« Blue Box #52: Skype spyware? Cisco SIP issue again, secure call recording, Phil Zimmermann on VON Magazine, US Congress and Caller ID, ringjacking, Skype security, VoIP security, listener comments and more | Main | Blue Box #53: Skype multiple login issue, OpenID, Cisco IP phone vulnerabilities, net neutrality, drive-by pharming, EU privacy legislation and are smokers really a threat to VoIP security? »

March 06, 2007

Blue Box SE #15: ETel 2007 Black Bag Security Review - Dan York tells a story about VoIP security

Synopsis: Emerging Telephony 2007 General Session by Blue Box co-host Dan York called the "Black Bag Security Review" where Dan tells a story about VoIP security.

Welcome to Blue Box: The VoIP Security Podcast Special Edition #15, a 22-minute podcast of a general session presentation by Blue Box co-host Dan York called the "Black Bag Security Review" at O'Reilly's Emerging Telephony Conference 2007.

Download the show here (MP3, 10MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

At O'Reilly's 2007 Emerging Telephony conference last week in San Francisco, I (Dan) had the opportunity to give a 15-minute presentation to all attendees about VoIP security.  Rather than doing the traditional slideware outlining the threats, tools, best practices, etc., I tried to do something very different and simply tell a story of what could happen if a VoIP system were installed in an insecure manner - and how to go about securing that system.  I tried to make it interesting and humorous (something not often tied to VoIP security) and the feedback at the show was quite positive.  Given that this was the first time I had presented the topic in this manner, I would very definitely appreciate comments (positive or negative) either left here on this blog entry or sent or called in to the email address and numbers below.

Because the presentation was quite different in style from others that were given (and yes, it does come in at 243 slides in just about 15 minutes!), I received a number of questions and wound up writing a bit more about the presentation over on my Disruptive Telephony blog.  I included a bit about Lawrence Lessig and his impact on this presentation style.

I will include here an embedded view of the slides courtesy of SlideShare.net, although without being synced to the audio, they aren't terribly useful given that I was moving through them fast.  At some point I will also include a PDF version of the slides as well.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to 'bluebox@voipuser.org' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on March 06, 2007 at 05:34 PM in Conferences, Podcasts, VoIP Security, VOIPSA |

Technorati Tags: , , , , , , , , , ,

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341bfc6e53ef00d83430603553ef

Listed below are links to weblogs that reference Blue Box SE #15: ETel 2007 Black Bag Security Review - Dan York tells a story about VoIP security:

» ETel VoIP security session - The Story of SysAdmin Steve - now available as a podcast from Voice of VOIPSA
At OReillys 2007 Emerging Telephony conference last week in San Francisco, I had the opportunity to give a 15-minute presentation to all attendees about VoIP security. Rather than doing the traditional slideware outlining the threats, to... [Read More]

Tracked on March 12, 2007 at 10:44 PM

Comments

Very enjoyable. A great contrast to the standard powerpoint presentation.

Posted by: Martyn Davies | March 13, 2007 at 11:39 AM

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

The Obligatory Photo

Promote Blue Box!

  • Add this graphic to your site!

Contact Information

Full Disclosure

  • Dan York, CISSP, is the Best Practices Chair of the VOIP Security Alliance (VOIPSA) and the Director of Emerging Communication Technology for Voxeo.

    Jonathan Zar is affiliated with Pingalo and is the Secretary of VOIPSA and member of the Board of Directors.

    This is a personal project and neither Voxeo, Pingalo nor VOIPSA have any formal connection to this podcast. In the interest of transparency we just thought you should know our affiliations.

License

Why "Blue Box"?

  • We chose the name "Blue Box" primarily as a nod to the era of phone phreaking in part to illustrate that threats to telephony are not new - they just continue to change and evolve. That and admittedly the name just sounded cool.

Archives

More...

Categories

VoIP Podroll

Blue Box MP3 Files

Search Blue Box Website

  • Google

    WWW
    blueboxpodcast.com

  • Sign up for Dan's ENews
    * Email
    First Name
    Last Name
    * = Required Field

Recent Posts

Recent Comments

VoIP Security Books