Greetings!  Welcome to our little corner of the online world where once a week (roughly) we get together to have a conversation about Voice-over-IP (VoIP) security.  As you look down the page, you'll see that we have two general types of shows. Our "main" shows are where we get together and discuss the latest VoIP security news, offer commentary on topical issues and play and respond to listener comments.  These shows have been numbered consecutively since our start in October 2005 and generally run about 45 minutes.  Our "Special Edition" podcasts (now designated with a "SE" in the show title) are typically special interviews we have done, presentations we have given or panels/presentations from conferences that we have been able to record.  They are quite diverse and so do vary widely in length.  As you'll notice in our main shows, we've developed a wonderful community of listeners and always welcome comments, contributions or other feedback. Thank you for visiting and we hope you enjoy the shows.  Please do send us your thoughts and comments.

Thank you,
Dan York and Jonathan Zar

Synopsis: Greetings from Dan and Jonathan on the occasion of US Thanksgiving and the note that there will not be a full show this week.

As this week is the holiday of Thanksgiving here in the USA, there will not be a full Blue Box show this week and so in this very brief podcast we send along our greetings and best wishes to you all.

Download the show here (MP3, <1MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to 'bluebox@voipuser.org' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis: VoIP in SANS Top 20, launch of VOIPSA Best Practices project, VoIP security news, Skype security, IETF, security policies, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast #45, a 49-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 23MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

 Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long!.
• 01:32 - Dan discusses Martyn Davies recent visit to Vermont and the great photo Martyn took of Dan podcasting, upcoming shows and more
• 04:50 - Voice of VOIPSA: VoIP included for first time in SANS Top 20 pointing to SANS Top 20 – thanks to UK listener Rhodri Davies
• 09:06 - IETF 67 was going on last week… no major news yet – but pointer to RTPSEC mailing list, mention of Phil Zimmermann's presentation (involving ZRTP and patents) and this Tutorial on ICE by Jonathan Rosenberg
• 11:02 - Voice of VOIPSA: Skype releases new Network Administrators Guide pointing to new Network Administrator’s Guide  – note the final 9 pages that deal with enterprise use of VoIP - see also CRN: Skype sets eyes on enterprise customers
• 13:54 - Jan Geiernat in Watching, Testing & Digesting:Skype Software & Hardware Gadgets has been writing more about Skype security lately, including this this this and this
• 14:35 - SearchVoIP.com: VoIP security safeguards – they may be there already – and Voice of VOIPSA reaction – and Voxilla reaction  – and Andy Abramson at VoIPWatch
• 16:29 - Ovum report creates news:
  • silicon.com: Get ready for VoIP attacks
  • CXOToday: Unknown Threat, Real Risk: VoIP Security
  • RedHerring: VoIP Security Gets Noisy
  • NewTelephony: Ovum: Reduce VoIP Security Risks Before Further Deployment
  • Of course, the Ovum report on VoIP security came out in August 2006 and costs $1,728!!!
• 20:02 - IPCommunications.com: Covergence and NewHeights Team to Offer Secure SIP-Enabled Soft-Client Offering
• 20:56 - TechRepublic: Get the skinny on proprietary protocols
• 21:28 - ITPro: Over half of UK businesses have no IM or VoIP policy (note that survey sponsor is Symantec)
• 22:16 - Network World: The New York Times taps Nortel to build secure VoIP net (interesting for the tour through what the NYT is doing)
• 23:05 - Computer Business Review Online: Finding your voice 
• 24:18 - InterGovWorld.com: Putting a PAL to work
• 25:37 - ComputerWeekly.com: How to keep your VoIP net safe
• 25:57 - VoIP Service Blog: New FTC rule to put an end to SPIT pointing to FTC ruling
• 28:00 - VON Magazine: BT swallows Counterpane – see also Bruce Schneier’s blog (including the comment)
• 28:54 - Creamer Media’s Engineering News Online: Power-line-based broadband offers security advantages
• 29:30 - TMC.net: Electrocom Intros VoIP Intercom System for K-12 Schools see also news release: Rauland-Borg Offers VoIP Intercom as Safety and Security Solution for K-12 Schools
• 30:12 - Upcoming shows:
  
  • Nov 29-30, Tokyo, Japan, PacSec 2006
  • Dec 4-6, Atlanta, GA, VON Enterprise
  • Dec 5, London, UK, Secure Mobile Computing
  • Jan 23-26, 2007, Ft. Lauderdale, FL, Internet Telephony Conference and Expo – East
  • Feb 5-9, 2007, San Francisco, CA, RSA Conference 2007
  • Feb 27-Mar 1, 2007, San Francisco, Emerging Telephony 2007
  • Mar 1-2, 2007, London, EUSecWest
  • Mar 19-21, 2007, San Jose, CA, Spring 2007 VON
  • Mar 23-25, Washington, DC, ShmooCon ‘07
  • Apr 16-20, Vancouver, BC, Canada CanSecWest 2006
• 31:40 - Feature segment - impending launch of VOIPSA Best Practices project page
  • What it is
  • Why the need
  • End goal
  • How people can participate
• 40:43 - comment (email) from Craig Bowser
• 42:37 - comment (email) from Craig Bowser (again) pointing to 50 Most Influential People in VoIP (VoIPSA was on the list, but not us – but Craig added us in the comments!)
• 43:14 - comment (email) from Shawn Merdinger about AT&T security presentation mentioned briefly in this article
• 44:19 - comment (email) from Rhodri Davies
• 45:00 - comment (email) from Da Beave about iWar
• 47:34 - Review of the last week's traffic on the VOIPSEC public mailing list
• 48:21 - Wrap-up of the show
  • Reminder that you can subscribe to the show via email as well as RSS
  • Mention of our Frappr map
• 49:24 - End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to 'bluebox@voipuser.org' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis: SIP attack tools, VoIP security news, IETF, patents, ZRTP, Skype security, Asterisk war dialling, voice biometrics, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast #44, a 36-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 17MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

 Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long!.
• 01:26 - Dan discusses GSA conference in Boston
• 01:55- Programming notes: looking for "best" episodes for CD, schwag for Cafe Press, and notes about upcoming shows and panels
• 02:55 - Side note that Daylight Savings Time will change in the US in 2007
• 04:18 - Programming notes - More shows are in the queue
• 04:47 - IETF - Dan Wing announces that he and several others have issued a new Internet Draft summarizing media security (primarily key exchange) requirements
• 07:43 - IETF - Alan Johnston announces a new version of the ZRTP Internet-Draft
• 08:10 - IETF - Phil Zimmermann announces an Intellectual Property disclosure related to ZRTP - also point to IETF RTPSEC discussion list (Free to subscribe)
• 09:29 - Free Software Magazine – Secure VoIP calling, free software, and the right to privacy (announcing GNUTelephony implementation of ZRTP )
• 10:09 - eWeek – VoIP: How Secure? (podcast with David Endler)
• 10:35 - Mark Collier – New VoIP hacking tools released on their HackingVoIP.com website – including one that mixes in audio - and also Voice of VOIPSA: Additional VoIP Attack Tools
• 13:19 - Ottawa Citizen: Wireless tech a headache for Canadian agents
• 13:55 - onestopclick: Data breach legislation on the cards for EU firms
• 15:10 - Network World: VoIP, hackers, botnets among challenges cyberprotectors face (tip of the hat to LiquidMatrix Security Digest )
• 16:24 - SearchSecurity.com: How ‘quadplay’ convergence can improve network security
• 17:40 - 21talks: Voice recognition coming to your bank points to other entry about voice customer calling his bank via SkypeOut
• 20:01 - VoipNow: What’s Going On With Skype In Jordan?
• 20:27 - Skype Journal: Who is Threatening Skype?
• 21:03 - International Herald Tribune: Network-monitoring technology provider Narus secures $30 million in new funding
• 21:47 - Sting3r.com: Creating Secure Asterisk Links which points to IAX2 War Dialer (Note that since the time this was recorded, the site has changed its design and the links no longer work. However, the site author contacted me to tell me that a site in Germany was mirroring his original site and the links were available there. I have now changed the links to point to the German site.)
• 22:42 - TMC.net: Mobile Industry Looks to EV-DO to Boost VoIP Quality
• 23:49 - Upcoming shows:
  
  • Nov 6-9, Berlin, Germany, VON Europe Autumn
  • Nov 29-30, Tokyo, Japan, PacSec 2006
  • Dec 4-6, Atlanta, GA, VON Enterprise
  • Dec 5, London, UK, Secure Mobile Computing
  • Jan 23-26, 2007, Ft. Lauderdale, FL, Internet Telephony Conference and Expo – East
  • Feb 5-9, 2007, San Francisco, CA, RSA Conference 2007
  • Feb 27-Mar 1, 2007, San Francisco, Emerging Telephony 2007
  • Mar 1-2, 2007, London, EUSecWest
  • Mar 19-21, 2007, San Jose, CA, Spring 2007 VON
  • Mar 23-25, Washington, DC, ShmooCon ‘07
  • Apr 16-20, Vancouver, BC, Canada CanSecWest 2006
• 25:00 - comment (audio) from Dave Roper
• 26:39 - comment (email) from Shlomo Dubrowin
• 27:45 - comment (email) from Ross Snowden
• 29:47 - comment (email) from Julien Goodwin (with offer of show segment)
•  30:28 - comment (weblog) from Kand Palanismy
• 31:33 - comment (weblog) from Martyn Davies
• 31:52 - comment (email) from Peter Kowalsky about Audacity notch filters
• 34:09 - Review of the last week's traffic on the VOIPSEC public mailing list
• 34:44 - Wrap-up of the show
  • Reminder that you can subscribe to the show via email as well as RSS
  • Mention of our Frappr map
• 37:24 - End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to 'bluebox@voipuser.org' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Back in Blue Box #41, listener Miguel Garcia sent in the links to the RTPSEC BOF sessions at the IETF66 meeting in Montreal, Canada, in July 2006.  I meant at the time to include them in the show notes - and have now done so - but thought I would also include these links here for people who might not revisit show #41:

• Audio recording, part 1 (BOF session starts at 9 minutes 45 seconds)
• Audio recording, part 2
• RTPSEC session minutes and slides

Note that this was the session in Montreal where the IETF attendees were trying to get to the requirements necessary for securing the RTP media stream.  The eventual outcome of that session was an Internet-Draft on media security requirements that was discussed at the IETF 67 meeting last week in San Diego, California.  (No word yet on the outcome of that discussion.)

Thanks, Miguel, for sending in those links - and my apologies for the delay in getting the links posted.

Where are all the shows that I kept talking about, eh?  Well...this week I had the lethal combination of getting rather sick and losing my voice (rather deadly for a podcaster!) and simultaneously having some large RFPs to which I had to contribute.  Taken together, these factors pretty much wiped out podcast production time this week.  Hang in there, though... LOTS of good stuff coming your way soon.

Signed,
Voiceless-in-Vermont