Synopsis: Blue Box #66: Cisco/Grandstream/Thomson VoIP security vulnerabilities, Skype outage, VoiceCon coverage, VoIP security news, listener comments and more..

Welcome to Blue Box: The VoIP Security Podcast #66, a 56-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 
• 03:00 - Programming notes
  
  • First Blue Box video – what did you all think?  Should we do more of these?  (Anyone interested in helping?)
  • Upcoming interviews: excellent SIP security session with Cullen Jennings, update interview with Dave Endler/Mark Collier, contribution from Brenno deWinter of a Phil Zimmermann interview
  • Apologies if any of you had a problem downloading shows last week. Our hosting provider, LibSyn had a DNS configuration issue and people couldn’t get to the site.
• 07:55 - 3 messages SIP Remote DOS on Cisco 7940 SIP Phone – and Cisco response
• 12:17 - SIP remote attack on Grandstream SIP Phone GXV-3000
• 16:45 -Remote DOS on Thomson SIP phone ST 2030 using the VIA header and Remote DOS on Thomson SIP phone ST 2030 using the TO header
• 19:55 - Cisco: Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager
• 21:55 - Asterisk AST-2007-021 – Crash from invalid/corrupted MIME bodies when using voicemail with IMAP storage (note the move away from “ASA” which Avaya had been using)
• 24:30 - Sipera softphone issue – still working with the vendor
• 25:20 - Skype outage:
  
  • Voice of VOIPSA: It’s official – Skype blames the outage on Microsoft
  • Skype responds The Microsoft connection clarified and Dan’s commentary
  • Guardian: Skype’s nightmare weekend highlights peer-to-peer fears
  • PCWorld: Vendor Warning on Skype Eavesdropping
• 33:51 - ZDNet: Sipera introduces new enterprise VoIP security toolset
• 34:32 - Voice of VoIPSA VoiceCon coverage: SIP Security and IP Telephony Security Threats and Countermeasures
• 35:36 - VoIPNews: Hacking VoIP Exposed (interview with Mark Collier)
• 37:03 - eWeek Channel Insider: VOIP Security Requires Layered Approach, Experts Say and a blog reaction
• 37:23 - Computerworld: VoIP requires attention to security best practices
• 38:30 - Network World: VoIP hacker talks: Service provider nets easy pickings based on Telecom Junkies podcast: Interview with a VoIP Hacker - also tricityherald.com: Spokane man heads to prison for hacking
• 39:14 - IEEE Digital Library: Service Provider Implementations of SIP Regarding Security
• 40:32 - News Releases: 
  • Enterasys secures enterprise VoIP
  • Fortinet Adds UTM for Small Offices (mention of VoIP and 3G)
  • ResearchAndMarkets releases a new report on VoIP security
  • Raketu Realizes Over 50% Jump in Service Subscribers in Wake of Skype Outage
• 42:50 - Upcoming shows:
  
  • Sept 10-12, Los Angeles, CA, USA ITEXPO West 2007 
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON
• 43:44 - comment (email) from Rhodri Davies about PSTN being more secure
• 48:12 - comment (email) from Atilla asking about slides for SE 19
• 49:01 - comment (email) from Jose Luis about OCS
• 52:46 - comment (email) from Sachin Joglekar about video
  
• 54:31 - Review of the last week's traffic on the VOIPSEC public mailing list 
• 55:09 - Wrap-up of the show
  
  • Jonathan mentions that Jaxtr received $10million in VC funding.
• 56:15 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis: Blue Box Video Edition #1: SIP softphone exploit demonstration by Sipera Systems recorded at VoiceCon San Francisco 2007

Welcome to Blue Box: The VoIP Security Podcast Video Edition #1, a 5-minute video podcast from Dan York showing an exploit of a SIP softphone by Sipera Systems.

In this first video podcast, Dan interviewed Sachin Joglekar, Vulnerability Research Lead for Sipera Systems, about the exploit that Sipera first demonstrated at Black Hat USA 2007 last month in Las Vegas. Sachin shows how by sending a specific SIP packet, he can crash the SIP softphone but in doing so have it execute server code to which he can connect via netcat.  He then has a command prompt on the Windows system and can execute arbitrary commands.  In this case he just copied over some files.  He did indicate that they are working with the vendor of the (unnamed) SIP softphone to correct the problem.

The interview was recorded on the show floor of VoiceCon San Francisco 2007.

Download the show here (MP4, 30MB) or subscribe to the RSS feed to download the show automatically. 

You may also view the show here on this page:

Click To Play

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Given that this is our very first "video edition", comments are definitely appreciated.  We may try to do more of these in the future.

Thank you for listening and please do let us know what you think of the show.

