Synopsis: Black Hat 2006 super-sized edition - VoIP security news, interviews with David Endler, Mark Collier, Ofir Arkin and much, much more

Welcome to Blue Box: The VoIP Security Podcast show #36, a 83-minute podcast  from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This is a special edition focusing on the 2006 Black Hat Briefing in Las Vegas and the voice security talks that were given at the conference.

NOTE:  As explained in the show, this podcast #36 is being released before show #35, which will be released next week.  You didn't miss #35... it just hasn't been released yet.

Download the show here (MP3, 77MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-350-2583 (new comment phone number!) to leave a comment there.

NOTE: As I will explain in more detail on our next show (#37), there were a number of issues with the audio in this show both in the recording as well as in the post-production.  One of the issues was some very annoying noise artifacts in the Endler/Collier interview that sound like cell phone interference.  There are also a couple of gaps... and those with finally attuned ears will hear some clipping of the audio.  Suffice it to say that I would not want our podcast to be judged by the audio quality of this episode!  I'll explain more in our next episode about exactly why this episode didn't hit our usual quality level.

Show Content:

(NOTE - More detailed show notes with links will be made available next week.  For right now, we just want to get the show posted.)

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.
• 08:10 - Interview with Dave Endler and Mark Collier about their Black Hat talk and the VoIP security tools they released this week. (News articles from ZDNet and the Register.)
• 35:41 - Discussion of Hendrik Sholz's new smap tool and his zero-day exploit against Cisco PIX firewalls
• 39:46 - Discussion of Jay Schulman's session on phishing with Asterisk
• 45:29 - Discussion of Doug Mohney's session on using voice analytics to defeat social engineering
• 46:13 - Discussion of Nicolas Fischbach's session on carrier VoIP security
• 48:38 - Interview with Ofir Arkin about his session on NAC, Insightix, his role in VOIPSA, security research, etc.
• 1:05:42 - Mention of Alan Schimmler and his Still Secure blog and NAC
• 1:06:35 - Chat with Brenno de Winter about RFID (including this movie), his Dutch IT news podcast, and his podcast about learning Dutch that he started for his American girlfriend
• 1:11:41 - Mention of session on Network Neutrality and Dan Kaminsky's tools to help measure the neutrality of carriers
• 1:12:30 - Dark Reading: Skype’s Fire(wall) Fight (quotes Shawn Merdinger and sent in by Craig Bowser)
• 1:13:30 - Upcoming shows:
  • August 8-10, Santa Clara, CA, 3rd Annual VoIP Developer Conference
  • August 21-24, San Francisco, VoiceCon Fall 2006
  • (new) - Show in Asia that Jonathan will be attending - details coming soon
  • Sept 11-14, Boston, MA, Fall VON 2006
  • Sept 18-22, New York, Interop
  • Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
  • Oct 25-26, Rome, Italy, VON Italy
  • Nov 6-9, Berlin, Germany, VON Europe Autumn
  • Dec 4-6, Atlanta, GA, VON Enterprise
• 1:15:03 - Comment (email) from Martyn Davies
• 1:16:30 - Comment (email) from John Haluska
• 1:17:48 - Comment (email) from David Belle-Isle
• 1:19:17 - Comment (email) from Bobby Fentress
• 1:19:48 - Comment (weblog) from Michael Boman
• 1:20:37 - Comment (email) from Craig Bowser
• 1:22:11 - Wrap-up of the show
• 1:22:40 - End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-350-2583 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.