Sangoma and Run Distribution Expand Sangoma IP Phone Distribution in Canada with Platinum Partnership Agreement.

MARKHAM, ONTARIO – December 5, 2016 – Sangoma Technologies (TSX VENTURE: STC) today announced that Run Distribution, a leading Canadian distributor of business telephone and technology products headquartered in Montreal, Canada, has expanded their partnership and distribution agreement to encompass the full Sangoma Product line. Run Distribution will distribute Sangoma solutions to VARs and resellers servicing the Canadian Market.

Run Distribution has immediate stock of Sangoma IP Phones, the only phones exclusively designed for use with FreePBX, the world’s most popular open source PBX and PBXact, Sangoma’s Unified Communications System. Sangoma’s phones feature Sangoma’s Zero Touch Configuration technology and the tightest feature integration with FreePBX of any phone on the market.

“In our recent Partner Roadshow events, in Canada, we had a huge demand to bring on a solid Canadian Distributor that would stock product,” said Preston McNair, Vice President of Sales, North America at Sangoma. “Run’s expansion to include not only our phones, but the full Sangoma Product Line, allows us to continue to expand and grow this key market making it easier for our partners to obtain Sangoma’s award-winning solutions.”

“Run Distribution understands the market in Canada and believe that the affordable and feature-rich Sangoma IP Phone and PBX product lines will deliver tremendous value to VARs and resellers in Canada” Said Thomasz Owczarek, VP of Business Development at Run Distribution. “Sangoma’s wide range of solutions enables businesses to implement affordable Total Telecom Solutions from a single Manufacturer.”

Sangoma will host a webinar for Run Distribution partners and customers to learn more about Sangoma’s Total Telecom Solutions offerings, including why Sangoma IP Phones provide a feature set second to none when deployed with FreePBX. Registration is currently open for the December 13, 2016 Event.

For more information about Sangoma’s Partner Program please visit www.sangoma.com/company/partner-program/ For information regarding purchasing products from Run Distribution please visit https://www.rundistribution.com/en/our-products/sangoma, or contact them directly at (514) 416-5447.

About Sangoma Technologies Corporation
Sangoma (TSX VENTURES: STC) offers a range of hardware, software and services for voice and data IP communication systems to enterprises, SMBs, Service Providers and OEMs in more than 150 countries. Sangoma’s cost effective, quick to deploy, and easy to manage offerings include Hosted and On Premise Unified Communications Solutions with PBXact, FreePBX, SIPStation and FaxStation; Session Border Controllers (SBC); the market-leading Express for Skype for Business; VoIP Gateways; Call Tapping; Call Center Software; and Signaling Gateways. Sangoma also continues to lead the market in VoIP-to-PSTN interface cards. For more information, visit www.sangoma.com.

– 30 –

Contact
Frederic Dickey
VP Marketing
Sangoma Technologies
+1 905 474-1990 x 4161
fdickey@sangoma.com

Building a more secure communications platform

Network security is expected to be an almost $200 Billion dollar industry by the year 2020. In a world where everything is connected, securing everything can be big business. There are thousands of security researchers working daily to find the next big exploit. We have seen some huge exploits in the last few years such as “Heartbleed”, “Shellshock” and “Poodle” from exploited code that has been around for years.  

A blessing and sometimes a curse in open source software is that no matter how vigilant you are if you slip once someone will find it.  We’ve always taken security very seriously and have employed many approaches to ensuring FreePBX is secure.

FreePBX goes through continuous human and automated scanning looking for various attack vectors. From a human standpoint, we utilize internal developers who are passionate about security in both our software and the software they use. They do code reviews and code audits to ensure new code is up to par. We also work with independent security researchers who review our entire code base looking for things that may have been in the code for years.  We complement the human audits with automated tools including the RIPS scanner from ripstech.com.

