We applaud these vendors for prioritizing security and releasing patches for these issues quickly.”   “This is Heartbleed for mobile,” said Chris Wysopal, chief tech and information security officer at the application security firm Veracode. These vulnerabilities “are exceedingly rare and pose a serious security issue for users since they can be impacted without having clicked on a link, opened a file or opened an SMS.” Drake plans to present his research at the Black Hat and Def Con security conferences in Las Vegas next month. So, um, can I have your number?

Source: Stagefright: SMS Text Message Can Hack Android Phones – Fortune

WARNING! Android phones can be hacked with a simple text

Monday, July 27th, 2015

The problem stems from the way Android phones analyze incoming text messages. Even before you open a message, the phone automatically processes incoming media files — including pictures, audio or video. That means a malware-laden file can start infecting the phone as soon as it’s received, according Zimperium, a cybersecurity company that specializes in mobile devices.

If this sounds familiar, that’s because this Android flaw is somewhat like the recent Apple text hack.

But in that case, a text message with just the right characters could freeze an iPhone or force it to restart. This Android flaw is worse, because a hacker could gain complete control of the phone: wiping the device, accessing apps or secretly turning on the camera.

In a statement to CNNMoney, Google (GOOGLTech30) acknowledged the flaw. It assured that Android has ways of limiting a hacker’s access to separate apps and phone functions. Yet hackers have been able to overcome these limitations in the past.

The bug affects any phone using Android software made in the last five years, according to Zimperium. That includes devices running Android’s Froyo, Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, KitKat and Lollipop iterations (Google names its Android versions alphabetically after desserts).

android text

Zimperium said it warned Google about the flaw on April 9 and even provided a fix. The company claims Google responded the very next day, assuring a patch would be shared with customers in the future.

Typically, in these situations, companies are given a 90-day grace period to issue a fix. It’s a rule even Google abides by when it finds flaws in others’ software.

But it’s been 109 days, and a fix still isn’t largely available. That’s why Zimperium is now going public with the news.

The issue now is how quickly Google will manage to fix this for everybody. While Apple can push out updates to all iPhones, Google can’t.

Google is notorious for having a fractured distribution system. Several entities stand in between Google and its users, and they routinely slow down the release of new software. There’s phone carriers — like AT&T (TTech30) and Verizon (VZTech30) — and makers of physical devices — likeSamsung (SSNLF) — all of which need to work together to issue software updates.

Google told CNNMoney it already sent a fix to its “partners.” However, it’s unclear if any of them have started pushing that out to users themselves.

For that very reason, Google recently put its own Nexus phones first in line to receive updates.

This could be a test case that shows why it’s so important to receive updates quickly.

Chris Wysopal is a longtime hacker and now an executive at cybersecurity firm Veracode. He called this Android’s version of Heartbleed, the devastating bug that put millions of computer networks at serious risk last year.

“I’m interested to see if Google comes up with a way to update devices remotely,” he said. “Unless they can do that, we have a big disaster on our hands.”

 

Android phones can be hacked with a simple text – Jul. 27, 2015.

Record-breaking 1Tbps Speed achieved Over 5G Mobile Connection – Hacker News

Thursday, February 26th, 2015

New Generations usually bring new base technologies, more network capacity for more data per user, and high speed Internet service, for which Internet service providers usually advertise. However, it is believed that the fifth generation (5G Technology) of mobile network will be beyond our thoughts.1TBPS OVER 5GSecurity researchers from the University of Surrey have just achieved Record-Breaking data speeds during a recent test of 5G wireless data connections, achieving an incredible One Terabit per second (1Tbps) speed – many thousands of times faster than the existing 4G connections.After 4G, 5G is the next generation of mobile communication technology that aims at offering far greater capacity and be faster, more energy-efficient and more cost-effective than anything that has seen before. The boffins say 5G will be different – very different.The 5G test was conducted at the university’s 5G Innovation Centre (5GIC), which was founded by a host of telecoms industry partners including Huawei, Fujitsu, Samsung, Vodafone, EE, Aircom, BT, Telefonica, Aeroflex, BBC and Rohde & Schwarz.

via Record-breaking 1Tbps Speed achieved Over 5G Mobile Connection – Hacker News.

