Synopsis: Deflating VoIP security hype, SANS and the need for better VoIP security training, India moves to block Skype and other VoIP,  Skype security, tutorials, listener comments and more…

Welcome to Blue Box: The VoIP Security Podcast #47, a 69-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 32MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long!  Special welcome to readers who found us through the new Hacking Exposed: VoIP book that was just recently released.
• 02:20 – Programming notes:
  • sending in ident audio files
  • SanDisk Cruzer disks (with U3 software)
  • Blue Box dinner – photo by Martyn Davies
  • Security Podcast Network
  • SE #14- Interview with Ken Camp
• 09:19 – VoIP News: Voip Security ‘Best Practices’ Project Launches
• 09:41 – Voice of VOIPSA: The Register – Open Season for hackers
• 11:08 – SearchSecurity.com: Better VoIP training needed, SANS director says – see also Eric Chamberlin at Voxilla: VoIP Security: Stop Everything – also launched a VoIP security forum
• 18:30 – Economic Times (India): Illegal Web calls by BPOs face axe – see also 21Talks: India outlaws Skype, Yahoo and others
• 22:13 – British Computer Society: Skype – How safe is it? (sent in by both Martyn Davies and Rhodri Davies)
• 24:01 – Electronic Engineering Times: IP phone providers must focus on security, says report pointing to In-Stat report – VoIP Security: Preparing for the Evolving Threat – it can be yours for only $2,995  – see also In-Stat press release: Business VoIP Users Must Focus on Security
• 27:28 – b5media: Interview with PGP founder Phil Zimmermann: Zfone, secure VoIP media encryption software
• 29:41 – eWeek: Outlook 2007:VoIP
• 31:22 – The Age (Australia): Hackers ‘to target VoIP users’
• 32:39 – Greatreporter.com: VoIP wiretapping widespread, warns Scanit
• 34:16 – TMC.net: SPIT: Bringing Spam to Your Voicemail Box (by Bogdan Materna)
• 37:18 – Image and Data Manager (Australia): IM and VoIP Still Not On Security Radar
• 38:17 – InfoWorld ZeroDaySecurity Blog: Is social engineering always used to commit fraud?
• 45:16 – ZDNet UK: Weigh the pros and cons of VoIP over wireless
• 45:42 – Voice of VOIPSA: Security through Obscurity by Martyn Davies about the conf he attended
• 46:09 – Voice of VOIPSA: Cell phones, GPS location and Amber Alerts by Shawn Merdinger
• 47:28 – Voice of VOIPSA: IronGeek Hacking Tutorial Videos by Shawn Merdinger
• 48:32 – Enterprise VoIPPlanet: The VoIP Peering Puzzle: The IETF SPEERMINT Architecture
• Dialogic Expands IP Media Gateway Product Line (Martyn Davies works there… note the VoIP security mention later in the release)
• 51:24 – comment (audio) from “the man from California” about Click-to-Call
• 54:01 – comment (email) from Shawn Merdinger about Click-to-Call
• 56:20 – comment (email) from Raul Siles (just about BP project)
• 57:06 – comment (email) from Yiannis Miliaresis  about podcast in Greece and iptelephony.gr
• 58:27 – comment (email) from Julien Goodwin about CBR article
• 58:57 – comment (email) from Alan Garwood about mini-poll on Infosecurity Europe web page
• 60:16 – comment (email) from Shlomo Dubrowin about BP project
• 61:19 – comment (blog) from Mark Collier
• 62:29 – comment (email) from Frank Leonhart about BBP dinner
• 63:29 – comment (email) from Mike Bailey asking a question about Skype installation
• 64:20 – comment (email) from Dion Rowney about recorder
• 67:30 – Review of the last week’s traffic on the VOIPSEC public mailing list
• 68:23 – Wrap-up of the show
  • Reminder that you can subscribe to the show via email as well as RSS
  • Mention of our Frappr map
• 69:49 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

P.S. We didn’t mention the "upcoming shows", but here is the list we have been maintaining:

• Jan 23-26, 2007, Ft. Lauderdale, FL, Internet Telephony Conference and Expo – East
• Feb 5-9, 2007, San Francisco, CA, RSA Conference 2007
• Feb 27-Mar 1, 2007, San Francisco, Emerging Telephony 2007
• Mar 1-2, 2007, London, EUSecWest
• Mar 19-21, 2007, San Jose, CA, Spring 2007 VON
• Mar 23-25, Washington, DC, ShmooCon ‘07
• Apr 16-20, Vancouver, BC, Canada CanSecWest 2006