Synopsis: Blue Box #82: Asterisk & Skype security vulnerabilities, new VoIP security tools, VoIP steganography, VoIP security news and much, much more...
Welcome to Blue Box: The VoIP Security Podcast #82, a 47-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.
NOTE: This show was originally recorded on June 21, 2008.
You may also listen to this podcast right now:
- 00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners - and to all those listeners who have been here for so long!
- Programming notes:
- Note about the production team – new special editions coming soon.
- Note about URLs for the media files
- AST-2008-008 – Remote Crash Vulnerability in SIP channel driver when run in pedantic mode
- AST-2008-009 – Remote crash vulnerability in ooh323 channel driver
- Skype-SB-2008-003 – Skype File URI Security Bypass Code Execution Vulnerability
- New version of SIPvicious
- Sipflanker – tool to find SIP devices with web GUIs
- Discussion about VoIP Steganography (pointed to by Craig Bowser)
- Geeks Are Sexy: New Technology Hides Messages in Internet Phone Calls – and Switched: Spies to Use Skype to Send Secret Messages? – and The Register
- FierceVoIP: VoIP Security and the Circle of Trust pointing to Government Computer News: Careful with the call
- The Register: ‘Untraceable’ phone fraudsters eye your credit card
- SearchUnifiedCommunications: Disaster and recovery in the VoIP/IPT RFP
- Secure Computing: Voice tools under enemy fire
- VNUnet: A good VoIP application is worth paying for
- Ofcom confirms VoIP providers must provide access to 999 and 112
- Bogdan Materna’s blog is live
- Realtime Community: The Essentials Series:
Messaging and Web Security
- Global Knowledge: On-Demand Webinar on VoIP Security (hat tip to Thomas Lee )
- SearchSecurity: The threats to telcos and how they can repel them
- TMCnet: Balancing Issues in World of Telepresence
- Network World: VoIP Security Buying Guide
- Nortel and SecureLogix Team to Deliver Voice Security and Management Solutions to Worldwide Enterprise Market (see also this analysis )
- Sipera Partner Network Arms Resellers With Comprehensive UC and VoIP Security
- VIVOphone Deploys Paradial RealTunnel® to Solve NAT Traversal Challenges for VoIP Services
- Audiocodes joins the ranks of SBC vendors
- SearchSecurity: Securing the new network (interesting because it shows the layers of a defense in depth)
- The Hindu Business News: Serious about Security
- IP Telephony University – June 23-24, Alexandria, VA
- IPTComm 2008 – July 1-2, Heidelberg, Germany
- The Last H.O.P.E. – July 18-20, New York
- SpeechTek – August 18-20, New York
- Call for papers for Hack-in-the-box Malaysia ends June 30th
- SchmooCon 2008 videos available – several dealing with VoIP
- No comments this week.
- Review of the last week's traffic on the VOIPSEC public mailing list
- Wrap-up of the show
- 47:09 - End of show
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to firstname.lastname@example.org. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'email@example.com' to leave a comment there.
Thank you for listening and please do let us know what you think of the show.