Author Archives: Dan York

CyberMonday 2016: Save 50% on ebook of “Seven Deadliest Unified Communications Attacks”

Cybermonday2016 7ducattacks 700px

Today on CyberMonday you can buy “Seven Deadliest Unified Communications Attacks” and hundreds of other ebooks and videos from O’Reilly and associated publishers at a discount of 50% off or more. Simply go to:

http://oreil.ly/CyberMonday16

and start shopping. All you do is enter “CYBER16” as the promotion code when checking out. The deal expires on Tuesday, November 29, 2016 at 05:00 US Pacific Time. Do note that this sale is for ebooks and not for the print versions of the books or for print/ebook bundles.

You can also go directly to the book’s page at O’Reilly and add it to your cart using that page.

Although the book was written back in 2010, it is sadly still VERY relevant to the Voice-over-IP (VoIP) systems deployed today. I would have loved it if vendors would have made systems so much more secure that this book could be forgotten about… but the security concerns have only increased in the time since the publication. Even six years later it still offers relevant advice and suggestions about how to make sure your IP communication systems are as secure as possible.

I am a big fan of buying ebooks directly from O’Reilly because doing so gets you:

DRM-free – no stupidity with license restrictions.
Free lifetime access
Multiple formats (ex. ePUB, PDF, Kindle, etc.)
Free updates
Sync with Dropbox, Google Drive and other similar services

… and more!

FYI, I recorded a short podcast episode about this sale:

P.S. My “Migrating Applications to IPv6” book is also on sale as an ebook at O’Reilly’s site… if you are interested in how to make sure your applications can work over IPv6, please do check that book out, too.

Buy Now!

You can purchase “Seven Deadliest Unified Communications Attacks” from many different sources, including:

O’Reilly as an ebook
Amazon.com in both print and ebook
Elsevier (publisher) in both print and ebook

If you wish to purchase an ebook, I do encourage you to consider O’Reilly. Buying direct from O’Reilly offers multiple excellent benefits, including:

DRM-free – no stupidity with license restrictions.
Free lifetime access
Multiple formats (ex. ePUB, PDF, Kindle, etc.)
Free updates
Sync with Dropbox and other similar services

Having said that, I just appreciate that you are considering purchasing this book from whichever vendor you choose!

Thank you for your purchase and I hope that you find the book helpful in making your UC and VoIP systems more secure. Please don’t hesitate to contact me if you have questions about the book!

Cyber Monday: 50% Off Ebook of “Seven Deadliest Unified Communications Attacks”

Oreilly cyber monday 2014 Want to lean more about how to increase the security of your unified communications (UC) / voice-over-IP (VoIP) system? Today you have a great opportunity to buy “Seven Deadliest Unified Communications Attacks” and hundreds of other ebooks and videos from O’Reilly and associated publishers at a discount of 50% off or more. Simply go to:

http://oreil.ly/Cyber-Monday

and start shopping! Or you can go directly to the book’s page at O’Reilly at:

http://shop.oreilly.com/product/9781597495479.do

As I’ve mentioned in the past, buying direct from O’Reilly offers multiple excellent benefits, including:

DRM-free – no stupidity with license restrictions.
Free lifetime access
Multiple formats (ex. ePUB, PDF, Kindle, etc.)
Free updates
Sync with Dropbox and other similar services

… and more! All you do is enter “CYBERDY” as the promotion code when checking out. The deal expires on Tuesday, December 2, 2014 at 05:00 US Pacific Time.

P.S. While you are there at O’Reilly, you can also purchase my “Migrating Applications To IPv6” ebook and gain insight into what you may need to do to migrate your UC applications over to IPv6 as the Internet moves increasingly to being based on IPv6.

Can You Please Rate or Review 7 Deadliest UC Attacks On O’Reilly’s Site?

If you have read “Seven Deadliest Unified Communications Attacks” and found the book helpful, could you please take a moment to rate and/or review the book on O’Reilly’s website? Even if you just enter the number of stars and say something very basic it would be helpful. All you need to do is go to this page:

http://shop.oreilly.com/product/9781597495479.do

and click on the “Write Review” link.

In preparation for today’s Cyber Monday sale, I looked at the page and noticed that ever since O’Reilly started selling the book as an ebook there have not been any reviews there. There are a few reviews on Goodreads and several very nice reviews over on Amazon.com, but none yet on O’Reilly’s site.

These kind of ratings and reviews do help people decide whether to purchase a book – and they are helpful to me as an author, too, to understand what people did (or did not) find useful and helpful.

Thank you!

Cyber Monday Deal: 50% Off Ebook of Seven Deadliest UC Attacks

Would you like to purchase the ebook of "Seven Deadliest Unified Communications Attacks" for 50% off? or maybe even 60% off? As I mentioned before, the folks at O'Reilly are now selling the ebook of 7 Deadliest UC Attacks and they have a promotion going on today:

Save 50% on all ebooks and videos at oreilly.com - and save 60% on all orders over $100.

Here's a great chance to help learn more about how to secure Unified Communications / VoIP systems – or to buy this book for someone you think would like to learn more on the subject.

The awesome aspects about ordering ebooks directly from O'Reilly include:

DRM-free – you can read the ebook on as many different devices as you want… and you don't have to mess around with silly licensing systems.
Multiple formats – you can download the book in ePub, Kindle, PDF.
Free lifetime access – you don't have a limit on when you can download the book and you can always go back in and get it.
Free updates – whenever there are updates to a book you get a notification and can easily download the update.

All around it's just a great system for working with ebooks… and yes, I'm an author for them so you might expect me to say this, but I'm also a consumer who purchases ebooks and I like their system better than any of the other ones out there that I've tried.

