@DustinB3403 said in VOIP voicemail hacked aka DISA toll fraud:

The documentation for the Cisco Unity system says there are policies that can be set for the voicemail pin, including minimum length, the duration an account is locked, if an admin has to manually unlock an account etc.

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/8x/administration/guide/8xcucsagx/8xcucsag160.pdf

After the fraud, the VOIP provider has implemented stronger policies for PIN's now. I will be talking to them about implementing some sort of stoppage on international calls after they hit a certain limit. We are also going to take a hard look at turning off international calling and/or picking specific countries that we need to contact.

@DustinB3403 said in VOIP voicemail hacked aka DISA toll fraud:

@magicmarker said in VOIP voicemail hacked aka DISA toll fraud:

@scottalanmiller said in VOIP voicemail hacked aka DISA toll fraud:

@magicmarker said in VOIP voicemail hacked aka DISA toll fraud:

Ok, the voicemail PINs were weak which caused the toll fraud.

This, I think, answers everything. If the PINs were weak, and they weren't chosen by the provider, I see no grey area. This particular instance appears to be both legally and ethically completely on the end customer. Ensuring proper security from the end user's (employee's) perspective cannot be that of the provider.

Unless they were told that they had to do this and had the authority and expectation of firing offenders, there is no way for that to be on them. The party hiring and managing the people choosing the PINs is the responsible party.

In regards to this statement. The voicemail policy was set by the VOIP provider. The default voicemail password they pushed out to all the handsets was 1234. So it seems I do have some ground to stand on.

Um. . . what? I can almost guarantee that their policy was we set a default and your users are expected to change it when they first use it.

Good point. Yes, the user needed to change the PIN after first login.

@scottalanmiller said in VOIP voicemail hacked aka DISA toll fraud:

@magicmarker said in VOIP voicemail hacked aka DISA toll fraud:

Ok, the voicemail PINs were weak which caused the toll fraud.

This, I think, answers everything. If the PINs were weak, and they weren't chosen by the provider, I see no grey area. This particular instance appears to be both legally and ethically completely on the end customer. Ensuring proper security from the end user's (employee's) perspective cannot be that of the provider.

Unless they were told that they had to do this and had the authority and expectation of firing offenders, there is no way for that to be on them. The party hiring and managing the people choosing the PINs is the responsible party.

In regards to this statement. The voicemail policy was set by the VOIP provider. The default voicemail password they pushed out to all the handsets was 1234. So it seems I do have some ground to stand on.

Thank you for your comments Scott and Jared. This is what I needed. I will asking about putting some sort of stoppage on long distance calls so they don't rack up like this. This should be turned on by default for customers to prevent this. Unbelievable.

My VOIP provider has made me aware that we have been victims of a voicemail hack which I believe is known as DISA toll fraud. Our voicemail system was perpetrated for the purpose of placing long distance calls at the expense of our company. The malicious user(s) took advantage of a weak PIN/password in voicemail.

The malicious user racked up a large 5 digit number in charges to the Caribbean Island. All these calls took place over a 5-day period. Our VOIP provider is telling us the international call activity did not generate any alarms at the time. They are saying the user(s) were able to disguise the activity from them seeing the source calls. I guess the Caribbean Islands utilize US style area codes and are often overlooked.

The voicemail is a Cisco Unity system. The VOIP provider provides the infrastructure and support for the VOIP phone system. They are saying they are not responsible for the maintenance of user logins and PINs within the Cisco Unity system along with the pass-through dialing option within the Cisco Unity system.

They ended up resolving this by applying and forcing a stronger voicemail PIN policy at our expense. I have a call with the VOIP provider tomorrow with their services team to discuss the charges and the events in more detail. Ok, the voicemail PINs were weak which caused the toll fraud. However, we are not managing the phone system infrastructure and we don’t manage the alerts. I don’t feel like my VOIP provider protected us from the large long distance bills and I’m trying to understand how they are able to put the long distance bill on us. I would love to hear the reactions and comments regarding this from the MangoLassi users before I’m on the call tomorrow.

@bbigford Is the recycle bin turned off for your shared folders?

Is the Win-ACME tool scheduling the renewal of the LetsEncrypt SSL certificates?

I'm using Google Keep. I love the simplicity.

Limp Bizkit, Helmet, and Korn played at the Aragon Ballroom in Chicago in 1997 or 1998. I was 17 or 18.

I used Steve Gibson's DNS Benchmark tool on my network and Cloudflare's DNS servers didn't beat Quad9 by much. May be worth using the tool on your network to verify before switching your DNS. Needless to say, 1.1.1.1 was faster so I switched my pihole to Cloudflare.

