WORLD CITIZEN: 2008

Thursday, December 18, 2008

CSRF

CSRF - The hidden menace
Cross Site Request Forgery (also known as XSRF, CSRF, Sea Surf, Session Riding, and Cross Site Reference Forgery) is an attack that tricks the victim into taking some action on the vulnerable application without the victim’s knowledge. This can happen when the victim visits a webpage that contains a malicious request, which then performs the chosen action on behalf of the victim.
CSRF attack can be carried out in different ways. The attack could be done using a HTML IMG Tag or a specially crafted URL embedded into the Target application. This works for sure since the victim will be logged into the application. Another way of doing it is to host a site/blog and influence the victim to visit the site. This site in turn would contain the malicious request. This might not work always as users may not be currently logged into the target system when the exploit is tried.
How CSRF works?
The CSRF attack exploits the browsers feature of sending the session cookie along with every POST/GET HTTP request to the target application. An adversary identifies a URL on a website like a banking application that performs some functions like purchase, fund transfer or bill pay or any transaction or updation. The adversary posts the particular URL onto a web page on which they have control. When the victim visits the webpage the URL is trigged (via an Image Request). The browser sends the authenticated cookie for the particular website along with the request.
For example: - one user, Jane, might be browsing a chat forum where another user, Dan, has posted a message. Suppose that Dan has crafted an HTML image element that references a feature/Webpage on Jane’s bank’s website (rather than an image file),
e.g.,
If Jane’s bank keeps her authentication information in a cookie, and if the cookie hasn’t expired, then Jane’s browser’s attempt to load the image will submit the withdrawal form with her cookie, thus authorizing a transaction without Jane’s approval. In the above example Jane’s web browser is mislead into withdrawing amount from Jane’s account for Dan.
Who is Vulnerable?
As seen in the attack above, Web applications that perform actions based on input from authenticated users without insisting the user to authorize the specific action are at risk.
CSRF attacks are more likely to be carried out on applications that are transaction oriented like online banking, e-Commerce Sites etc.. Applications or WebPages that implement only simple query/retrieval features are in general not susceptible to CSRF attacks, as they do not perform any transaction or updations on the user’s behalf. Today, most web applications rely solely on automatically submitted credentials such as session cookies, basic authentication credentials, source IP addresses, SSL certificates.
Applications that allow posting of user content like forums, messages etc. are often vulnerable to CSRF attacks. For example, a specially crafted message(embedded image request) on a message forum may compromise the account details of other users viewing message.
Applications that use persistent cookies are also vulnerable to CSRF attacks, since the users are "always logged in". Users could trigger an action on the target application when they visit another blog/site that contains a specially crafter URL of the target application.
XSS and CSRF Combined
XSS (Cross Site Scripting) attack happens when the adversary sends a malicious code to the application, usually in the form of script, to other end user. An adversary can use XSS to send malicious script to an unexpected user. XSS vulnerabilities are not necessarily required for a CSRF attack to work, although any application with XSS vulnerability is compromised to CSRF. When building defenses against CSRF attacks, focus should also be on fixing XSS vulnerabilities in the application since such flaws can be used to get around most CSRF defenses. XSS and CSRF together is a deadly cocktail.
The CSRF Attack in news
According to public reports, Google Gmail contained CSRF vulnerability. This vulnerability was reported on July 2007. Gmail provides email filters that allow users to sort and forward mail, this feature was found to be vulnerable to CSRF. To carry this attack victim must be logged in GMail. Victim must visit a malicious web page: most likely scenarios are clicking an external link from an incoming message. The malicious web site/email forges a POST request to GMail’s ‘Create Filter’ wizard, which will build a filter which forwards incoming messages to a mail recipient owned by the attacker. Since user is already authenticated, session cookie is passed along with the forged request and the GMail filter gets implemented.
Yahoo also contained CSRF vulnerability. This vulnerability was reported on October 2007. It was possible to add or delete in the yahoo calendar entries from a malicious site. The specially crafted HTML on a malicious site adds a task and an event to the victim’s calendar.
Countering CSRF
As we have seen in an earlier article on Session Riding, the things that do not work in fixing CSRF are,
Using POST instead of GET: The adversary could generate forged POST requests without user interaction, similar to GET.
Implementing confirmation pages: They only make the CSRF attack a 2-step process. Where the confirmation request carries all the details for placing the order, the adversary could as well skip the first step and directly use the second link to place the order.
The better known solution to prevent a CSRF attack is the usage of secret tokens alongwith each transaction made on the application.
Secret token - Use Hidden Fields
If all sensitive/transaction URLs contain some token with the page, the server can distinguish between submissions that come from pages supplied by the server (which are safe). A transaction without the token should not be allowed. The challenge is to setup the server to keep track of the token, and to setup all forms to contain a hidden field.
Here we take a simple example using ASP, showing how to implement a secret token. In an Online shopping application, a user places an order for an iPod. The application calls the transact.asp page - http://safeshop.com/transact.asp
The transact.asp page:-
Sets a Random Token at ServerDim token = md5(uniqid(rand(),transact))
Sets a Session Variable for this token at ServerSession("token") = token //Server remembers this across pages
In addition, sets an HTML Hidden variable with this token
Sends Form with other input Fields back to the browser.
The user enters the Form Fields and Clicks Submit Button. The transact.asp page calls the transactConfirm.asp page
Now even if the attacker tries to Forge a HTTP POST Request, he will need the token value to post a successful request.
A slight modifications to HTML hidden field token, is using the Session Token as the Anti-CSRF Token.
Secret token - Use Session Tokens
The CSRF attack exploits the browsers feature of sending the session cookie alongwith every POST/GET HTTP request to the target application. Due to cross-domain rules of the browser a session cookie used by a browser would not be directly available to the on the attackers domain. So effectively the session cookie value itself will be secret. Therefore, applications can read the session cookie using JavaScript and then add to URLs, forms or the body of a POST request. The application should check at the server side that the session cookie value that the browser sends in the header is the same as the session cookie in the request. Here the session cookie is used as the random and unique token for each request.