P.S. Those of you wanting to know more about how I recorded the video and the tools I used (hint: I just used my Canon point-and-shoot camera) can read my post over on my Disruptive Conversations blog.

Synopsis: Blue Box #65: VoIP fraud case revisited, Black Hat and Defcon presentations, VoIP security news, listener comments and more..

Welcome to Blue Box: The VoIP Security Podcast #65, a 46-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was recorded on August 6, 2007.

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 
• 01:14 - Programming notes
  • VoIP Security Panel from VON now available as a Special Edition
• 02:27 - Telecom Junkies: Interview with a VoIP Hacker
• 13:21 - Black Hat / Defcon Coverage
  
  • Forbes: VoIP Vandals
• ZDNet: VoIP security vulnerabilities demonstrated at Black Hat conference
• GCN: Security an issue in dual-mode VoIP phones
• ComputerWeekly: VoIP security reaches tipping point
• ComputerWorld: Researchers flag VoIP exploits at Black Hat which points to these exploit tools and presentation
• iSEC also had a presentation/tools: “Point, Click, RTPInject” on this page of presentations
• tgdaily: PGP creator shows off VoIP encryption app – more in this weblog
• PC World: Networks: No Sweat to Skilled Hackers  (Good roundup and also mention of Estonian botnets)
• Risque Management: VoIP Scaremongers (good counterpoint)
• 23:55 - TMC.net: Security and Disaster Recovery for IP Telephony Systems (interview with Dan)
• 26:55 - TechRepublic: SolutionBase: Creating a secure and reliable VoIP solution
• 27:47 - TechRepublic: Will your VoIP provider go out of business?
• 29:07 - Enterprise VoIPPlanet: VoIPowering Your Office: Eavesdropping on VoIP Calls – Part 1
• 30:39 - vnunet: Homeland Security warns on US power threat
• 32:15 - ComputerWorld: RIM refutes security concerns over BlackBerry 8820 (interesting note about dual-mode and implications of WiFi on enterprise security)
• 35:38 - News Releases: 
  • Edgewater Networks, Inc. Introduces VoIP Performance Reporting Tool for Managed Service Providers
  • Sipera to Demonstrate VoIP-to-Data Exploit
• 37:44 - Upcoming shows:
  
  • Aug 20-23, San Francisco, CA, USA VoiceCon SF 2007 
  • Sept 10-12, Los Angeles, CA, USA ITEXPO West 2007 
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON
• 38:37 - comment (email) from Tom Cross of ISS about vulnerabilities
• 40:15- Review of the last week's traffic on the VOIPSEC public mailing list 
• 41:56 - Wrap-up of the show
  
  • Jonathan talks about recent studies around security of electronic voting machines.
• 46:05 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis: Blue Box #64: ARP storms, IPTComm, SRTP animations, VoIP security news, listener comments and more...

Welcome to Blue Box: The VoIP Security Podcast #63, a 38-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 15MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was originally recorded on July 26, 2007.

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 
• 01:23 - Programming notes
  
  • ETel presentations available with sync’d audio
• 02:47 - Follow-up on story last show about iPhone and ARP packets – NetworkWorld: New Cisco advisory outlines fix for ARP storms on wireless LANs% pointing to Cisco security advisory
• 06:12 - Voice of VOIPSA: IPTComm 2007, Day One and IPTComm 2007, Day Two
• 07:21 - PC World: Black Hat/Defcon Hackfests Promise Rollicking Action (note VoIP references)
• 09:43 - ITSecurity.com: The Dark Side of VoIP: Security Vulnerabilities
• 10:18 - Techtionary.com: SRTP/Secure RTP for VoIP/SIP (animation from our friend Tom Cross)
• 11:20 - TMCNet: Bluesocket Acquires VoIP Leader Pingtel  (Interesting because Bluesocket is a security firm.)
• 13:07 - Enterprise VoIP Planet: Mark Miller continues his series with The VoIP Peering Puzzle – Part 39: SBC Architectures – Ditech Networks
• 14:31 - ZDNet UK: Research: Convergence in mobile communications (note the very last bullet around barriers to adoption)
• 15:34 - TMCNet: Cedar Point Launches Campus Emergency Notification System
• 17:20 - Tipping Point comes out with DV Labs Blog  which actually pointed to SysAdmin Magazine goes quietly into the night
• 19:27 - News Releases: 
  • Edgeline Holdings Completes the Acquisiton of Secure Voice Communications, a VoIP Security Company
  • CommScope and IPcelerate Join to Make VoIP Safer
• 22:06 - Upcoming shows:
  
