I'm delighted to report that Jonathan and I successfully recorded Blue Box #70 this morning. It was a bit surreal, actually. There I was at the Javits Center in a vacant room on conference WiFi and Jonathan's audio quality was outstanding! In fact, when I listened to the recording afterward his audio sounded far better than my audio that was recorded off of my local USB headset! Of course, in contrast to the stats I showed yesterday, here's how our call looked today:

0.0% packet loss on receiving Jonathan's signal! Very cool! And a 94ms round trip sure beats a 200-300ms round trip, eh?

To get this good quality on a conference WiFi really speaks to the efforts of the Interop NOC team to deliver this kind of network. Kudos to them!

For those curious, I recorded the show locally on my MacBook Pro using WireTap Studio from Ambrosia Software. Given that our recording levels were quite different, I'm probably going to need to run the recording through the Levelator in order to bring the levels in line.

It should be posted probably some time early tomorrow. I'm at Interop all day today and so the post-production will probably be done during my time out at JFK and flying home later today.

Technorati Tags: bluebox

It seems rather amazing to me that it was two years ago today - October 24, 2005 - when we launched this show with Blue Box Podcast #1 (I remember because 10/24 is just a great number for a geek!). It's been a long, strange trip since then... we've learned a lot... about podcasting, about building a community... and, of course, about VoIP security. We've put out 69 main shows and 21 special editions - a total of 90 shows... with more in the queue. It's truly been a remarkable experience and we greatly appreciate all the contributions and support we've had from all of you over the years. Thank you for all of your support!

Sadly, despite our best efforts, Blue Box #70 , our 2-year anniversary show, did NOT make it out today on our actual anniversary. With my schedule, we wound up trying to record tonight and unfortunately the hotel WiFi at the hotel I am staying at in New York City just wasn't up to giving us the quality recording that we wanted to have via Skype. Here's a taste of what we were experiencing:

If I read that right, we were getting a 32% packet loss... even if it was really 9%, it was still a lot. The roundtrip was much higher sometimes... up near 300 or more milliseconds. You just can't get a good recording in those circumstances. Skype was working fine earlier in the night, so I don't know if we just hit a time when more people were back at the hotel using the network. Whatever the reason, we eventually just had to give up. I thought about trying Yahoo!Voice or Gizmo, but generally if Skype is having problems the other ones will as well.

It's disappointing, primarily because I really wanted to get the show out today. We've recorded shows from hotels in the past (even using hotel WiFi) and this is the first time in two years that we've actually had to cancel a recording because of poor connectivity!

We're going to try again tomorrow from the Interop show where I did find I got great connectivity in some areas. We'll see. If not it may need to wait until Friday when I'm back in my home studio.

In the meantime, thanks again to all of you who have made this show a joy to produce and do each week!

Technorati Tags: danyork, jonathanzar, bluebox, voip security

Synopsis: Interview with ZFone and ZRTP creator Phil Zimmermann by Brenno de Winter.

---

Welcome to Blue Box: The VoIP Security Podcast Special Edition #21, a 44-minute interview between Phil Zimmermann and Brenno de Winter in August 2007.

Download the show here (MP3, 20MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

---

Show Content:

Brenno de Winter produces a Dutch podcast about information technology news called "ICT Roddels" (http://ictroddels.nl/) and back in early August he sat down with ZFone and ZRTP creator Phil Zimmermann to discuss (in English) what ZFone and ZRTP are all about. Brenno released the interview on his show and then offered it to us to run as a Blue Box show. In the 40-minute interview, Brenno and Phil spend the first 20 or so minutes talking about ZFone, ZRTP and VoIP security and then spend the remainder of the show talking about security in general, Phil's background and other topics.

While we have interviewed Phil in the past ourselves, it's been about a year since we last spoke with him and so we thought this might be an interesting update for you to hear. We thank Brenno for making the interview available to us.

I also have to say a word of thanks to long-time contributor Martyn Davies who stepped in at the last moment to provide the intro/outro to this interview. I unfortunately lost my voice after a presentation yesterday (bad news for a podcaster!) and Jonathan is currently traveling - and our goal this year is to make sure we get shows out on Wednesdays.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-7280 or via SIP to 'bluebox@voipuser.org' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis:Blue Box #69: Linksys SPA-941 vulnerability, SIP DDoS, New release of SIPVicious, Asterisk security roadmap, other VoIP security news, listener comments and more

---

Welcome to Blue Box: The VoIP Security Podcast #69, a 46-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 
• 01:03 - Programming notes:
  • Reminder of new comment line – 206-350-7280
  • Books from Peter Thermos and Ari Takanen – anniversary show promotion

  
  

• 02:13 - XSS attack against Linksys SPA-941
• 07:52 - USENIX ;login: article about SIP DDoS from Hement Sengar


• 12:10 - New release of SIPVicious tool suite


• 14:49 - Voice of VOIPSA: Suggestions for a Security Roadmap for Asterisk


• 21:02 - heise.uk: Skype silently fixes URI problem which relates to Windows issue pointed out back in July (see also here )


