iPhone Worm Attack – jailbroken iPhones

Due to the iPhone being a hit in the smartphone market, network security researchers warned that the iPhone’s popularity will lead to cyber-criminals to taking an interest in mobile phones. With the increase in horsepower and functionality in smartphones phones, they are essentially mini computers. We all know the types of threats and vulnerabilities computers face and our phones are no exception.

Recently, some iPhone users were attacked by a worm – the first of its kind found on the iPhone. The virus automatically replaces the iPhone wallpaper with a photo of 80’s pop singer Rick Astley and displays a message “Never give up your” (ikee is never going to give you up), but stops there and does not perform further attacks on the iPhone. The worm was written by a 21-year-old Australian hacker Ashley Towns to prepare, Towns said the production of the worm is to have iPhone users realize the risks of not changing the default root password.

However, only jailbroken iPhones are vulnerable to the worm virus. Jailbreaking is a process that allows iPhone and iPod Touch users to run homebrew apps on their devices by bypassing Apple’s App Store. Once jailbroken, iPhone users are able to download homebew applications as well as cracked applications through unofficial installers such as Cydia, Rock App, Icy, and Installer. Jailbroken versions of Apple’s iPhone is eligible for technical support and Apple has many times through software upgrades prevented users from cracking their iPhones. Apple also noted that Jailbreaking an iPhone is illegal. Users who jailbreak their iPhone, installed SSH, and did not change their default root password “alpine” were found with the worm. Once infected, the worm will attempt to search and spread to other jailbroken iPhones in the same network. This threat can be mitigated by changing the default password of their iPhone.

Prior to this incident, iPhone users have already been the target in attacks. A week ago, Dutch users received messages from an the attacker that warned of a security vulnerability in their cell phone and requested that these users donate 5 Euros each to a PayPal account. The attackers have since apologized and provided a fix. This is an example of an attacker who exploited the same flaw but not in the form of a virus or worm.

Slash notation for subnet masks quick reference

One thing I can never remember quickly is slash notation, it is not difficult but I just can’t seem to remember it quickly!  So here is a quick reference guide.  In slash notation, a single number indicates how many bits of the IP address identify the network the host is on. A netmask of 255.255.255.0 has a netmask of 8 + 8 + 8 = 24.

For example, writing 192.168.42.23/24 is the same as specifying an IP address of 192.168.42.23 with a corresponding netmask of 255.255.255.0. Often you have to enter the netmask as slash notation, an easy task with the usual 255.255.255.0. However if your network doesn’t have 255 hosts, for example only 8 hosts, then the netmask will be 255.255.255.248.

The following table lists the variable length subnets from 1 to 32, the CIDR [3] representation form (/xx) and the Decmial equivalents. (M = Million, K=Thousand, A,B,C= traditional class values)

Conversion table here:

http://www.mattwaddell.com/2008/08/26/slash-notation-for-subnet-masks-quick-reference/

Caution about FortiClient free Download

Before you grab  and install the FortiNet Client (FortiClient) Free Download client…

Check this link – Interesting Read

Review on FortiClient Endpoint Security Suite Standard Edition, the FREE Antivirus by Fortinet

SIP Trunking Provider – CudaTel TrixBox Asterisk !

TalkinIP enables you to make calls at the absolute lowest rates. You can use software on your computer or a SIP enabled device (Asterisk, Trixbox, SIP Gateways, IAD, IP PBX) to place calls using the internet.

TalkinIP provides you outbound calling to any destination within the continental USA for only 1.5 cents per minute and Canada for only 2.3 cents per minute.  Get started for as little as $15 prepaid credit.  Your credit will never expire, so you can make calls next week or next year.

So what’s the catch? There are none. No tricks and no commitments. You enjoy low cost calling at the industries lowest rates.

Are you a business? You can use TalkinIP for SIP Trunking (termination) to place calls worldwide from any SIP based IP PBX or gateway. For Inbound SIP services, including unlmited inbound calling, and SIP delivered DIDs from locations worldwide checkout www.ipcomms.net.

Highlights
• Account balance never expires

• No setup or cancellation fees

• No activation fees or hidden charges

• Recharge your account 24/7 online
• Track your usage and manage your account online.

http://www.talkinip.net/enduser/talkinfo.html

TrixBox.com and HUD Videos

The name of the product is trixbox PRO and you can see it’s general details at its website here: www.trixbox.com.  Trixbox PRO is an advanced IP PBX solution focused on the SME market although it’s also perfectly happy addressing Enterprise clients. The Fonality trixbox Pro IP PBX is a Hybrid Hosted™

architecture, which allows for Anywhere Management™, and creates the reliability and quality of a premise-based system with the convenience and cost benefits of a hosted system.

 

Trixbox PRO is comprised of two key integral parts which makes it a unique offering in the market:

 

1. The Control Panel which can be accessed via any web enabled interface and provides the ability to manage, configure and do any necessary changes to the system in minutes from anywhere.  This is where you can manage company extensions, call routing, auto attendants, phone numbers and much more.  Here is where you can also have Access to real time monitoring of analog lines, T-1/E-1 interfaces and unlimited SIP Providers.