MOBILE BANKING THREATS

Threats observed during user authentication
An adversary can download the client on a laptop/desktop and use its insecurities for malicious purposes.
An adversary can obtain the user credentials stored on the mobile phone by transferring the contents to pc/laptop from the phone or memory card.
An adversary can register with valid details of a valid bank account holder and access his/her account details or make transactions.
An adversary can access user credentials directly from the phone’s folders or from phone’s memory card.
An adversary can obtain the new PIN for transacting using the weak forgot password feature or an adversary can change the password/PIN of a valid user without authentication/authorization. An adversary can use the auto-complete feature to access a valid user’s account.
An adversary can guess weak passwords/PIN to retrieve customer information.
Ideal scenario
Threats addressed in the following method:
An adversary can download the client on a laptop/desktop and use its insecurities for malicious purposes
An adversary can use the auto-complete feature to access a valid user’s account.
The customer has to first register with the bank. Customer details like full name, postal address, e-mail address, bank account details and mobile phone number should be provided.
The bank would inform the vendor to push the mobile client application to the mobile number provided by the customer. This can be done through a system which communicates between the server at vendor end and bank end. The vendor enters the mobile number of the customer and the client application is pushed to it. This ensures that the client is not downloaded to a pc or laptop and misused. In case the push is not possible, the customer has to be informed and the client application installed by the vendor.
The application has to ensure that during installation a few checks are done
Transfer the bank’s and vendor’s public key for encryption purposes. There can be two keys generated for the vendor; one for storage and one for data transmission.
The client files/folders are installed on the phone and not in the memory card.
The files and folders should be restricted from being transferred to a memory card or pc/laptop. The access to these files should only be through the executable and not directly.
The installer should be removed after installation.
Application should not allow auto-complete feature.
Threats addressed in the following method:
An adversary can guess weak passwords/PIN to retrieve customer information
Once installation is done, customer has to use the client to register with the vendor for using their application to transact through mobile phones. During this process the above mentioned details should be provided through the client. Along with this, the customer has to create a unique username and password for critical transactions like fund transfer, bill payment, etc and a PIN for non-critical operations like account status check, cheque status enquiry; and a hint question/secret answer for forgot password feature. Ideally, the customer should not create a username/password combination; the customer’s Internet banking credentials should be used. This ensures that for critical transactions, the details are not stored at the vendor’s server. The PIN, which is used for non-critical operations, can be encrypted using a one-way hash function at the vendor’s server.
The password and PIN should follow a strong password policy.
Threats addressed in the following method:
An adversary can register with valid details of a valid bank account holder and access his/her account details or make transactions
There can be two layers of authentication; one using the Internet banking credentials for critical transactions which is verified by the bank; and another using the PIN for non-critical operations by the vendor.
During registration, the application should send the customer details like name, address, etc and mobile number in an encrypted format using the vendor’s transport public key. The MSISDN number has to be appended to this encrypted data by the mobile network provider when it exits the mobile network. The vendor server-side application will verify whether the mobile number entered by the customer and the mobile number provided by the network provider is same or not. Alternatively if this is not possible, the vendor will have to verify with the customer by calling back on the mobile number provided.
After registration with vendor, the customer details like name, bank account details, postal and e-mail addresses are stored at the vendor server.
Threats addressed in the following method:
An adversary can obtain the user credentials stored on the mobile phone by transferring the contents to pc/laptop from the phone or memory card
An adversary can access user credentials directly from the phone’s folders or from phone’s memory card
Ideally, customer details should not be stored on the mobile phone. If they are, these checks should ensure they are secured from misuse.
Store the customer data using the vendor’s storage public key. If for any reason these details are required, the encrypted data can be sent to the vendor server.
Username/password or PIN should not be stored on the mobile phone.
The customer data should not be directly accessible from the mobile phone, only the application should access it.
Forgot password feature:
Threats addressed in the following method:
An adversary can obtain the new PIN for transacting using the weak forgot password feature or an adversary can change the password/PIN of a valid user without authentication/authorization
During user creation, the application should ask for a hint question and answer for ‘forgot password’ feature.
The user should enter the correct answer to the hint question to obtain the new password
Once the user enters the correct answer to the hint question, the customer details from the mobile phone should be deleted. The application should inform the vendor/bank about the password change and should be ready for re-registration of the customer.
The new password should be sent to the user via an SMS
Using this password the customer should register again only with the vendor.
The application should provide the feature to change the password on first logon.
Threats observed during transactions
Based on the services provided to the customer the following threats can be observed
An adversary can sniff the contents of transaction and obtain confidential information.
An adversary can bypass authentication controls.
An adversary can make bogus shopping or purchase transactions for another valid customer.
An adversary can view the account details of another user.
An adversary can modify the ‘from account’ and amount field during a fund transfer process.
An adversary can predict the session id and perform transactions as a valid user.
An adversary can access a valid account using an active session which has not been terminated after a long time of inactivity.
An adversary can login using his credentials and view/modify the details of another valid customer.
Illegal/Invalid transactions can be performed without continuous authentication process for each transaction.
Ideal scenario
Threats addressed in the following method:
An adversary can sniff the contents of transaction and obtain confidential information
All transactions should be through a secured connection. Data transmitted between the client application and the vendor server should be through HTTPS or another secured channel and also encrypted through the vendor’s transport public key. The data flowing back from vendor sever to the client should be through HTTPS or a secured channel.
The data flowing between the vendor server and bank server should be through HTTPS. Also the customer details, which are not required by the vendor, should be encrypted using the bank’s public key. The return should be through HTTPS.
Any data flowing between bank/vendor to other third parties or merchants like for mobile shopping should be through a secured payment gateway.
Threats addressed in the following method:
An adversary can bypass authentication controls
Illegal/Invalid transactions can be performed without continuous authentication process for each transaction
An adversary can view the account details of another user
Each transaction or operation should be authenticated either using a single layer or a dual layer.
The vendor side application should authenticate the customer using the PIN for non-critical operations. Validation checks should be in place to ensure that this authentication control is not bypassed.
For critical transactions, there can be dual authentication mechanism, one using the PIN at the vendor and other using the Internet banking ID at the bank side. Validation checks should be in place to ensure that this authentication control is not bypassed.
Threats addressed in the following method:
An adversary can make bogus shopping or purchase transactions for another valid customer
An adversary can modify the ‘from account’ and amount field during a fund transfer process
For example, in a fund transfer operation the bank should ask for the Internet banking credentials from the customer for authentication and verification. Also checks need to be in place to ensure that the ‘from account’ field cannot be modified or the ‘amount’ field is not negative.
In mobile shopping operation, the payment should be through a secured payment gateway. Ideally, the vendor should not store the details of the shopping done by the customer. In case the vendor performs the payment for the customer for his/her purchases, then only the details need to be stored at the vendor. Then the customer authorizes the bank to transfer the amount to the vendor’s account for making the payment to the merchant for his/her item.
Threats addressed in the following method:
An adversary can predict the session id and perform transactions as a valid user
An adversary can access a valid account using an active session which has not been terminated after a long time of inactivity
An adversary can login using his credentials and view/modify the details of another valid customer
Having a good session management mechanism ensures that attackers don’t use a valid session id for login purposes. Also the application should ensure that users are not able to change the data and view another customer’s details [like URL manipulation].
Other possible threats
An adversary can upload malicious files to the server/application.Ideally, a mobile banking scenario would not require a customer to upload files to the server. Hence the same can be disabled for customers.
An adversary can obtain the confidential customer data and source code from the serverAll customer data and application source code at the vendor server should be protected not only from the outside attackers, but from internal users/developers also.
Malicious activities are undetected.Audit trails and logging need to be maintained for the application which mentions the customer name, bank details and transaction performed with time and date for future reference.
An adversary can obtain the details of the server or error messages provide information for the adversary to perform specific attacks.The application should ensure no messages are provided to the outside world which would reveal information about the system.
An adversary can obtain the vendor private key from the server to perform man-in-the-middle attacks.The private keys should be stored securely and access should only be given to the application to use the keys during any kind of operations.
In short the idea is to maintain CIA during storage and transmission. The concept of dual layer authentication, multiple encryption mechanisms and restricted access through the mobile client application achieves just this.
The Mobile Station International ISDN Number is the standard international telephone number used to identify a given subscriber. MSISDN is defined by the E.164 numbering plan. This number includes a country code and a National Destination Code which identifies the subscriber’s operator

Friday, December 12, 2008

MOBILE BANKING

Fundamo and Accenture sign a deal to promote mobile wallets across the world. Cape Town-based mobile banking software company Fundamo has signed a partnership agreement with Accenture for the provision of mobile wallets worldwide.
Worth knowing
A licence to kill innovation
“We have been in the mobile financial services software environment for seven years, and we have always looked at how we can position ourselves in the international market. The deal with Accenture gives us just the global situation we have been looking for,” says Fundamo head of business development Aletha Ling.
The demand for mobile wallets is starting to accelerate as a natural result of the deep penetration of mobile phones into communities around the world, she states.
The software has been through the new technology cycle of early adopters and test shaping, Ling explains. “The 2007 year showed that the technology has reached the growth curve and the time is right for adoption globally.”
According to Ling, the technology is being driven by the higher acceptance of the technology. “We are seeing a greater consumer need for financial services on mobile, especially in the emerging markets.”
She cites the need for migrant workers to be able to transfer part of their income into international accounts. “A Nigerian working in Johannesburg will want to send money home to his family. The mobile wallet allows just that kind of transfer among others.”
Infrastructure solution
The mobile wallet represents a transactional bank account that will be held by the mobile operators, she says. The mobile operators are given a packaged pilot solution. They also have the option of issuing a branded debit card with the account.
In terms of financial services regulations, Ling says each mobile operator or client is responsible for compliance.
Accenture says it will lead the promotion of mobile wallets worldwide in 2008, which will allow mobile network operators to deploy, operate and fine-tune the service. “Operators will also have the opportunity to test partnering relationships with a bank, prior to full-scale mobile wallet service deployment,” says Accenture`s mobile wallet lead Michael Eagleton.
“SA is already well served in the arena of mobile banking, and is not our essential target. We are looking at largely populated areas in emerging markets such as DRC, Uganda and Ghana, along with several countries in South America.”
A second application can be integrated as a mobile channel for the banks, says Ling. “Banks are faced with a problem of growing their client bases, with the huge financial implications of adding infrastructure – such as ATMs and branches – in under-serviced areas. The mobile phone allows them to use an infrastructure already in place, which is very enticing to banks in emerging markets.”
Participating financial service providers, mobile operators and clients will be announced at an official launch in Barcelona next month.