RIPS, a static code analysis tool, does what would be impossible for a human to do. It looks at all 400,000+ lines of FreePBX code and does automated checks for Cross-Site Scripting, Code Execution, Command Execution and many other exploitable vectors. From that, it generates a report detailing potential vulnerabilities that may lie in our codebase. That seems like quite a lot, but it’s really only the start with RIPS which then details how to patch the vulnerability to minimize the risk moving forward. The reason we bring this up is because the RIPS utility has found many code issues that we may not have found in a manual review of the FreePBX code base and has helped us to strengthen the security of FreePBX.  

With these approaches, we aim to make your PBX secure so it’s one less issue you have to worry about.

“If you’re the smartest one in the room, you’re in the wrong room.” – Richard Tirendi

It is ultimately a battle of knowledge and someone out there is always smarter than you. This is why some vulnerabilities sit dormant for a decade (Such as Heartbleed). It took that long for someone to come along and see the code in a different way. When they ultimately release the exploit it often seems obvious.

We always welcome fresh eyes to review our code. Whether human or through machine automation we are happy to work with anyone who wants to make the world a more secure place.

Our policy on responsible reporting can be seen at http://wiki.freepbx.org/display/FOP/Security+Reporting and we appreciate all the security researchers that use their time to make the world more secure.

A special thanks to the https://www.ripstech.com team for analyzing our code and helping make FreePBX a more secure project.

5 Reasons to Attend FreePBX World 2016

freepbx-world-logo

The FreePBX World 2016 agenda is live, and you won’t want to miss this event! FreePBX World will be held at AstriCon September 27-29 in Phoenix, AZ.

Your admission to AstriCon gets you into FreePBX World at no extra cost. Have you made your plans? You can save 25% off individual AstriCon All-Access Conference Passes with the promo code sangoma. Visit freepbxworld.com for more information and to register.

Why attend?

1. Be Part of the FreePBX Community

Nowhere else can you meet face-to-face with so many FreePBX users, enthusiasts, and developers. FreePBX World is the place to connect with people who share your interest in open source telephony. Ask questions, get answers. Hang out with old friends and make new ones.

2. Keep Up with the Latest FreePBX Tech

Find out what’s new and what’s in store for FreePBX. The developers will give you a sneak peek of the new features and improvements coming to FreePBX 14. You’ll also learn about the latest innovations from Sangoma (stewards of the FreePBX Project), including Sangoma Phones, Zulu, PBXact UC, and the new cloud-based PBXact UCC.

3. Get a Blueprint for a Rock Solid FreePBX Communications Platform

How-to seminars will teach you about planning, deploying, securing, and maintaining your FreePBX system. Experts who live and breathe FreePBX will share their thoughts on best practices. They’ll help you sort out your options for hardware, software add-ons, phones, and accessories. You’ll leave with new ideas for your next project.

4. Discover how FreePBX can Grow your Business

Through case studies, you’ll be inspired by others who have succeeded in the lucrative FreePBX marketplace. You’ll learn about industry trends and opportunities to boost your bottom line.

5. Shape the Future of FreePBX

FreePBX has grown to become the most widely deployed open source PBX platform in the world, thanks to a great community of people who contribute feature suggestions and code. It’s a true open source project. FreePBX World is your chance to meet with the leaders of the project and let them know what’s important to you. We’re looking forward to seeing you there!

FreePBX World Platinum Sponsors:

Sangoma Technologies

.e4 Strategies

Security Vulnerability Notice

Summary:

An unauthenticated remote attacker can run shell commands as the Asterisk user of any FreePBX machine with ‘Recordings’ versions between 13.0.12 and 13.0.26.

Details:

The recordings module lets you playback recorded system files. Due to a coding error and a PHP quirk, certain Ajax requests were unauthenticated when requesting files.

This has been fixed in Recordings 13.0.27.

For PBXact UC users on version 10.13.66 make sure you upgrade to version 10.13.66-15 or higher to receive the patch.  For information on how to update your PBXact system review our wiki here.

For FreePBX Distro users on version 10.13.66 you can either upgrade the Recordings module in module admin to version 13.0.27 or upgrade to FreePBX Distro 10.13.66-15.  For information on how to update your FreePBX Distro system review our wiki here.