Galaxy S6, S6 Edge show up side by side in leaked pics – SlashGear

Thursday, February 26th, 2015

Yesterday, the Galaxy S6 was leaked in all its prototype glory. Still cased in bubble wrap, we got our first look at what might be the next flagship from Samsung. Now, we’re getting a better look at the device, and a comparison to the Galaxy S6 Edge. Side by side (edge to edge?), the two phones give us our first look at Samsung’s new two-phone flagship scheme. Oddly enough, while the thought of a curved screen might not appeal to you, these pics might change your mind.


The Galaxy S6 is pretty close to what we saw yesterday, and has one feature that’s immediately noticeable. The home button is a bit chunkier; not so slim and ling this time around. That’s likely because Samsung has changed their fingerprint scanning to perform more like the Touch ID you find on the iPhone and iPad, where you don’t have to drag a finger across the button.

Samsung_Galaxy_S6_Edge_side-by-side_1

That edgy Galaxy S6 is actually pretty sharp. In these pics, the curve isn’t quite as pronounced as the Note Edge. I actually enjoy the Note Edge, so a dual-sided slope is going to be pretty interesting.

Around back, we find the camera hardware is bulging, and the flash sits right next to it. We hope that pretty obvious bulge means there is some amazing hardware packed in — something that iterates on Samsung’s recent history of really good smartphone cameras.

Samsung_Galaxy_S6_Edge_side-by-side_2-640x373

Still, it’s hard not to notice Samsung has decided to come to MWC with two flagship phones, each with its own use cases and market. The last time someone did that, Apple was giving us two big iPhones. Hopefully, the same move pulls Samsung from their rut.

via Galaxy S6, S6 Edge show up side by side in leaked pics – SlashGear.

Google discloses three severe vulnerabilities in Apple OS X – CNET

Friday, January 23rd, 2015

Google’s Project Zero security team revealed the existence this week of three vulnerabilities with high severity that have yet to be fixed in Apple’s OS X operating system.

Although each of the flaws requires an attacker to have access to a targeted Mac, they could all contribute to a successful attempt to elevate privilege levels and take over a machine.

The first flaw, “OS X networkd “effective_audit_token” XPC type confusion sandbox escape,” involves circumvention of commands in the network system and may be mitigated in OS X Yosemite, but there is no clear explanation of whether this is the case. The second vulnerability documents “OS X IOKit kernel code execution due to NULL pointer dereference in IntelAccelerator.” The third one, “OS X IOKit kernel memory corruption due to bad bzero in IOBluetoothDevice.” includes an exploit related to OS X’s kernel structure.

Each vulnerability, as with any disclosed by the Project Zero team, includes a proof-of-concept exploit.

The vulnerabilities were reported to Apple back in October but the flaws have not been fixed. After 90 days, details of vulnerabilities found by Project Zero are automatically released to the public — which is what happened this week.

Project Zero, which Google officially launched in mid-2014, tasks researchers with uncovering any software flaws that have the potential of leading to targeted attacks on people’s computers.

On Apple’s product security page, the company states: “For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available.”

This isn’t the first time Google’s Project Zero has published vulnerabilities that are yet to be fixed. In the past several weeks, the tech giant’s security team has published information about three separate, unpatched security flaws in Microsoft’s Windows operating system.

via Google discloses three severe vulnerabilities in Apple OS X – CNET.

Information Regarding Server Issues for VyprVPN Customers in China | Golden Frog

Friday, January 23rd, 2015

We are aware of recent network issues affecting our VyprVPN customers in China. If you are in China and are having trouble connecting to several different VPN server locations, including US and Australia servers, please use the following locations:

Netherlands

Hong Kong

Connections to these locations have been successful, but may not have a 100% success rate. In the event one of those locations fails, please try another.

Thank you for your patience in this matter. We are investigating the issue and will provide you with an update once we have additional information.

via Information Regarding Server Issues for VyprVPN Customers in China | Golden Frog.