MOBILE BANKING

Mobile Banking vs. a Mobile Bank
The mobile bank versus mobile banking debate is still raging, but what are the real fundamental differences between the two and why is there so much noise around which is seemingly better?The two are vastly different. A mobile bank is essentially a new bank or product built around the understanding that the primary interaction with the bank will be through a mobile device.A mobile banking solution on the other hand is the evolutionary step after Internet banking. It is an additional service bolted on top of an existing solution - making access to services more immediate and reducing customer reliance on branch infrastructure or access to the Internet.Underpinning the debate is the question about the validity and longevity of mobile in general. Looking at worldwide statistics there can be no doubt that mobile is king. In South Africa alone more than 250 000 people interact with their bank via a mobile device - whether it be via mobile banking or a mobile bank. The real argument is what form banking via mobile devices will take - right now that is left to personal choice and market availability.In essence both are a different banking experience, guided by the provider and selected by the user, depending on the requirements of the individual and the availability of infrastructure wherever the solution is being offered.A mobile bank is by definition a new offering and thus unconstrained by existing infrastructure, pricing structures and product rules, allowing it to be optimised for a totally mobile experience.It is true of both mobile banks and mobile banking that the user doesn't need to go to a bank once either is implemented, but in an ideal mobile bank no interaction with bricks and mortar whatsoever should be needed, whereas a mobile banking solution may still require the user to enter a bank to set up an account or even manage changes to it. The one barrier to entry is whether or not customers have mobile phones, however, worldwide market penetration of cellular devices makes this almost a non-argument.In a mobile bank, the phone remains the primary transacting mechanism - it is the entry point for the user into the bank and the bank's entry point to the user. The benefits to the provider are numerous as it lessens the individual's dependency on the physical infrastructure and mobile transactions are less costly to facilitate and manage.At the end of the day it is all about the business case of the organisation and where emphasis is placed in the organisation. In traditional banking the interface is with a teller or an ATM. With Internet banking the primary interaction is with a PC. With mobile banking, the interface is through a cell phone. The case with a mobile bank then is simple - the phone becomes the branch and this model is thus very appealing to new financial service providers looking to get to market rapidly without the burden of physical infrastructure investments.Mobile banking is a means to reach a mass market, its popularity on the infrastructure constrained African continent and other emerging markets is evidence of this in itself. The form it takes is then more about the product, versus the channel. Traditional financial institutions are seeing mobile banking as a massive opportunity, and rightfully so, as it puts them in a position to innovate, where their services have previously been very similar. And while we have seen physical banks forming mobile banks, for example MTN Banking which is backed by Standard Bank, it is entirely feasible that in future, mobile banks, as yet unformed, may expand into the physical sphere.This may not be the answer that the debaters want to hear, but as is so often the case with technology, how you use it depends on what you aim to achieve. Either way, mobile financial transacting is the way of the future and there are few companies that are not considering this as an option. While we may squabble over who has the best solution, the user is merely interested in what is best suited to them from a convenience, access, and affordability point of view.ENDS About FundamoFundamo is a provider of a suite of mobile applications and business solutions for organisations wishing to do banking, payments and other transactions from mobile devices. These organisations include banks, mobile operators with banking aspirations and third party payment processors/switches. Fundamo targets international growth through quality business partnerships and resellers, including Gemplus, the global leader in the provision of smart cards, and global electronic funds transfer company Mosaic Software, an S1 company.Fundamo's suite of products enables person-to-person payments, payments for deliveries, airtime purchases, bill payments, retail payments, payments for virtual content, etc. The transactions offer immediacy, convenience, security, simplicity and affordability. Fundamo has provided solutions and supporting services to customers in a number of countries with sizeable customer bases and transactional volumes being processed on a daily basis. The company's customers processed well over 50 million payment transactions in 2005 and are experiencing significant month-on-month growth in their transaction volumes. Fundamo's major shareholders include Venfin and Sanlam.

MOBILE BANKING

Thursday, December 11, 2008

TURN YOUR iPHONE INTO DESKTOP PC

How to Turn Your iPhone into a Desktop PC
Japanese designer Mac Funamizu has developed an ultra new and creative way to use your iPhone.

Even the Jetsons didn’t have this. Coveted Japanese designer Mac Funamizu has developed a way to turn your iPhone into a desktop PC and so much more. Inspired by Microsoft’s Play Anywhere system, Funamizu’s yet unnamed creation allows a user to connect an iPhone to a desktop stand and experience untold capabilities without all the hassle of a complete desktop system. Basically, the system works like this: An iPhone is mounted onto a stand that features a built-in projector and an array of delicate and very smart sensors. A full keyboard and mouse are projected onto the desk’s surface and the user’s hand movements are used to calculate the input of date into the system, including clicks and keystrokes. If so desired, the keyboard and mouse can be expanded or contracted by the wave of a hand. There are also other non-traditional and multi-touch gestures which will allow the input of data into the iPhone. Because the ultra thin gadget is transparent, many are referring to it as "magical glass". Also included in the system are the touch screen panel, scanner, and a built-in camera. It is assumed that the glass will also function as a viewfinder for the camera. There will also be Wi-Fi connectivity for accessing the Internet. If the name Mac Funamizu sounds familiar, it may be because he’s the guy behind the "magical Future of Internet Search concept": "I instantly fell in love with this concept. Imagine having a magical glass with you that you can use to obtain information about anything you see," said Funamizu. If that wasn’t enough to make you reach for your credit card, consider this: With Funamizu’s creation, it is possible to look through the glass, pinpoint an object, and be able to access tons of information on it. How cool is that? Just imagine that you’re out and about and you spot a car that you just have to have or your friend has been bitten by a rare breed of tarantula. Never fear! Just use the magical glass to focus on the item and find out any and all info on the target almost immediately. It would make vacations a real trip if you could simply focus on a landmark and know its history or use Mapquest to find an Italian restaurant that serves homemade gelato. It’s also useful for looking up the meaning of a word in the dictionary, allowing one to tap into Wikipedia, or thumb through a thesaurus. The specs on the Wi-Fi connectivity haven’t been released as of yet but if the hype is true, the possibilities are virtually limitless. The only concern that seems to be surfacing is that of privacy. Some fear that people will use their magical glass to tap into their identities and gain personal information that should not be so easily obtained. I’m not really sure how that could work but Funamizu seems to have all the answers and would presumably build in some security features. We’ll just have to wait and see.

SHOP ONLINE FOR CHEAP

Shop Online to Save your Bucks
Now that simplicity is preferred everywhere, you might have been needed it even with your shopping. The online shopping is bringing all this for you and giving a chance to save your costly time as well as your hard –earned money too.
With the time everything has been reshaped tremendously. Shopping which was simply meant to wander in the market for finding your desired products. But today the entire scene has taken a new face. The intrusion of internet in every home has made it possible to buy your desired products sitting from the home. The more one is finding here is to find what you want and that too in a couple of seconds. No doubt people who used to invest their costly time and found it hard for searching their desired products, have now a magical weapon in the form of online shopping. Now people are relying on the internet not only for their some informative searches. Ordering for the goods or products sitting from the home has become a common fashion and cost effective way of shopping too. Now people have understood market well and with the fact that highly competitive market is always better for them, they are finding this resort in online shopping arena. With the rapid induction of so many online shopping ventures, now costumers have the advantage of getting the same products on much discounted prices. You can overwhelm if you get a discount of more than 70-80 percent, but it is true. You can search for some new online retailers who are offering such options for you. Searching for right retailers is not a hurdle. There are several good search engines or directories that are making your way easier. You can search them with any of your priority either it is to find the cheaper price or to get a rare product. Moreover, you also do not have bother for the type or categories of the products; you can find any thing here. It is about buying a bedding arrangement about your kid or sending flowers to your sweetheart on her birthday, shopping directories make the world available to you at the click of your mouse. The online shopping is now a big part of the market. A recent research shows that the segment for online customer keeps 15-20 per cent of total buying. With the increasing demand of this trend the market is being also fulfilled with newer and more attractive services. Apart from coming up of several online retailers, that are several subsidiary facilities available on the internet to make you access simpler. The launch of frugal.com by Google is one of best induction of such facilities which makes your search easier and helps you find your desired products with various cheaper options. Some other services that has introduced a much effective search tool to make you shopping experience amazing. Here even a new customer can easily come to know every bits of easier online shopping and the way of finding his/her desired products in seconds. Keeping the apprehension of the customer on count, these online retailers are coming with more secured facility for your payment. Paypal and Google checkout are now the most entrusted and common payment gateways which are used frequently by the customer and so the retailers have providing this everywhere.