• 25:39 - heise online: Bavarian Criminal Police Office denies use of Trojan to eavesdrop on VoIP calls


• 27:57 - Zeenews.com (India): CBI favours monitoring of Internet gateways and networks


• 28:54 - Washington Post: VOIP Mix-Up Exposes Customer Call Data


• 31:58 - CXO Today (India): Mobile Business Applications Boost Security Demand




• 35:08 - Upcoming shows:
  
  
  
  • Oct 24-25, New York, USA, Interop
    
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON
• 35:33 - Comments - challenge with audio comment
  
• 35:47 - Comment (email) from Stephen Bosch asking about the CISSP credential


• 40:13 - Comment (email) from Scott Tanner (which we’ll hold for the 2-yr show) - Dan also gets talking about Dopplr.com


• 41:27 - Comment (email) from Frank Leonhardt


• 41:40 - Comment (email) from Michael Miller about PPT syncing software - answer is that we use a site called SlideShare




• 43:18 - Review of the last week's traffic on the VOIPSEC public mailing list 


• 43:57 - Wrap-up of the show
  


• 46:26 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-7280 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis:Blue Box #68: Top 14 VoIP Vulnerabilities, Asterisk security, VoIP hacker, IMS, P2P, Skype, industry moves, VoIP security news, listener comments and more...

---

Welcome to Blue Box: The VoIP Security Podcast #68, a 46-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 


• 01:03 - Programming notes:
  
  • New comment line – 206-350-7280
  
  
  • Slight web site changes
  
  
  • Books from Peter Thermos and Ari Takanen – anniversary show promotion
  
  
• 03:27 - NetworkWorld: Top 14 VoIP Vulnerabilities – and also this comment in reply


• 07:08 - blog.spywareguide.com: Bubbles… for Kids! (spyware that propagates via Skype IM)


• 09:25 - Voice of VoIPSA: What would your security roadmap for Asterisk be? and 3Com to sell/support Asterisk


• 18:11 - Voice of VOIPSA: VoIP Hacker Goes to Jail pointing to Information Week interview with Robert Moore which is similar to the Telecom Junkies interview I did earlier with Robert Moore.


• 19:14 - Converge!Digest: Defending the IMS Core (sponsored by Sonus)


• 20:56 - Processor: Getting Tough with P2P= which relates to Dan’s recent issues with using Skype at a hotel


• 26:36 - PC World: Attack of the Killer Bots


• 28:57 - News Releases
  • Sipera Secures $10 Million to Further Advance VoIP/UC Security=
  
  
  • Bandwidth.com Bands with Acme Packet (finally, security for SIP trunking!)
  
  
  • Radware Unveils Industry First Behavioral Server Protections as Part of its Full Spectrum Protection Technology
  
  
  • Alcatel-Lucent Bolsters its Security Solutions in Worldwide Reseller Agreement with CloudShield Technologies
  
  
  • Clavister Announces New Version of its IP-Based Security Operating System (see also press release )
  
  
  • ForeScout Continues Innovation Leadership with Latest Network Access Control Offering=
  
  
  
  
• 32:24 - 3Com bought by Bain Capital, Huawei


• 34:58 - Skype CEO out, eBay takes $1.4 million charge


• 37:08 - Nokia to buy Navteq


• 38:26 - Vonage loses patent trial
  


• 39:29 - Upcoming shows:
  
  
  
  • Oct 24-25, New York, USA, Interop
    
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON


• 39:58 - Comment (email) from Peter Thermos


• 42:15 - Comment (email) from Frank Leonhardt about Skype malware


• 42:24 - Comments (blog) about video edition #1


• 42:51 - Brief commentary from Dan about using TalkPlus to call a SIP URI from a cell phone


• 45:39 - Review of the last week's traffic on the VOIPSEC public mailing list 


• 46:00 - Wrap-up of the show
  


• 46:51 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-7280 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Unfortunately, the comment line for the podcast has had to be changed. The new number is:

+1-206-350-7280

We use a free service from K7.net and unfortunately if no one calls the service for 30 days, they terminate your user account. You have no way to get back the phone number that you previously had (which, okay, it's a free service, so I can't complain!) and you have to register a new one. I keep using it primarily because it's simple... people call and leave a voicemail - and a WAV file shows up in our inbox. Simple. Easy.

But it does have this 30-day rule. Given that we've had a stretch between shows, there haven't been people calling in. Usually I call it once a month just to make sure that we keep the number... but I've been a bit distracted lately and forgot to do so. So we lost the number, which is too bad because the old one spelled out "blue" with the last 4 digits.

Somewhere in here I'm going to set up a local Asterisk server with an inbound phone number and at that point I'll move the comment line over to it and stop using K7.net. However, until that time, we've just got to make sure that someone leaves an audio comment at least once a month!

(Disappointing that this happened just as I announced the call-in contest for the book for our anniversary show...)