Synopsis:Blue Box #67: Contest for listeners, discussion about status, some VoIP security news, listener comments

Welcome to Blue Box: The VoIP Security Podcast #67, a 20-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 
• - Discussion of:
  • reasons for break in shows having to do with Dan no longer working for Mitel
  • two-year anniversary of the show coming up on October 24th
  • listener contest for copies of Peter Thermos and Ari Takanen's new book "Securing VoIP Networks"

• - ZDNet: "Jericho Forum voices concerns over VoIP Security"

• - Telappliant: "VoIP 'more secure than traditional phone systems'" (note the last paragraph about VOIPSA)

• - SecurityFocus: "VoIP Hopping: A Method of Testing VoIP Security or Voice VLANs and Release of "VoIP Hopper tool"

• - SIP Hacking Workshop in November in Vienna

• - Upcoming shows:
  
  
  
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON
• - Comment (email) from Craig Bowser (about VoIP Hopping article)
  
• - Comment (email) from Doug Simar about iPhone

• - Review of the last week's traffic on the VOIPSEC public mailing list 
• - Wrap-up of the show
  
• 20:46 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

FYI, I'm currently out at the Asterisk conference, AstriCon, in Phoenix, Arizona through Thursday night. If any listeners are also here at the show, please do drop a note as I'm always interested in meeting listeners face-to-face.

Also, over on the Voice of VOIPSA weblog, I've posted the question: "What would your 'security roadmap' for Asterisk be?" I'm giving a talk on the subject on Thursday and would welcome any feedback.

Technorati Tags: asterisk, astricon, conferences, security, voip, voip security, voipsa

Synopsis: Interview about SIP security with Cullen Jennings, Area Director for the Real-time Applications and Infrastructure area of the Internet Engineering Task Force (IETF).

Welcome to Blue Box: The VoIP Security Podcast Special Edition #20, a 42-minute interview about SIP security with Cullen Jennings of IETF and Cisco.  Recorded at VoiceCon San Francisco in August 2007.

Download the show here (MP3, 19MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

In this Special Edition, I sat down with Cullen Jennings out at VoiceCon San Francisco in August 2007 to talk about SIP security. Cullen had just co-presented with Eric Rescorla a 3-hour tutorial on SIP security and in this interview we covered an overview of the topics covered in that session, such as:

• challenges in encrypting SIP signaling (forking, early media (including what it is))
• proposed methods of encrypting voice/media, including ZRTP and DTLS
• SIP identity
• SIP outbound, a proposal for helping SIP signaling work across firewalls
• certificate management in SIP
• future security issues of concern within SIP

I believe you will find it both a very educational and interesting interview that will help explain some of the various areas of SIP security.

Cullen is a Distinguished Engineer with Cisco Systems but more relevantly is one of the Area Directors for the "Real-time Applications and Infrastructure" (RAI) area of the Internet Engineering Task Force (IETF). Basically almost all of the SIP-related standards move through the RAI area of the IETF. Cullen also has a strong interest in security and has been an author on several of the security-related RFCs and Internet-Drafts related to SIP.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to 'bluebox@voipuser.org' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.