POWER OF ARTICLES

Power of Articles
If you haven't considered the power of articles as part of your niche marketing strategy, then you should. Articles are a great way to drive targeted traffic to your web site, no matter what your niche market may be. When you provide good information that people want and can use, your reputation and credibility will increase exponentially, making your site visitors more likely to buy your products and services or those you recommend to them. We've all heard the mantra "Content Is King". Based on that premise there is nothing more versatile than using keyword rich articles to :
* Boost your search engine ranking
* Increase your daily visitor count
* Provide viral marketing opportunities
* Attract unlimited prospective customers
* Build a trusting relationship with your customers and subscribers
* Establish yourself as an expert in your niche market
Here's some of the things you can do with the articles you write :
* Post keyword rich articles and content on your web-site for better search engine placement.
* Compile a number of them into an ebook related to your niche and sell it.
* Use them in the form of "special reports" and "manuals" with your product and affiliate links embedded in them, which you can offer as free gifts for your visitors, subscribers and customers and bonuses for your products and services.
* Create multi-part email training courses to build that all important mailing list.
* Set up your own Ezine and use them for content to establish your bona fides with your subscribers and customers.
* Allow your visitors to use them, with your "resource box" attached, in their free ebooks which they can then distribute to their visitors, subscribers and customers.
* Submit them to "content hungry" web sites and newsletter publishers, with your "resource box" attached, to generate more visitors to your web site from their lists.
* Submit them to Article Directories, which rank highly on the search engines to provide inbound links to your niche web site.
* Monetise them on your web site with keyword-related, context ads. like Google Adsense, Affiliate Power Ads. or TrafficShowcase.
* Contact offline print publications and offer them your articles
- some of them pay for this sort of copy so you could make some extra income and establish yourself in a new niche as a freelance writer. I think you'll agree that there aren't many forms of promotion with this level of versatility. And the great thing about the strategy is - it's free! All it takes is time. With the cost of paid advertising spiralling ever upwards, can you ignore the power and versatility of using articles as a major part of your niche marketing strategy?

Monday, December 8, 2008

SECURITY CHECKLIST FOR VOIP PROVIDERS

Security Checklist For Voip Service Providers
It is often said that understanding the problem is 90% of the solution, and VoIP security is no exception. It is fear of the unknown which is likely to elicit a knee-jerk reaction of panic, so the first step is to understand the threats and then classify them. We also have to ask the question: what does security mean to me and what does it mean to my customers?
Security to the customer means protecting their device and identity and the continuity of their service. Security to the service provider means protecting their network their revenue and their customers. In this feature we will look at service disruption and service theft.
Disruption
A service can be disrupted by breaking the user's device, flooding the IP network with traffic or breaking the service provider's infrastructure. Disruption is usually achieved through either Logic Attacks or Flood Attacks or Application Layer Attacks.
• Logic attacks exploit vulnerabilities in protocols or their implementations, e.g. Ping of death, Teardrop, Land etc.
• Flood attacks disable targets through traffic volume; a flood attack can originate from a single platform or from multiple platforms.
• Application Layer Attacks include: SIP-SPAM, and identity forging.
We can also divide the attacks into IP layer and SIP layer thus:
IP Logic Attack / IP Flood AttackSIP Logic Attack / SIP Flood Attack Application Layer attack
IP Logic Attacks
IP Logic attacks on SIP devices are no different to any other IP device; these include well known exploits such as: Ping of death, Teardrop, Land, Chargen and Out of sequence packets. All of these can disable a device which has not been fully tested to protect itself against these exploits.
IP Flood Attacks
IP Flood attacks include: SYN flood attack (TCP SYN Floods are one of the oldest DoS attacks in existence), Smurf Attack, Fraggle attack and the list goes on... These attacks are designed either to overcome the device by tying up resources or to simply overwhelm the network through shear weight of traffic.
SIP Logic Attacks
SIP logic attacks exploit weaknesses in SIP signalling implementations. Incomplete or incorrect fields, invalid message types can disable not only client devices but also core network devices. This type of attack can be countered by thorough testing of any devices against suites such at the IETF SIP Torture test developed through the SIPiT Events or the PROTOS Test-Suite, developed by the University of Oulu.
A more sophisticated attack can be to inject messages into a call to terminate it prematurely. This type of attack can be largely avoided by the use of strong authentication techniques, thus, the injected packet would not be authenticated and therefore would be rejected.
SIP Flood Attacks
SIP flood attacks exploit weaknesses higher up the communications stack that require more processing resources. As a consequence, it takes a much smaller flood to cause disruption. For example, one or more devices may send multiple registrations or call requests to a server.
Countering this type of disruption requires network based devices like Session Border Controllers (SBCs) to police the signalling stream and rate limit registrations and calls to Softswitches to predetermined limits. Acting as a proxy in the signalling stream the SBC can also filter inappropriate protocols, IP DoS attacks and invalid SIP messages. This helps compartmentalise the network and restricts any disruption to just one network segment.
Protect the User Device
These devices will typically be incapable of rate limiting and may be overrun by flood attacks. This means they are subject to both logic and flood attacks. Again the user device will benefit from the protection afforded by network based SBCs blocking DoS attacks and invalid SIP messages.
Service Theft
A simple example of service theft is to signal that a voice call it being made but exchange video data. This hits the service provider on two fronts: a) loss of revenue by billing for only a voice call and b) potential degradation in service quality for other users resulting in dissatisfaction.
The structure of a VoIP call with separate media and signalling streams has lead to some innovative ploys. For example, a rogue PC client which transports media in the RTCP quality monitoring stream, this is not policed in most networks. Another ploy is to transport media in the call signalling then failing the call before billing commences. Not only does this mean a free call but repeated call set can cause huge signalling rates which are a DoS attack in themselves.
The solution is to police all components of the call. SBCs police the signalling and the media to ensure that the call is executed as requested and that RTCP traffic is within expected bounds.
Conclusion
Security is a vast subject and needs to be ubiquitous in its implementation. Take care of the fundamentals first:
Test, authenticate, protect, block, limit and police.
• Test network elements against standard IP and SIP test suites to ensure they can survive IP and SIP logic attacks
• Implement strong authentication, identifying your users protects their identity, protect their service and combats disruption.
• Protect the Network by compartmentalizing it to restrict the range of any disruption.
• Block malicious or inappropriate traffic – do not propagate the problem.
• Limit the rate of traffic to core elements to ensure the survivability of the service.
• Police all aspects of the traffic flowing across the network to prevent fraudulent or inappropriate use.
A secure and dependable service brings with it benefits to users and provider alike. It will build user confidence which in turn creates dependable revenue for the service provider and by addressing the basics from day one, need not be complex or expensive.

VoIP phone service providers offer great advantages
VoIP phone service providers offer many advantages to the residential and small office/home office user. If you have a high speed internet connection then choosing a VoIP phone service might be right for you
Lower Monthly Fees
The price of a VoIP phone line is a fraction of the cost of a traditional telephone line, the long distance calls are much less expensive if they are made via a VoIP provider, and applicable taxes are far lower with VoIP phone service than with a traditional phone service. Some VoIP phone service providers offer a phone line for around $9 U.S. dollars per month and will charge you for calls you make at the rate of 1-3 cents per minute depending on the provider. Most VoIP phone providers offer a bundled service offering unlimited incoming calls and unlimited long distance calls to anyone in the U.S. or Canada for one small fee. VoIP unlimited calling plans start at $19.95 per month. Click here to see a list of VoIP Providers.
Lower Taxes
As of the writing of this article, governments have taken a hands off approach when it comes to VoIP phone service providers. Since the calls are being carried over the Internet, governments have not heavily taxed VoIP phone services. Right now the only tax you can expect to see on your VoIP phone service provider's bill is a Federal Excise Tax, which is only 3% of the cost of the service. For example, if you were to choose a $19.95 unlimited calling plan, the Federal Excise tax would be 3% of $19.95, or 60 cents. Your total bill would be $20.55. Compare that to your local telephone bill (go ahead and take a close look) and you will see you are spending quite a bit on taxes each month. Therefore, choosing a VoIP provider could add up to significant savings for you and your family.
Included Features
Most VoIP phone service providers offer features that are included, while most traditional phone companies charge an extra $20 to $30 per month for. Most VoIP phone providers include the following features in their low monthly fee: Free voicemail, call forwarding, caller ID, call waiting, call waiting ID, 3 way calling, speed dialing and much more. Click here to view a side-by-side comparisons of the top VoIP providers.
Flexibility
When you choose a VoIP phone service provider, you will be sent a converter to allow a regular phone to use the VoIP phone service. (Click here to get an explanation of how VoIP phone service works) Your phone number is programmed into the converter. This means that you can take your phone converter and phone number and use them wherever you travel in the world, just as long as you have access to a high-speed Internet connection. Because your telephone number is based in your converter (and not your home), you have the option of choosing any area code for your phone number. Some carriers will allow you to have more than 1 phone number in different area codes for a small additional fee (called a virtual phone number). For example, you can have one number in your local area code and another phone number with an area code from another city. By having a virtual phone number in another city where you have a lot of friends and family, you will be saving them money because they can call you on a local number instead of paying for long distance charges to contact you. Both phone numbers will ring your VoIP phone wherever you have your converter and regular phone hooked up to a high speed internet connection.