  • Aug 20-23, San Francisco, CA, USA VoiceCon SF 2007 
  • Sept 10-12, Los Angeles, CA, USA ITEXPO West 2007 
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON
• 22:33 - comment (email) from Stuart McLeod about 4-day VoIP Security course he wrote that is being offered by Global Knowledge (course description is online )
• 23:14 - comment (email) from Frank Leonhardt about Facetime seminars invitation
• 24:26 - comment (blog) from “Nope” about the slidecasts
• 25:16 - Review of the last week's traffic on the VOIPSEC public mailing list 
• 25:42 - Wrap-up of the show
  
  • Mention of potential legislation about peer-to-peer communication
  • Update on the Pena/Moore VoIP Fraud case
• 31:51 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis: "The Real Risks of VoIP Security" panel session at VON Europe in Stockholm, Sweden, in June 2007.  Moderated by Blue Box contributor Martyn Davies, the panel included Ari Takanen of Codenomicon, Cullen Jennings of Cisco and Akif Arsoy of Verisign.

Welcome to Blue Box: The VoIP Security Podcast Special Edition #19, a 55-minute podcast of the panel session "The Real Risks of VoIP Security" from VON Europe 2007 in Stockholm, Sweden, in June 2007.

Download the show here (MP3, 25MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

In this Special Edition, we bring you a recording of the panel session at VON Europe in Stockholm, Sweden, in June 2007.  Longtime Blue Box contributor Martyn Davies moderated the panel which included Ari Takanen of Codenomicon, Cullen Jennings of Cisco and Akif Arsoy of Verisign.  Rather than going with canned presentations of slides, the panel was a conversation among the panelists based on questions that Martyn had as well as questions from the audience.  I think you will find it both enjoyable and educational.

The members of the panel are, left-to-right, Martyn Davies (Dialogic), moderator, Ari Takanen (Codenomicon), Cullen Jennings (Cisco) and Akif Arsoy (Verisign):

We thank Martyn for contributing this recording and also compliment him on what is one of the best conference recordings we've ever offered as far as audio quality goes.  Dan also thanks Cullen Jennings for standing in for him when Dan was suddenly unable to attend Podcamp Europe.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to 'bluebox@voipuser.org' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Remember the Pena/Moore voip fraud case back in June 2006? Would you like to know how the attacks were done?  And how you can protect your network?

First, for those who don't recall, this was a case where Edwin Pena was alleged to have set himself up as a voice service provider and then, with the assistance of a developer named Robert Moore, routed his customer's calls across the networks of other VoIP service providers.  Pena is alleged to have stolen at least 10 million minutes from other voice service providers and made in excess of $1 million dollars. Pena subsequently fled the country (and remains even today a fugitive).  We wrote about it here and also covered it in Blue Box podcasts #31 and #33 and I was a guest on a Telecom Junkies podcast back in July 2006 discussing the case.

In any event, one year later Robert Moore has been convicted for his part in the scheme and on July 24th was sentenced to a two-year term in prison, 3 years probation and a $150+K fine.  

Before he reports to prison in about 6 weeks, though, Moore got in contact with Jason Huffman from The Voice Report to ask if Jason was interested in an interview.  Given my prior involvement with the Telecom Junkies podcast, Jason contacted me to see if I would also be interested in coming onto the show.  Both he and I were concerned about interviewing someone recently convicted (i.e. not wanting to glorify the crime or criminal), but I shared Jason's view that if we could obtain information about how the attacks were done we could potentially help people protect their systems against these type of attacks.  (Jonathan was also invited and provided great feedback but was unable to attend due to scheduling issues.)

The result is a new Telecom Junkies podcast: "Interview with a VoIP Hacker" which is available for download.

As we'd discussed in our previous coverage of the case, there were really two different types of systems that were attacked:

1. Voice gateways of VoIP service providers
2. Servers/routers of other businesses that were compromised to hide the source of traffic going to the voice gateways

In the interview, Robert Moore confirms that all the voice gateway attacks were H.323 (no SIP was involved) and they weren't terribly sophisticated because the VoIP service providers didn't have all that much security in place.

Moore also indicates that all the other boxes (#2) were compromised primarily by easy means such as weak and easily guessable passwords - or even worse, unchanged default passwords.  In some cases, there were boxes on the Internet with exposed SNMP ports that then let the attackers learn all about the box so that they could then research potential vulnerabilities.  This part really had nothing whatsoever to do with VoIP but instead with really just basic IT security practices which were (and undoubtedly still are) very obviously not being followed by many folks out there. 

In any event, the interview is now available for listening.  Meanwhile, Moore is soon heading off to prison and Pena is still somewhere out there...

P.S. If anyone listening can identify the name of the second switch vendor that Moore indicates he went after, neither Jason nor I could identify it despite my request for the name to be repeated.

UPDATE: Thank you to all who responded (including Robert's sister here in the comments). The other switch was a Quintum Tenor - http://www.quintum.com/