I'll note on the "Free updates" part – I don't yet have any current plans to update "Seven Deadliest UC Attacks" (unlike my "Migrating Applications to IPv6" book that will see an update in 2014) but if I do work on an update at some future point, ebook purchasers through O'Reilly would be the ones to easily get an update (versus print or ebook through other systems). And you will get updates for any other ebooks you purchase.

It's a great deal – and I'd encourage you to stock up on ebooks from O'Reilly's site today!

P.S. To comply with full disclosure requirements: the links in this post are affiliate links – I will make a tiny amount of money if you purchase any ebooks after following these links… but that's not why I'm writing this post.

Ebook for “7 Deadliest UC Attacks” Now Available DRM-Free From O’Reilly Books

I was extremely pleased to recently learn that the ebook of "Seven Deadliest Unified Communications Attacks" is now available DRM-free through a deal between Syngress/Elsvier and O'Reilly. As I noted in a recent podcast about DRM-free books, this allows you as the reader much more flexibility and freedom in being able to read the ebook on the platform and device of your choosing.

You can now purchase 7 Deadliest UC Attacks in either Epub of PDF formats directly from O'Reilly.

The great part about ordering DRM-free ebooks from O'Reilly is that you can easily get back to your ebooks and download them in multiple formats. They also alert you to updates if there are any.

Kudos to the folks at Elsevier and Syngress for making all of these ebooks available DRM-free!

Can You Please Review ‘Seven Deadliest Unified Communications Attacks’ On Goodreads?

Do you have an account on Goodreads? If so, there is a page for Seven Deadliest Unified Communications Attacks with a very kind review from Alan Johnston. As an author, I'd naturally like to have some more reviews as they do tend to help people understand what people think about the book.

If you found the book helpful, could you please take a moment to review (or at least "star") the book there?

Even if you don't want to post a review right now, if you are on Goodreads and can add the book to a "shelf" that would also be helpful, as others will then see that people are reading the book.

And while you're at it, if you'd like to connect on Goodreads as a fan/friend that would be welcome.

Thanks again for the continued support and for the positive comments I continue to receive about the book. I'm very pleased that people have found it helpful and that we can continue to have a healthy dialog about communications security issues.

NSA Develops Secure Android Phones For Top Secret Calls

An interesting piece in the Australian edition of SC Magazine covers a recent presentation at RSA 2012 by Margaret Salter, head of the US National Security Agency (NSA) Information Assurance Directorate. She spoke about the NSA’s “Mobility Program that aims to provide secure communication for government agencies using commercial “off the shelf” equipment.

The SC article focuses on the “Fishbowl” phones designed by the NSA and includes a number of interesting comments on the state of security implementations provided by vendors. It mentions that the NSA was looking to use SSL VPNs but due to a lack of interoperability wound up using IPSEC instead. Similarly they were looking to use DTLS-SRTP, but didn’t find the implementations and so instead used “descriptions”. The article has this excellent statement by Salter (my emphasis added):

Salter said the security specifications, such as those sought for the voice application, would be useful to everyone.

She urged colleagues to demand vendors improve unified communications interoperability.

“We need to send a message [about] standards, interoperability and plug and play,” she said.

This need for interoperability and standards support was certainly one of the themes I tried to bring out in the book. It is indeed critical for the long term success of securing unified communications systems.

I also found it interesting that the NSA encrypts the voice twice:

Voice calls are encrypted twice in accordance with NSA policy, using IPSEC and SRTP, meaning a failure requires “two independent bad things to happen,” Salter said.

While there certainly is value in having multiple layers of security, I do wonder what this means in terms of computational overhead and/or latency. As our mobile phones have become more powerful, perhaps this is no longer a major concern.

Separate from the article, I was intrigued to read over on the NSA Mobility Program page that the first document they are releasing is the “Enterprise Mobility Architecture for Secure Voice over Internet Protocol (SVoIP)“. From the page:

The first Mobility Capability document to be released is the initial draft release of the Enterprise Mobility Architecture for Secure Voice over Internet Protocol (SVoIP). It is intended to be a living reference that will be updated to keep pace with technology and policies as they change over time, as additional security products and services are developed, and as lessons learned from early adopters of this architecture are applied. As a first step, this version contains guidance on the required procedures necessary to build and implement a SVoIP capability using commercial grade cellular mobile devices. Future releases will build on this architecture and will include mobile device management and data applications; and ultimately integrate the WIFI service with an expanded list of end devices.

The 100+ page PDF file looks to be a fairly comprehensive view into what is involved with rolling out a secure mobile communications solution. It’s great to see this from the NSA and it is a great contribution to the ongoing efforts to secure VoIP communications.

Slides: Does Anyone Really Give a _____ About VoIP Security?

Does anyone really give a (insert favorite profanity) about VoIP security? That was the key question I asked in the presentation I have to the recent 2011 ITT Real-Time Communications Conference. Technically, my talk with titled “The State of VoIP Security“, but I decided to have a little bit of fun with it.

It was an enjoyable session and I recorded a video that I hope that I can make the cycles to produce and upload sometime soon.

Meanwhile, the slides for my talk are now online, although given my style they really need audio or video. Still, you can get a sense of what I covered:

The State of VoIP Security, a.k.a. “Does Anyone Really Give A _____ About VoIP Security?"

View more presentations from Dan York

P.S. If you would like to have me give a presentation like this at an event you are involved with, please contact me. I’m frequently presenting and always open to speaking at new venues.

Speaking about UC Security at IIT Real-Time Communications Conf Oct 5th

If you will be in Chicago this week for the the 7th Annual Real-Time Communications Conference & Expo, I will speaking on October 5th about VoIP and Unified Communications security as part of the security track of the conference.

There’s a great schedule of speakers and I’m looking forward to both giving my session and also listening to the security presentations that follow mine. If you are going to be at the event, please do say hello!