@scottalanmiller said in What Are You Doing Right Now:

Anyone wondering why I'm not posting on SW, my account was deactivated. So won't be seeing anything from me there.

That is definitely a bummer. I always got great information of your reply's and comments on SW posts. Any idea what happened? Are you going to focus more on MangoLassi now?

I like running. Right now I'm at about 10-12 miles a week which is roughly running 3 days a week. It clears my head, relieves stress, burns calories, and is free.

You start by listing all the shows you currently watch. Then you can research what services you are going to use to watch the shows without cable. The main thing I noticed when I cut the cord is you start watching less TV and the mindless shows I used to watch when I had cable, get dropped out of my life. I now have more time to do something more important. I can't tell you how much time I used to waste watching Diners, Drive-ins, and Dives and crap shows on HGTV for example. I look back and think what horrible shows and time sucks. When cutting the cord you have to have a balance of use for non-tech savvy and tech savvy to get the content you want for all family members. I've got a Tivo Roamio OTA (lifetime subscription) which makes it an awesome experience for the tech savvy and non tech savvy to watch OTA TV, YouTube, Netflix, and Amazon Prime. I've also got a Roku that is a filler some things that the Tivo Roamio doesn't have such as the ESPN app for live sports. If you have a friend / family member that hasn't given up cable yet, you try talking them into giving you a Email account to use that will give you access to more cable channels that you can stream (which I did) that fill in for everything else. If you don't want to mooch off friends / family for a cable login, then look into the services you listed. I can tell you that after cutting the cord, my main source of TV comes from YouTube Red. Whatever shows we watch that are on network TV, the Tivo records for me. There are only a handful of shows that I are on cable that I specifically seek out now (mainly HBO shows). With access to a friend’s Xfinity login, it's the filler to stream those specific shows. I think once you start listing all the shows you currently watch, you are going to realize you will not actually seek out those shows to watch once you cut the cord. You now have extra time, and more money in your wallet.

Yes, the E-mail Exposure check works great and is real eye opening. What KnowBe4 has to offer is great. However, I should mention the sales guys for them are relentless. They will not leave you alone until you sign up with them. Even though we got a lot of value from the free exposure check my boss didn't approve it at this time. We will look to probably sign up with them next year. The sales team is pretty pushy in my opinion though, unless I just got unlucky with the sales rep I dealt with.

I have switched to a plant based diet. I've been on the diet for 2 months now. I lost 6lbs in 1 month. I also run 3 days a week (10-12 miles total). What I can tell you is I've never had so much energy in my life on this diet. I would normally get home from work exhausted, where now I'm always doing something such as doing the dishes, getting my kids to take a bath, picking up the kids toys...etc. Where before I would come home exhausted and too tire to do anything. I'm also sleeping better as I had some restless leg issues that have have seems to have subsided with the new diet. What really triggered me to try the plant based diet was after I watched the Netflix movies What The Health and Vegucated. I've also read some books on this stuff like Engine 2 Diet and I'm now reading How Not to Die that have really opened my eyes why Dairy and Meat are so bad for you and the environment.

@jaredbusch Apparently this community is not a fan of DietPi. Forget I mentioned it. I just really like DietPi to mess around with because it makes playing around with Linux easier. I'm a complete Linux noob.

@scottalanmiller Thanks for you insight Scott. You make great points. I will stick with a Fedora or Centos OS with the NFS package instead after reading your comments. That is the slap in the face I needed.

Pi-Hole is a dead simple install with DietPi. It's a check box. I downloaded the VMware VM and then used the Starwind Converter to convert the VMware image to .vhd so I could use it on my Windows 10 Hyper-V. DietPi has a VirtualBox VM as well for download. Or if you got a Raspberry Pi, use that.

I want to revisit this thread. I found something interesting. There is a Linux OS called DietPi. Which is a optimized and lightweight version of Debian Jessie. For someone like me that isn't deep into the Linux world and live in the command line, this OS makes it very easy to utilize a lightweight version of Linux to run an NFS file server repository for my SAM-SD. A NFS server is just one of many software applications you can install. Also, if I want to install something, it's a freaking checkbox. The website also clearly spells out what and how to get going for each software application. Any feedback on this OS? Anything that I'm missing, or why this wouldn't be a good idea for my SAM-SD OS? I would still install a Hypervisor on the host, and then run DietPi with the NFS server option as a VM.

I'm still on a Samsung Galaxy S5. The thing just will not die, gotta be 3 years old now. I've wipe and reload it a couple of times to bring it back to life and still getting good battery life off the original battery. However, I've been itching to upgrade it to a Google Pixel as well, and switch from AT&T to Google Fi with the Pixel.