This vulnerability was discovered by: Adrian Maertins <adrian(dot)maertins(at)gmail(at)com>

Additional Details:

As FreePBX is an appliance, any remote shell access can be leveraged to become root.

Keep in mind for security, performance, and the best user experience be sure you keep ALL modules up to date. Some security and functional updates may be delayed or unreleased by maintainers of 3rd party repositories.

It is also always good practice when requiring internet access to your PBX to run the FreePBX firewall and/or other quality firewalls in front of your system. Limit access via VPNs and where possible, such as Sangoma Phones, take advantage of native phone VPNs to minimize the exposure you must provide to potential hackers by limiting the ports you need to open.

Links to More Information:

http://wiki.freepbx.org/display/FOP/2016-08-09+CVE+Remote+Command+Execution+with+Privileged+Escalation

http://issues.freepbx.org/browse/FREEPBX-12908

History of Security Vulnerability:

Sangoma takes security issues very seriously and we try to work with security experts who find such vulnerabilities in a cooperative manner in order to maximize the ability to protect the user base with timely patches and appropriately timed communications.

This particular vulnerability was reported and the reporter only provided a short time window of three days before disclosing the vulnerability. As such, we have not been provided adequate time to get a proper CVE which we will be working on and we are providing patches to address the issue and requesting users update their systems immediately to be protected against possible hackers once they see the report and create malware attack scripts to go after FreePBX systems open to the internet.

FreePBX Distro 7 Beta Release

We are pleased to announce the beta release of the next FreePBX Distro. This is a huge leap forward in our distro releases. We would like to encourage early adopters to play with it and test it to ensure we have a solid platform to build FreePBX upon in the future. The new FreePBX distro is built on top of the Sangoma 7 distro, which is derived from CentOS 7.  

Some significant highlights of the new distro include:

  1. No more FreePBX Distro Updater scripts. It’s just ‘yum update’. Always. You can also ‘yum downgrade’, too. (This, of course, doesn’t change FreePBX’s module versions, as usual. This is just Distro, and replaces the previous complexity of having to run multiple sequential upgrade scripts.) A forthcoming module will make this even simpler, removing the dependence on Sysadmin to do operating system upgrades.
  2. Complete UEFI support for installation and operation.
  3. Serial and USB installs are now much easier! In fact, it’s much faster to install from USB than from ISO! So much so that – depending on your feedback – installing from USB may become the recommended method of installation, with ISOs as the secondary installation method.
  4. A better development environment. If you want to develop FreePBX, you can just run ‘yum install freepbx-devel’ to prepare most of the development environment.
  5. Behind the scenes, all package updates are automated. This makes it a lot easier for us to rapidly and reliably push out fixes without needing to run multiple different steps to replicate to all the CDNs.
  6. PHP 5.6.24 and FreePBX 14

This is being shipped with FreePBX 14, as one of the features of 14 is complete support of modern PHP versions. FreePBX 14 is in early alpha. Several new features are unreleased and under development. At this stage in development, updates may come multiple times per day and things may break without notice. FreePBX 14 is not under the “Edge release system” during the alpha stage, so releases are not staggered. We welcome OS level bug reports, but FreePBX 14 issues should wait until FreePBX 14 reaches beta. (If you want to become involved in the FreePBX 14 development process, you are welcome to join us on IRC in the #freepbx-dev IRC channel!)

You can download the ISO directly from our mirrors, or via BitTorrent for fastest downloads using this magnet link, or, this torrent file.

If you find issues with the distro, you can report a bug at issues.freepbx.org. Select the “FreePBX Distro 7” project, or simply click on this link to go there directly.

Please note: We are tracking installations as part of this ISO. We are recording how long it took to install, the CPU type, speed, and the number of CPU cores, the amount of RAM, and the size of the disks. We are doing this so we know where to spend more effort in the development of FreePBX and the FreePBX Distro. These statistics are anonymized. No personally identifiable information is available. If you do not wish this data to be collected, please do not connect your machine to the internet while installing.

ccentxuuyaeyidt
Please join us at FreePBX World and give us your feedback on both the distro and FreePBX face-to-face. Visit http://freepbxworld.com for more information and to register.