 

1. HUD (Heads Up Display) is an award-winning employee presence and communication management application that comes free with all versions of trixbox. HUD empowers its users with company-wide visibility and information on the “presence” of every colleague, making it easy to interact with one another via a single, simple interface.

 

You can view the different versions and features of trixbox PRO (Standard, Enterprise & Call Center) by clicking here and the different versions and features of HUD by clicking here.  Finally you can see the latest video demos of HUD that clearly outline its siginifcant impact on productivity and value for any enterprise using it on a daily basis:

 

HUD Demo Videos

 

• HUD for Attendants
• HUD for Employees
• HUD for Remote Workers
• HUD for Call Centers
• HUD for Executives

 

As a quick reference, the company behind trixbox PRO is Fonality. Fonality has been in the market for many years and has over 250 employees.  It’s solid and backed by large investors such as INTEL.  They have won numerous awards for their technology and are DELL’s key partner for IP PBX solutions.   I am attaching a general brochure on trixbox for your reference as well.

 

Servers and Implementation:

 

Regarding the implementation, as you may already know trixbox PRO can be easily downloaded (software only) and installed on any of many certified servers from Dell and HP.  Alternatively we can integrate the software into an integrated trixbox PRO appliance (brochure attached) depending on your customers needs.  

 

IP Phones & Telephony Cards:

 

Trixbox Pro Works easily with almost any SIP based IP Phone.  Most of our clients use IP phones from Polycom but some also use phones from other providers like Grandstream, Astra, Linksys and SNOM.  We are authorized resellers for all of those and can offer a fully integrated solution with 12 month advance replacement warranty on all IP phones.  On the telephony cards, we recommend and have certified the SANGOMA brand and can integrate analog and digital cards easily depending on your client’s requirements.

 

For your reference attached I am sending you the following:

 

a)      Price list for trixbox PRO and Reseller options/levels. We typically start all our partners (assuming they will work independently) at the highest tier of Certified and do an evaluation every 6 months to see if it makes sense to continue at that level.

b)      Official trixbox PRO agreement to legally be able to use trixbox PRO logo’s and collateral.

c)       General trixbox PRO Brochure

d)      General brochure for trixbox PRO appliance. 

 

Take a look at the details and let me know should you have any questions.  If you have an immediate opportunity that we can help with let me know and I can walk you through the process. The next step would be to setup a quick web demo so I can walk you through the details of trixbox PRO.

New Social Network (3Echo.com)

New Social Network for Musicans, Artists, Models, Photographers and Entertainment – Follow us and get it on our beta release! ( 3Echo.com )

http://www.Twitter.com/3Echo

Coming Soon

http://www.3Echo.com

Facebook Spammer Charged

(WEB HOST INDUSTRY REVIEW) — A longtime spammer may potentially serve jail time in relation to a Facebook lawsuit after a California judge ordered him to appear in front of the US Attorney General’s Office for criminal proceedings.

The case follows another Facebook spamming case last November, when the company won a $873 million ruling against a Montreal spammer that flooded members’ inboxes with sexually explicit messages.

Judge Jeremy Fogel of the US District Court for the Northern District of California referred Sanford Wallace to the US Attorney General’s Office to undergo criminal proceedings for allegedly violating a court order that prevented him from accessing Facebook.

In February, Facebook filed a lawsuit against Wallace, Adam Arzoomanian and Scott Shaw for allegedly spamming and phishing the website.

The three men were issued a temporary restraining order prohibiting them from accessing Facebook’s network.

Facebook released this statement via company spokesman Barry Schnitt addressing the ruling:

“We see Fogel’s ruling as a strong deterrent against spammers. Spammers feel that they are immune from criminal prosecution. Fogel’s ruling demonstrates that judges will enforce restraining orders and spammers who violate them will face criminal prosecution.”

The ruling on the social network community’s civil lawsuit against Wallace stalled after the defendent filed for bankruptcy.

Wallace has had a long history of spamming that dates back to the 1990s.

He started his spamming career with fax spamming, where he sent out thousands of unsolicited offers for timeshares, insurance policies, and foreclosed real estate deals to fax machines.

Last May, a federal judge ruled in favor of MySpace after Wallace and another defendent failed to show up to a hearing.

The two men were ordered to pay $230 million for phishing and spamming MySpace users with links to gambling and pornography websites.

Building on the Cloud

Salesforce.com has helped build a group of certified Force.com developers on oDesk, making our marketplace one of the best resources for buyers looking to use Salesforce.com CRM solutions on the Force.com platform. And we’re hearing from the providers offering Force.com skills that being part of this latest certified group on oDesk is paying off as “cloud computing” reaches new heights.

Rakesh Aggarwal is a salesforce.com-certified developer in India who says demand for Force.com implementations has brought him a steady stream of customers since a buyer brought him onto oDesk last summer.

