Synopsis: Blue Box #76: Cisco, Skype and BT vulnerabilities, when SIP looks like SPIT, VoIP security threat predictions and the FBI forgets to pay their bills, plus listener comments and more...

---

Welcome to Blue Box: The VoIP Security Podcast #76, a 38-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 17MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 
• new comment line +1-415-830-5439
• Cisco: Cisco Unified Communications Manager CTL Provider Heap Overflow
• Skype: SKYPE-SB/2008-001: Skype Cross Zone Scripting Vulnerability – coverage in Skype blog and ComputerWorld article
• GNUcitizen: BT Home Call Jacking also mentioned in VOIPSEC message – coverage in PC World and The Register
• Voice of VOIPSA: SIP Security slides at ETSI event
• Voice of VOIPSA: How do you differentiate between legitimate SIP usage and SPIT? pointing to Dan’s Internet-Draft document
• RFC 5039 on SIP and Spam
• Sipera “news release on Top 5 VoIP Threat Predictions of 2008 – coverage in The Register: 2008 – the year VoIP gets hacked? and IT Business Edge: VoIP Security Still Falling Short
• SearchSecurity.com: Enterprise security in 2008: Addressing emerging threats like VoIP and virtualization
• C|Net blogs: Can terrorists use the Net to avoid wiretaps?

FBI Wiretaps dropped due to unpaid bills

• CityCell joins rivals forced to pay up for VoIP infringements
• Comment (email) from someone looking for VoIP security professional in Connecticut
• Comment (email) from Shlomo Dubrowin
• Review of the last week's traffic on the VOIPSEC public mailing list 
• Wrap-up of the show
• 38:09 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

If any of you reading this are at the Mobile World Congress (formerly "3GSM") in Barcelona, Spain, this week, Jonathan is there as well. If you are there, please do drop him an email as (schedule permitting) he is always interested to meet up with listeners and others interested in VoIP security.

Technorati Tags: mobile world congress, 3gsm, jonathan zar, voip, voip security, voipsa

Synopsis: Interview with Bob Bradley of Sonus Networks

---

Welcome to Blue Box: The VoIP Security Podcast Special Edition #23, a 19-minute interview with Bill Bradley, Product Line Manager for Security Solutions at Sonus Networks.  Recorded at Fall VON in Boston at the end of October 2007.

Download the show here (MP3, 9MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

---

Show Content:

In this Special Edition, I sat down with Bob Bradley, Product Line Manager for Security Solutions at Sonus Networks to talk about their products and how they protect VoIP and other traffic. In particular we discussed the Sonus Network Border Switch including how it fits into network installations and how it is different from other similar products on the market.  We also covered some general issues around SIP security and talked about the company in general.

I will candidly admit that I was not very aware of Sonus' solutions prior to this podcast, but since this time I've found their products running in a range of places I had not noticed them before.  I believe you all will find this a useful introduction to an interesting company and useful solutions.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis: Blue Box #75: Asterisk vulnerability, SANS paper on VoIP security, SPIT, tons of listener comments and much more...

---

Welcome to Blue Box: The VoIP Security Podcast #75, a 38-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 17MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 
• new comment line +1-415-830-5439
• AST-2008-001: Remote Crash Vulnerability in SIP channel driver
• Voice of VOIPSA: IETF seeking feedback on ‘Requirements from SIP Session Border Controller Deployments’
• SANS paper on VoIP Security pointing to actual paper
• ComputerWorld: Security dominates 2008 IT agenda
• TechCentral.ie: Coming Together – 8 for 2008
• SecurityPark: IT managers complacent about VoIP infrastructure security threats
• TechRepublic: SPAM and SPIT: what are the dangers? pointing to Does UC present new opportunities for spammers?
• VoIP-News: The VoIP-News Top 25 VoIP Blogs of 2007
• List of VoIP Hacking software
• ITworld.com: IT job skills that matter now (see the first line of the sidebar)
• Comment (audio) from Frank Leonhardt
• Comment (blog) from Raffi
  welcome_to_blue.html#comment-96147586 about Blue Box #73
• Comment (blog) from Aswath
• Comment (email) from Ben Penson
• Comment (email) from Shawn Merdinger
• Comment (email) from Jon Farmer
• Comment (email) from Shlomo Dubrowin
• Comment (email) from someone seeking assistance in southern California
• Review of the last week's traffic on the VOIPSEC public mailing list 
• Wrap-up of the show
• 43:57 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.