VOIP QUESTIONS AND ANSWERS

VOIP QUESTIONS AND ANSWERS
KlescVoice over Internet Protocol, or VoIP, has grown in popularity recently and with that rise in popularity has come a number of common misconceptions and confusion. Global Value Connect (http://globalvalueconnect.com) has complied this simple guide to address some of these most common questions and concerns.
1. What is VoIP and what does it stand for?
2. How do I make a VoIP phone call?
3. What equipment do I need for VoIP phone calls?
4. Are there any differences between making a local call or a long distance call?
5. Who can I call if I am using a VoIP service?
6. Are there any advantages in using VoIP phone service?
7. Will I be able to dial 911 emergency services?
8. Will I be able to use my computer while making a VoIP phone call?
9. Will I be able to take my phone adapter with me while traveling?
10. Does my computer need to be running in order to use VoIP service?
11. How will I know when I receive a phone call over my VoIP service?
12. Who regulates VoIP services?
13. What are the computer system requirements for VoIP?
14. Are free trials normally available?
15. How can I improve the sound quality?

1. What is VoIP and what does it stand for?
VoIP stands for Voice over Internet Protocol and it allows you to place telephone calls over a data network like the Internet. It operates by converting your voice signal from your telephone into a digital signal that can then be transmitted over the Internet. The digital signal is then converted at the other end back to a voice signal that the other party can hear. When you use a phone with an adapter the calls are placed just like a regular telephone. You first hear a dial tone then the call is made. You are also able to place a call directly from your computer using a conventional telephone or microphone.
2. How do I make a VoIP phone call?
Making a VoIP phone call is no different from using a regular land line telephone. You pickup the receiver and listen for the dial tone. You can then dial your number as you always have in the past. The call connects to your high-speed Internet connection and travels to your local telephone company's equipment to a VoIP provider which transport the signal through the Internet to the local provider of the party you are calling. They relay the signal to your parties telephone. As an alternative, you may also place the call using your computer's hardware and software, entering the number through your keyboard. The signal is then sent through your cable modem to your local telephone carrier.
3. What equipment do I need for VoIP phone calls?
Your existing incoming high-speed Internet connection should be sufficient but the higher the connectivity the better the signal. In terms of hardware, you can hook up an inexpensive microphone to your computer or connect a phone directly to a VoIP telephone adaptor (ATA). Or you can use a phone specially made to work with Internet Voice. This is called an SIP phone. Each SIP phone is a network endpoint, and voice is routed via its IP address. It allows a DID (direct inward dialing) number to move with a user. You can move, add or remove stations and never have to call your interconnect/PBX service company. SIP phones also allow full use of advanced features like voice mail to e-mail and auto attendant.
4. Are there any differences between making a local call or a long distance call?
There are many different calling available for VoIP. The calling rates and fixed plans will vary from one vendor to another depending on the service you select. Please make sure to read all of the fine print associated with any plan that you choose. One thing to keep in mind, however, is that VoIP can blur the difference between local and long distance by issuing a local number for your Internet phone. This allows you to make LOCAL calls to your home area code from that phone, regardless of where you are geographically. All you need is an Internet connection to plug in your phone, it doesn't matter what Internet provider you use, and you can call your local area code from anywhere in the world without paying long distance rates.
5. Who can I call if I am using a VoIP service?
Your calls can be made to any local telephone number, mobile phone, long distance number, or any international number. You may even use the service to speak with more than one person at a time. More importantly, the person you are calling does not need any special equipment; just a regular telephone.
6. Are there any advantages in using VoIP phone service?
If you are using a broadband internet connection, you don't need to maintain and pay the additional cost for a regular land line just to make telephone calls. With VoIP you're able to talk to many people at the same time. You can set up conference calls with your colleagues, staff, family and friends. VoIP allows you to reduce interconnect/PBX fees by enabling you to add, move and remove stations from your network without calling your service provider. In addition, you don't have to buy an expensive phone switch to set up your network. VoIP also offers many advanced calling features from caller ID and call forward to voicemail and distinctive ringing to call tracing and reminder calls, among many others. You can also manage your features through the Internet; log-in and customize services that normally you would have to rely on your provider to change - for a fee of course.Voice over Internet can lower long-distance fees by assigning a local telephone number to your VoIP phone. You will then be able to take your phone anywhere in the world, plug it into any broadband connection regardless of specific provider, and you can make LOCAL calls to your home area code. Parents can keep in touch with children at college; churches can contact missionaries all over the world; and businesses can connect branch offices in different cities.
7. Will I be able to dial 911 emergency services?
Some Internet Voice services have difficulty seamlessly connecting with the 911 dispatch center or identifying the location of Internet Voice 911 callers. Check with your local VoIP provider to determine if they can provide this service in your area.
8. Will I be able to use my computer while making a VoIP phone call?
Yes you most certainly will be able to use your computer while making calls on your VoIP network.
9. Will I be able to take my phone adapter with me while traveling?
You should be able to use your VoIP service wherever you travel as long as you have a high-speed Internet connection available. Your adaptor should work the same as when you are at home or in the office as long as you have access to a high-speed Internet connection.
10. Does my computer need to be running in order to use VoIP service?
Your computer does not need to be turned on but your broadband connection must be active in order for VoIP to function properly. However, if you are not using an adapter and choose to use a microphone or headset with your computer then your computer must be on.
11. How will I know when I receive a phone call over my VoIP service?
Your VoIP phone will ring like any other telephone.
12. Who regulates VoIP services?
The Federal Communications Commission (FCC) has worked to create an environment promoting competition and innovation to benefit consumers. Historically, the FCC has not regulated the Internet or the services provided over it. On February 12, 2004, the FCC found that an entirely Internet-based VoIP service was an unregulated information service. On the same day, the FCC began a broader proceeding to examine what its role should be in this new environment of increased consumer choice and what it can best do to meet its role of safeguarding the public interest. In November 2004 they ruled that States do not have the jurisdiction to impose taxes on VoIP services, another victory for the consumer.
13. What are the computer system requirements for VoIP?
The specific requirements of any VoIP system must be checked with each individual VoIP provider.
14. Are free trials normally available?
You need to check with your selected VoIP provider to determine if a free trial is available. Most VoIP providers will provide some kind of free trial or conditional free trial period. If you are dissatisfied for any reason you should return the equipment in their original packing boxes together with all shipping paperwork and packing slips to ensure they will honor their warrantee.1
Will I be able to use VoIP behind a firewall?
You need to ask your network administrator regarding any special setting that are required to function through the firewall.
15. How can I improve the sound quality?
* Speak with a headset instead of a microphone. Better still, use a phone with an adaptor.
* If you are using a microphone, hold it away from the speakers to avoid having the sound from your speakers recirculate into your microphone causing feedback.
* Lower the volume on your speakers.
* Check with your sound card manufacturer to be sure you are using the latest drivers.
* Use a direct phone jack.
A split line or extension cord between your phone jack and computer can distort the sound causing an echo. Global Value Connect (http://globalvalueconnect.com) offers a wide range of VoIP products and services from the most reliable vendors at the most competitive prices. If you are in the market for VoIP services or curious as to what it may cost or how you may benefit then stop in and check out our products and services at: http://globalvalueconnect.com/VoIP.htm