“I was already developing applications on salesforce.com when one of my clients insisted on working through oDesk,” he says. “After my first successful job through oDesk—now I insist that my clients work through oDesk!”

In its first three weeks, the salesforce.com/Force.com group on oDesk has grown to about 60 programmers. Jobs were already on the rise—a year ago, about 10 jobs involving Salesforce CRM were being posted each month on oDesk. Today it’s between 40 and 50. Rakesh says the technology has a lot of appeal. “I knew this was the future of technology because it’s the fastest, most trusted and most complete platform for building and delivering applications in the cloud.”

The cloud idea is simple—offering the full software platform as a service, so that the applications and data reside on the Internet (conceptualized as a cloud of servers), where a business can access them. This keeps in-house IT costs down and allows more flexibility and faster rollout of new services. Rakesh says a wide range of companies are taking advantage of the concept. “I’ve worked with individual developers who wanted to push their applications to Appexchange, and also with companies with more than 200 licenses, where they wanted to extend their business processes within salesforce.com.”

Rakesh has been working with salesforce.com technology for three years, since before the Force.com offering launched. He says that Force.com and oDesk have been a powerful combination for his business. oDesk lets him focus on his work as a developer, rather than on the hassles of being a one-man small business.

“I can manage my work much easier now,” he says. Which is good, because there’s more of it. “I had to go about searching for work earlier, but after couple of jobs here, I have been constantly getting work through oDesk.”

He says he’s even busier since joining the new salesforce.com certified users group. “It’s a great initiative, and it’s great to be part of this group,” he says. “After joining this group, the number of leads for salesforce.com projects has increased for me.”

While his profile offers other skills besides his salesforce.com expertise, Rakesh sees the Force.com platform as the critical focus, for himself and the buyers he’s serving.

“Cloud computing is a simple idea,” he says, “but it can have a huge impact on your business.”

Click here to see salesforce.com certified providers.
Click here to see all of oDesk’s sponsored groups.

One Response to “ Building on the Cloud ”

1. Building on the Cloud « crm like soft
   June 23rd, 2009 at 7:23 pm

Ex-Googlers behind new security service that flags

This story appeared on Network World at

http://www.networkworld.com/news/2009/061509-security-service-malware.html 

malware on Web sites

By Ellen Messmer , Network World , 06/16/2009

Sponsored by:

Security start-up Dasient debuted Tuesday with a cloud-based service designed to detect malware on Web sites and quarantine it away from visitors prior to it being removed.

Dasient’s three co-founders include two former Google employees, Neil Daswani, previously Google’s security product manager, and software engineer Shariq Rizvi, along with Ameet Ranadive, whose background includes stints at consultancy McKinsey & Co. and HP. (The new company doesn’t use job titles.)

How next-gen browsers tackle security

The Web Anti-Malware service that Dasient is announcing today makes use of Web crawlers and heuristics to automatically detect code that cyber-criminals have loaded onto legitimate Web sites in order to download malware or push visitors to fraudulent sites. As a consequence, victimized sites infected by malware often end up on “blacklists” of suspected dangerous sites compiled by Google as well as security firms, including McAfee, Symantec and WebSense, that have ways to watch for compromised sites.

It’s “a challenging engineering problem,” says Daswani of performing diagnostics on malware-infected sites and quarantining code without disrupting site use. The Dasient Web Anti-Malware service, which starts from $50 per month, is still in an “alpha” stage in some respects, especially the malware-quarantining capability, Dasient’s co-founders acknowledge. The malware quarantining feature requires a Dasient software module to be installed on a Web server for protection.

The goal, the co-founders say, is to assist Web site managers in finding out where the malware problems are before they’re on blacklists or to help them get off the blacklists, which disrupt business and drive customers away. The Dasient service can also be used by Web hosting providers to assist their customers.

There are millions of Web sites compromised each year. Family Communications, the Pittsburgh-based children’s media non-profit founded by Fred Rogers, found out how devastating it can be to end up on a blacklist because of infected Web pages.

“Four or five months ago we were alerted to the fact that Google results was saying your Web site may have malicious code,” says Kevin Morrison, COO at Family Communications, who said Google did send out an e-mail notice but didn’t seem to be in a position to do much more than that.

The phone started ringing off the hook with callers asking what was going on, and Morrison says his Web site hosting provider couldn’t really tell. Around the same time, Dasient contacted Family Communications to say it knew the site had been flagged by Google, they could help, and they did, showing exactly where bad code was embedded in Web pages, says Morrison.

“It had been hacked obviously,” Morrison says. “We got the malicious code out of the way and suddenly we’re OK on Google again,” says Morrison, who adds his company has continued to be an early user of Dasient’s Web Anti-Malware, though no more incidents have cropped up since.

Dasient retains close ties with Google — which itself faces many Web attacks daily, says Daswani — but the co-founders declined to provide more detail.

The start-up has received $2 million in funding from Maples Investment, Radar Partners, Stratton Sclavos and Eric Benhamou.