Synopsis:Blue Box #70: 2-yr Anniversary show, VoIP security vulnerabilities, Vonage, Comcast, phishing, listener comments and much, much more...
Welcome to Blue Box: The VoIP Security Podcast #70, a 51-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.
You may also listen to this podcast right now:
NOTE: This show was recorded on October 25, 2007.
- 00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners - and to all those listeners who have been here for so long!
- Programming notes:
- Dan’s new employment with Voxeo
- Dan at VON next week – Dean Elwood is doing a VoIPUser dinner – perhaps a Blue Box dinner as well?
- We hope you enjoyed Blue Box SE 21 with Phil Zimmermann – many thanks to Martyn Davies for helping with that.
- Reporters for some of the spring shows? (we can probably get you press credentials… if you are there)
- XSS attack and SQL injection via SIP against Asterisk
- The XSS attack against Linksys SPA-941 we discussed last week was picked up by Secure Computing which resulted in this SearchSecurity.com article: New Attack Methods Target Web 2.0, VoIP (last link sent to us by Rhodri Davies)
- Sipera released a range of vulnerabilities related to Vonage, Grandstream and more – note that the Vonage thread has been picked up by ZDNet’s Russell Shaw
- Wired: Phones Aren’t Safe Either, Hackers Say – also discussed in Network World and Russell Shaw We’ve toasted so many of these (VoIP) networks… and Dustin Trammell’s blog (in the list of sessions he attended)
- SANS: Vishing, Skype, and VoIP-Based Fraud (sent in by Craig Bowser)
- CXO Today: The Phishing Epidemic
- PCWorld.CA: The eight most dangerous consumer technologies (Skype and consumer VoIP are #6 on page 2 )
- TMC Net: VoIP Peering in Search of a Viable Interconnect Business Model (note the comments about security toward the bottom)
- Cisco TechWise podcasts Session Initiation Protocol and Security (it’s on the page… came out 10/18/07 )
- TechRepublic: Sanity check: Will Microsoft be your next phone company? (nice roundup of the MS announcements… some of the comments are also interesting)
- AP: Comcast blocks some Internet traffic
- Ed Brill notes the impact on Notes/Domino traffic
- cnet post
- TorrentFreak: Comcast Throttles BitTorrent Traffic, Seeding Impossible
- P2PNet: Comcast impedes hi-speed file sharing
- Carnegie Mellon’s CyLab and Nortel Combine Efforts to Research Leading Security Technologies
- SearchVoIP.au: Avaya white paper: VoIP Security for Dummies
- - Upcoming shows:
- Comment (email) from Dan Wing about episode 69 and the potential DDoS attack
- Comment (email) from Raul Siles about episode 66
- Comment (email) from Raul Siles about SANS VoIP Security course
- Comment (audio) from Martyn Davies
- Comment (audio) from Dean Elwood
- Comment (audio) from Mike Wallace
- Comment (audio) from Raul Siles (with Matrix inclusion)
- Comment (audio) from Carsten Helmuth (cut off)
- Comment (email) from Scott Tanner
- Comment (email) from Shlomo Dubrowin
- - Drawing for the book
- - Review of the last week's traffic on the VOIPSEC public mailing list
- - Wrap-up of the show
- 51:14 - End of show
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-7280 or via SIP to '[email protected]' to leave a comment there.
Thank you for listening and please do let us know what you think of the show.