VOIP

Voice Over IP – Saving Money

I was on a tech support call with a client in Australia for over forty-five minutes. Guess how much that cost me. If I told you less than a dollar, would you believe it? Well it is true indeed.
I called my friend in England just the other day. We talked for about half an hour and it didn't cost either of us a nickel. Free and clear as crystal, I used my computer. Nothing fancy, just a simple sound card, speakers and microphone is all I needed.
If you haven't heard about Voice over IP yet, you most definitely will soon. There are several different methods to the crazed digital telephony protocol that could change the way you make calls and save you a bundle.
What is VOIP?
Voice over Internet Protocol (VoIP) is the concept for managing the delivery of voice information in digital format through the Internet rather then conventional voice telephone lines. In the simplest form, VoIP turns any computer into a telephone.
Although there are complex and costly ways to do this in the enterprise level, there are also simple, nearly free ways do use VoIP on the personal level. All that's required is a broadband Internet connection of some type. Now I am not here to advertise for any single organization selling VoIP equipment or services, but just to let you know, there are some that offer very nice package deals with equipment, Internet phones, headsets and all the fixings of standard enterprise phone systems. There are also software based systems that operate like your everyday chat systems and require only computer speakers and a microphone.
Why would I want this?
One major advantage of VoIP and Internet telephony is that it avoids the tolls charged by ordinary telephone services that use the standard public switched telephone network. Sure Pac Bell and ATT don’t like the sounds of that, not unless they figure out how to jump on the bandwagon and capitalize on this somewhat new form of technology. Actually VoIP has been around for a while, yet it is starting to pick up speed now as an alternative means of communication. And the primary reason is that it will save you money.
Another money saving fact about VoIP is that since VoIP utilizes your broadband Internet connection for its delivery, customers do not pay Federal USF and FCC Line Charges and pay lower Federal Excise Tax.
WI-FI and VoIP
Now we're getting serious! Where is this going? Can it really compete with the cell phone? Well, at this time the wireless technology has some security risks and setup difficulties to overcome before it becomes a significant player in the game. But on a local, enterprise level, we are not far off.
What is the bottom line?
If you are tired of lofty telephone bills, perhaps there is a solution for you that will help with this years budget. You don't need to transform your entire phone system to utilize the benefits of VoIP. Start small and learn its potential.
A Rule for the Road:
Keep up with technology or else technology will pass you by; and the ignorance will cost you more than you will know.

VOIP WORKING

How VoIP Works -- Busting Out of Long Distance Rates
VoIP is the newest advancement in audio communications technology, and has a variety of different applications that make it useful. VoIP stands for Voice over Internet Protocol, and how VoIP works is actually quite revolutionary because it streamlines the process of sending analog audio signals by converting them to a much easier to send digital form for transmission.
To understand how VoIP works, you’ll need to understand the basic concept behind regular analog audio communication as well, since this is the precursor for VoIP. Analog phone calls are actually made via fiber optic networks by digitizing your voice communications for sending the signal across thousands of miles, but once it gets to the final destination (a home or office phone, for instance), the signal is once again converted to analog.
During these calls, the switches remain open even while there is dead air and no conversation is taking place; the circuit is also open in both directions even when only one party is talking and the other is listening. This isn’t terribly efficient, and slows down the communication of information considerably.
Packet switching streamlines VoIP
VoIP works on a different premise -- rather than circuit switching, data packet switching sends and receives information only when you need it instead of in a constant stream. It also sends the information packets along whatever open channels are available rather than a dedicated line, which is much more efficient. The information is simply reassembled at the source.
The payload of each packet has a destination coded into it determining the ultimate destination. When the computer at the other end receives all of these packets, it will reassemble the information into useable form. This form of sending audio data is extremely efficient because it always takes the cheapest route that is also the least congested.
The compression of information and use of multiple routes in order to send that information over the most efficient route makes sending audio over packet switching quicker, much less expensive and more efficient. The number of calls that can be sent is orders of magnitude higher than it was with the more traditional analog circuit switching systems.
For companies, the savings in long distance charges can be in the hundreds or even thousands of dollars per year. If companies also make extensive conference calls, VoIP makes even more sense when combined with conferencing options such as document sharing in systems offered by companies like Voxwire and iVocalize.
Different types of VoIP calling are available
The most commonly used VoIP system is from one computer to another. To set up this type of service, you will need to have a sound card installed in both computers along with microphones and Internet connections. For practical purposes, you’ll want a broadband connection or DSL -- a dial-up modem will be so slow the sound quality just won’t be that good. Aside from that, all you need is a software package that can set you up with everything you need to use VoIP to make phone calls to whomever is also set up with the same system.
You can also invest in IP phones if you want something that looks just like your standard analog telephones but with VoIP connectability. These simply replace the old-style RJ-11 connectors with Ethernet connectors (RJ-45). Hardware such as routers and the needed software are built right in.
Analog telephone adaptors (ATA) enable you to connect a standard telephone to your computer Internet connection in order to take advantage of VoIP options. ATA converts analog signals to digital so that it can be transmitted properly via the Internet.
The newest option on the market is the Wi-Fi phone, which uses short-distance Internet transmission of VoIP to replace cell phones calls. Wi-Fi broadcasts over the radio spectrum to cover short range areas for users in certain areas, and these “hot spots” have popped up across the U.S.
The upshot of VoIP is that standard long-distance charges may soon become a thing of the past. As more and more consumers turn on to VoIP and broadband connections make it easy and inexpensive (as well as practical) to make phone calls over the Internet, fewer individuals will be willing to pay high rates to make a telephone call they can make for free or next to nothing via their computer.
VoIP saves you money on long distance
There’s no by-the-minute charges with VoIP, no set-up fees, and no “time of day” or overages. That’s the great thing about VoIP plans. You just pay a monthly fee and get to make all the calls you want over your computer for one monthly fee. It’s so simple and elegant, and it’s the solution that everyone’s been wanting and waiting for far too long.
You don’t have to wait for a certain time of day of day of the week to make telephone calls with VoIP. There’s also the advantage of being able to use your VoIP connection from anywhere -- remember, you’re not tied to a phone jack to use your number, but an Internet connection, so you can call from anywhere with many calling plans.
Some of the companies that offer excellent VoIP plans with unlimited calling are listed below with their most popular options:
Vonage - currently offers a $24.95 per month unlimited VoIP package to anywhere in the U.S. or Canada. It includes voicemail, call forwarding, three way calling, call waiting and caller ID.
Packet 8 - can provide unlimited VoIP for $19.95 a month in the U.S. and Canada with a variety of features like call waiting and three-way calling, and can also give you video phone service for about $29.95 per month.
AT&T’s CallVantage - provides the usual U.S. and Canada broadband calling with voicemail, call waiting, etc. along with email, a call log and a ‘do not disturb’ option, all for $29.99 a month. You also get to keep your phone number for life, no matter where you go -- a great feature for some who move around a lot.
VoIP in web conferencing packages
VoIP is used in almost all web conferencing services as an alternative to standard conference calls, and looking into these packages will give you an idea of some ways to combine VoIP with extras such as white boards, document sharing and video. For less expensive options, many companies can provide strictly audio VoIP conference calls combined with text messaging and document sharing without video.
Some companies that offer VoIP in web conferencing packages separate from video conferencing are:
Voxwire offers voice communication with features like auto-queue, mute options, individual speaker adjustments and moderator controls along with a “follow me” browser system so that all participants can view a shared desktop. Two persons can use VoIP for $9.95 a month, or up to ten in a conference environment for $29.95 per month.
VoiceCafé provides similar services with a wide range of options that vary from packages with VoIP capability for five people at a time on a conference call to up to 500 in one conference call, all for a flat monthly fee. The prices vary depending upon what package you choose, and there are several.
iVocalize offers VoIP along with Internet conferencing options like PowerPoint presentation capabilities and presentation recording for future playback. They also provide optional Unicode translation in thirteen languages. The most basic VoIP package begins at $10.00 a month with a prices going up incrementally depending upon your needs and how many will be involved in your conference calls.
It is obvious that conference calling as well as standard long distance calling will be changing greatly in the near future as VoIP changes the landscape of telephone service. “Land lines” for long distance calling will eventually become obsolete as broadband becomes more common and makes VoIP just as commonplace as any other type of telephone call.
And with the greater portability of soft phone options built into laptops and the use of ATA phone adapters, the use of VoIP in the average home will arrive sooner rather than later.

