Synopsis: Blue Box #63: Cisco and Asterisk VoIP vulnerabilities, the "Athens affair" (Greek wiretapping), iPhones and Duke, IETF and SPIT, SunRocket flares out, Skype phishing, VoIP security news and more...

Welcome to Blue Box: The VoIP Security Podcast #63, a 38-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 18MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long!
• 01:14 - Programming notes
  
  • Special Edition coming out with VON session.
  • Anyone going to Black Hat or Defcon next week?  We'd love a report.
• 01:41 - Cisco vulnerabilities: Cisco patches two VoIP security flaws.  Details at: Cisco Security Advisory: Cisco Unified Communications Manager Overflow Vulnerabilities  Dan Kaplan Cisco Patches Two Security Flaws reports IBM-ISS X-Force as having discovered them.
• 02:33 - Asterisk security vulnerabilities (several of them) – http://www.asterisk.org/security
• 06:25 - TechRepublic: VoIP threats: Beyond eavesdropping (pointer to it from Russel Shaw: VoIP security? Encrypt, encrypt, encrypt )
• 07:50 - Network World: Security firm: Don’t use iPhone Web dialer
• 09:13 - Duke University IT department reported as claiming:IPhones flooding wireless LAN at Duke University with various blogs speculating on the issue Interestingly the trade media is now reporting on what the blog writers are saying. Readers speculate on Duke University’s iPhone problem (and yes, we'll talk about the recent developments on Blue Box #64)
• 11:50 - Blogger News Network: If Social Security Calls requesting personal information, it might be smart to verify who you are talking to
• 13:57 - Register: Blacklists are Bad (and Hannes makes the connection to VoIP )
• 16:09 - Hannes Tschofenig had a number of posts relating to standards:
  
  • Disclosing SRTP Session Keys with a SIP Event Package
  • New Drafts to Tackle SPIT
  • A Survey of Protocols to Control NAT and Firewalls
  • Just read Hannes’ blog for more info about IETF 69!
• 16:42 - FTC Spam Summit
• 19:07 - IEEE article on Greek wiretapping scandal (sent in by Kand Palanisamy)
• 24:05 - Hackers stealing PBX phone minutes to on-sell cheap
• 25:52 - Emerging Telephony SunRocket Folds – Whither the Numbers
• 28:50 - Network World: Online ads could become a phisher’s dream
• 30:04 - Voice of VOIPSA: It’s What the Computer Has Become
• 31:52 - News Releases:
  • TippingPoint enhancing its IPS
  • Frost & Sullivan Extols XConnect’s Unique and Comprehensive Product Line Strategy for Federated VoIP Peering
• 33:58 - Upcoming shows:
  
  • Aug 20-23, San Francisco, CA, USA VoiceCon SF 2007
  • Sept 10-12, Los Angeles, CA, USA ITEXPO West 2007
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON
• 34:41 - comment (email) from listener Frank Leonhardt on possible Skype phishing email
• 37:03 - Review of the last week's traffic on the VOIPSEC public mailing list
• 37:35 - Wrap-up of the show 
• 38:25 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.