HISTORY OF TELEPHONE-BELL TO VOIP

History of the Telephone -- from Bell to VoIP and Beyond

Everyone knows the story of Alexander Graham Bell inventing the telephone. There’s the story of Bell’s first words, “Mr. Watson, come here, I want to see you,” that’s indelibly printed on our brains from childhood. However, what some don’t know is that the telephone was developed in a similar form simultaneously by Elisha Gray, who lost the patent battle by only a few hours in 1876.
Bell was successful primarily because he understood not only electricity and the workings of the telegraph, but had a thorough understanding of acoustics, which most inventors weren’t all that familiar with. While focusing on the mechanics, they weren’t taking into account the unique qualities of sound that made transmitting speech so much more complex than simple clicks of the telegraph. With a background in music and acoustics, Bell could address these issues more readily.
Chance happening plays role in acceptance
The telephone may not have gained such wide acceptance if, as if by serendipity, the Centennial Exhibition hadn’t been scheduled in Philadelphia for only a few months later. Tucked away at a small table in an obscure corner, Bell did not hope to garner much attention until he drew the attention of the Emperor Dom Pedro de Alcantara of Brazil, who was amazed by the invention. Immediately, all the scientists in attendance were clamoring to study the new invention.
At first telephones were seen as a fad that were more for entertainment purposes than commerce, until newspapers and banks began grudgingly using them to convey information quickly by virtue of free phone installations. The publicity from this made them immediately more popular and soon phone exchanges were set up in most major cities.
In the 1880’s metallic circuits were developed that allowed for long distance calls, which grew in popularity slowly because of the cost. Later, in the 1890’s, this was overcome by the development of the party line so that families, especially in rural areas, could split the cost of a line.
Direct dial overcomes operator interference
Until 1891, calls were put through by exchange operators, but this was done away with by a Kansas City man who invented the direct dial system because he was paranoid enough to think that the operators were sending his business calls to competitors. He was an undertaker.
In 1927, the first transatlantic call was made over radio waves. During both World Wars, telephone advancements grew by leaps and bounds because of heavy spending by the Defense Department. Innovations resulting from war-time experiments included Bell Telephone’s first mobile telephone system, which connected moving vehicles to landlines via radio. Surprisingly, this was as early as 1946, a year that also saw the development of coaxial cables for major transmission improvements with less interference.
In the 1960’s, telephones were so much a part of the landscape that Bell Telephone could no longer continue to use the alpha-numeric codes for telephone exchanges (remember using numbers like Normandy-7610?) and switched to longer, all numeric numbers. At the same time, transatlantic cables were being laid to accommodate the increased demand for intercontinental telephone communication.
One of the most important shifts in telephone history was the launch of the first telephone satellite in July of 1962. TelStar was a joint venture between Bell and NASA and revolutionized telephone communications like nothing that had come before. Satellites in geosynchronous orbit could now be used for long distance calls without the need for laying endless lines of cable and did away with the problem of frequent cable damage and repair.
Fiber optics move sound at the speed of light
Fiber Optic Cables were first used for telephone transmission in 1977, when both GTE and AT&T laid Fiber Optic lines in Chicago and Boston. By the mid-1980’s, fiber optic cable was the preferred method of telephone transmission, since it could carry a much higher volume of calls with much less interference. Since it also carries information faster and farther and resists lightning strikes, the advantages soon became obvious to the computer and other industries as well.
When the United States government deregulated telephone service, AT&T, the telephone communications giant, was immediately inundated with competition from MCI, Sprint and hundreds of smaller local companies and soon fiber optic lines were snaking around the country, being dropped along side natural rights of way such as gas lines and railroads. Telephone costs dropped and a new telephone service revolution had begun.
Cellular phones take the next step forward
In 1973, Dr. Martin Cooper of Motorola Corporation made what was probably the first cellular telephone call on a portable handset called the Dyna-Tac. After a successful test run, he took it to New York to introduce the technology to the public. By 1977, the cell phone had gone public, but these first models were cumbersome and generally used by those who were used to keeping in touch by two-way radio. By no means were they considered something that everyone should have or even want. They were initially considered a replacement for the mobile phones already in existence. The difference with cellular was the use of small “cells” for range of service in order to increase the capacity of calls handled, dramatically increasing the number of calls capable of being made by mobile/cellular phone at one time in one area.
The first cellular services used analog technology operating at 800 Megahertz in a continuous wave. Over time, the power needs of callers increased and the industry standard moved to a more reliable 1850 MHz with PCS. In 1988, the Cellular Technology Industry Association was formed to develop guidelines for cellular service providers and steer developments and improvements in the cell phone industry. There are now well over 60 million cellular telephone customers, a staggering number for a service that has been commercially available for only thirty years.
Next stop, digital!
While the majority of users still have analog cell phones, the new frontier is definitely digital. Rather than using a continuous wavelength for transmission, digital chops up the wave into discreet bytes of information and sends them in “pulses” of data. The up side to this is that digital signals tend to be more secure when transmitted than analog. It’s also a more efficient use of bandwidth and provides clearer, cleaner sound quality. If you transmit video clips or photos (like with the new video or picture cell phones) digital is much faster, and will be the choice hands-down when you’re integrating the cell phone and the Internet.
There is a caveat; however, in that digital currently transmits through three different technologies. This can lead to some problems with coverage. If you are on a TDMA (time-division multiple access) system and traveling in an area that has digital coverage that’s CDMA (code-division multiple access), you could run into problems.
The answer for now is the combined analog-digital technology that providers are touting. This offers the great coverage of analog when needed and the great speed and quality of PCS/digital.
Telephone conferencing arrives on the scene
The first real “audio conferencing” could be said to have been the party lines set up back in the early years of telephone use, although at that time the advantages of a party line for multiple users weren’t grasped except as a way to save money. In fact, the fact that several people in different locations could pick up and talk on the line at the same time was considered a nuisance and was actively discouraged as “eavesdropping.”
When party lines were phased out, the idea of multiple conversations were forgotten until businesses began seeking ways to carry on meetings via telephone in order to save travel expenses and link teams together over distances. The concept was revisited with new parameters; this time restrictions needed to be in place, and the lines had to be open only when needed and desired.
Soon companies around the globe were offering to coordinate conference calling for companies based on either flat rates, monthly fees or based on call volume, with a trained operator setting up connections between each participant on a dedicated line so that groups of up to ten could talk simultaneously. Their bulk long-distance rates enabled them to pass savings along to their customers.
Telephone manufacturers like Polycom, AT&T and Panasonic also jumped on the bandwagon, developing office telephone systems that enabled users to dial a client, put them on hold then call up a third party and connect the three callers into one conversation.
The Internet soon brought competition, however, to audio conferencing and the cost of long distance telephone calls. Even with lower rates based on bulk purchasing and group rates, Internet telephony is gaining ground on traditional telephone audio conferencing because it’s so much cheaper.
VoIP, the Internet and the eventual demise of traditional telephone conferencing
Voice over Internet Protocol (VoIP) soon became popular for telephone communications because it avoids the toll charges of standard telephone connections. Dial-up internet connections provided near “toll-quality” voice communications, and with broadband connections the increased data throughput enabled businesses to use VoIP in conjunction with other Internet services like data sharing and video conferencing. With the money saved using VoIP, it seems obvious that using analog phone lines for telephone conferencing will soon be a thing of the past.
Most VoIP audio conferencing technologies give you the capability to network multiple groups or parties from different geographical locations, making it simple to hold an international sales taff meeting. Web conferencing solutions using VoIP from companies such as Voxwire, TTCGlobalTalk and VoiceCafe can provide almost unlimited conference room seats for a meeting, limited only by the bandwidth of the VoIP server.
As the Internet becomes a standard part of any suite of office equipment, analog telephone services, audio conferencing and their equipment will soon become obsolete. Audio conferencing will be done more and more on the Internet using VoIP based web conferencing services offering powerful collaborative services that go beyond just simple voice communications. For placing calls, digital phone services like Vonage and Packet8 that implement VoIP over broadband connections will step in to offer less expensive, more comprehensive calling options to meet the needs of individuals and companies going into the future.
This article on the "The History of the Telephone" reprinted with permission.Copyright © 2004 Evaluseek Publishing
About the AuthorLori Wilkerson is a full-time freelance writer who loves her job because it gives her the opportunity to learn more about the world every day. Right now, she knows a little bit about almost everything, and a lot about audio conferencing, VoIP telephony, and communication system protocols. She has two dogs who are spoiled and one teenager who is not. She does her audio conferencing in pink bunny slippers.

VOIP

VoIP: Finally Worth a Look

Dear Internet Friends,
Hundreds of thousands of consumers collectively save millions of dollars each month by replacing (or supplementing) their traditional telephone service with personal voice over IP (VoIP) telephony.
Using IP to transmit voice is not new. Large corporations and long distance carriers have used IP to transmit voice on their private networks for years. Likewise, private citizens have used their computers and the Internet to talk with other PC users for a few years now, but in the past users of such solutions have had to contend with poor voice quality and the need for at least one computer to be connected to the Internet.

window.google_render_ad();
Widespread adoption of broadband Internet service (cable or DSL) in the last few years though has in turn fueled a surge in the growth of much-improved personal VoIP
Most VoIP service providers offer all-inclusive calling plans that provide you with unlimited local, regional and long distance (within the United States) at flat rates starting as low as $24.95 per month. Some offer usage-based plans at a lower monthly cost and most provide inexpensive per minute rates on international calls as well. In addition, VoIP service providers include a smorgasbord of advanced features such as name and number caller ID, call forwarding, call blocking and voice mail that traditional phone companies sell as premium services.
When you sign up for VoIP service, many service providers give you the option of choosing the area code, and possibly the exchange, for your service. You can select from any area where the VoIP provider has local service.

window.google_render_ad();
So what are the drawbacks of a personal VoIP solution? The main drawback is the need for a reliable broadband connection; without one a VoIP solution is probably not for you.
Power outages present another hurdle. Since VoIP requires a live Internet connection, losing electricity means losing your phone service.
The voice quality of your VoIP call is also another consideration. Since the data travels across the Internet, there's the potential for dropouts or "burbles" similar to what you might experience on a cell phone
Most people we called during our tests were surprised at the quality of the calls, and didn't realize they were on a VoIP connection until we told them. Keep in mind that the call quality for VoIP providers who don't manage their IP networks and depend on the Internet for routing will yield varying and sometimes disappointing voice quality and unreliable connections.

VOIP

Is VoIP Good For The Home?
There is no doubt that you have heard about VoIP by now. It’s made headlines and is plastered everywhere both in online and TV advertisements. Just in case you haven’t caught on to the hype yet, VoIP is the abbreviated term for Voice over Internet Protocol. Voice over Internet Protocol is basically the ability to communicate on a phone over your Internet connection.
With VoIP, the promise is the ability to make local and global long distance calls at a significantly lower rate than over a plain old telephone line through your local carrier. The VoIP trend has caught on and large enterprises all over the globe are adopting this new technology to reduce their cost of business communications which may include fax, conference calling, along with streaming video applications. VoIP has been around for some time, but it has only been until recently that it has finally matured to the stage worthy of replacing everyday phone use.
At the household level, it is certain by now that you are compelled to embrace this technology somewhat, but are not sure how to go about it or even if this technology has any real benefit for your family. You are probably wondering, “How much? How difficult? Is it necessary?” This article hopefully will clear up a few unanswered questions you may have regarding this technology and maybe even excite you enough to go on out and get VoIP hooked up in your own home.
First off, you must have an Internet connection. No, not your 56k dial up connection, but an actual high speed Internet connection. This can be cable, satellite, or DSL Internet, but you will need high speed Internet for VoIP to function properly and become your new calling station. Dialup just doesn’t have the capacity or speed to transfer voice digitally without significant quality loss. A company named SpeakEasy has recently come out with a new DSL product that requires no current phone line for high speed Internet if DSL is your current favorite of broadband services and if you are planning on replacing your current phone service with VoIP.
Secondly you will need what is called a gateway. The gateway is connected between your computer and Ethernet modem. The VoIP gateway is where your phone line will be plugged into. Gateways enable freedom from possible computer problems that can shut down calling capabilities or deteriorate voice quality. Computer crashes, slow memory, and many other computer problems that plague us in everyday life, you do not want to plague your ability to make phone calls.
Gateways are specifically designed for VoIP phones but adapters are available for current phones should you not want to buy a brand new phone. VoIP providers usually have the adapters available for sale so you don’t have to shop around for one yourself. Before you write off buying a new phone however, video phones are the newest product line and it won’t be long before this trend explodes. You may want to get your video phone so you aren’t left out of exciting face to face conversations with friends and relatives when they get theirs. Packet8 VoIP has a good video phone sold separately with their services.
The services included with VoIP usually include all the convenient bells and whistles your current phone service provides including your own local VoIP telephone number, call waiting, voice messaging, 3 way calling, and more.
There are some important things to remember with VoIP before you go diving in to this feature rich voice technology. You should check with your VoIP provider for local 911 emergency coverage. Some VoIP providers charge extra on a monthly basis for both 911 and 411 access so make sure you know how much it is going to cost you before committing to a calling contract.
One last important thing to remember is that your gateway is reliant on electricity to function. This means power outages will put your phone line out of service, but then isn’t your phone already only functional with electricity these days?

VOIP

VoIP: What is VoIP about anyway?
If you are new to VoIP and want to know how VoIP works then this article is for you. It provides a brief summary of what VoIP is and how it can benefit you the consumer. It is a good article to get a basic understanding of what VoIP technology is all about.
To see a list of VoIP providers or to compare VoIP providers by price and features please visit www.VoIPChoices.com. Be informed and save!
VOIP: A Basic, Basic Intro by:Bear Cahill
What is it?
Most people are familiar w/ NetMeeting and other software that let you talk to others over the internet. VOIP is similar. However, it also uses your phone - the interface we're all familiar with.
Instead of connecting your phone to the wall, you connect it to a box either the VOIP company provides or you buy on your own. This is the modem. You need highspeed/broadband internet for this. Your modem plugs into your cable/dsl modem and now it can 'talk' btwn your phone and the internet.
Your phone lines already do pretty much what VOIP does, just w/ different/older technology (well, some of it's new w/ optics and such, but...).
How hard is it to setup?
It's actually very easy. Assuming you have the company send you a modem or you buy a kit at the store, you simply plug the modem btwn your current cable/dsl modem and your computer (e.g., the out from your cable modem now goes to the new box and the out from that to your computer). It also has a phone jack for your regular phone.
Once it is on, it will boot up and configure itself.
What are the benefits?
There are many benefits depending on the company you go w/, but here are a few I have (all of these are free w/ the monthly fee- $14.99 for my setup):
Features like caller id, call waiting, call waiting caller id, call forwarding, etc.
Voicemail
Email alerts for new voicemail.
Web access to voicemail - you can play your messages on your computer.
Auto-forward - if the phone is ever down or isn't answered, it's auto-routed to another number
Online management of all features, settings, account, etc.
Computer dialing - highlight any number on your computer, hit F6 and it sets up the call from your phone to theirs - very convinient!
Keep your regular phone (you don't need a voip phone)
There are some other cool features available for extra $ like the softphone which lets you use your computer as a phone w/o the modem - this means you can take your laptop w/ you wherever and you have your phone w/ the same phone number everywhere too (you can do this w/o the softphone, but you have to take your VOIP modem around w/ you - not bad if you're going somewhere for a longer trip).
Another really cool thing is the virtual phone numbers. You can get extra numbers that ring the same phone, but they are local numbers to any area code you want. So if I live in Dallas and have family in New York, I can get a local phone number here and there. That way my family in New York can call a local number (free) and talk to me! Vonage charges $4.99/month for that. I'm not sure about the others.
And the biggest benefit - IT'S CHEAP! I pay $14.99 plus some tax and such, but not the ump-teen taxes, charges, fees, etc. like the phone company charges.
Also, if you do a little research/reading, you can set it up to where every phone jack in your house is wired for VOIP. It's little more than plugging the output of your VOIP modem into the wall jack you already have. Very little more.
Bottom Line
You get lots of good, free features and options for doing/managing a lot more including a lot over the web and it's SO much cheaper (at least it is for me!). Being the 'average guy' I am, I don't really use all the features. Fortunately, it's pretty much a 'set it up and forget about it' type thing except that I save $40+/month w/ it!
I use Vonage b/c that's what I was told about first and it was one of the first. There are others and I'm sure they have their strengths, but Vonage has the cheapest base option at the time I did my research.

WORLD CITIZEN

FAVORITE LINKS

Thursday, December 18, 2008

CSRF

MOBILE BANKING THREATS

Friday, December 12, 2008

MOBILE BANKING

MOBILE BANKING

MOBILE BANKING

MOBILE BANKING

Thursday, December 11, 2008

TURN YOUR iPHONE INTO DESKTOP PC

SHOP ONLINE FOR CHEAP

POWER OF ARTICLES

Monday, December 8, 2008

SECURITY CHECKLIST FOR VOIP PROVIDERS

VOIP QUESTIONS AND ANSWERS

VOIP

VOIP WORKING

HISTORY OF TELEPHONE-BELL TO VOIP

VOIP

VOIP

VOIP

Followers

Blog Archive

Contributors

Labels

What's this blog all about,