Synopsis:  Blue Box #82: Asterisk & Skype security vulnerabilities, new VoIP security tools, VoIP steganography, VoIP security news and much, much more...

Welcome to Blue Box: The VoIP Security Podcast #82, a 47-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was originally recorded on June 21, 2008.

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long!
• Programming notes:
  • Note about the production team – new special editions coming soon.
  • Note about URLs for the media files
• AST-2008-008 – Remote Crash Vulnerability in SIP channel driver when run in pedantic mode
• AST-2008-009 – Remote crash vulnerability in ooh323 channel driver
• Skype-SB-2008-003 – Skype File URI Security Bypass Code Execution Vulnerability
• New version of SIPvicious


• Sipflanker – tool to find SIP devices with web GUIs




• Discussion about VoIP Steganography (pointed to by Craig Bowser)


• Geeks Are Sexy: New Technology Hides Messages in Internet Phone Calls – and Switched: Spies to Use Skype to Send Secret Messages? – and The Register


• FierceVoIP: VoIP Security and the Circle of Trust pointing to Government Computer News: Careful with the call



• The Register: ‘Untraceable’ phone fraudsters eye your credit card



• SearchUnifiedCommunications: Disaster and recovery in the VoIP/IPT RFP



• Secure Computing: Voice tools under enemy fire



• VNUnet: A good VoIP application is worth paying for



• Ofcom confirms VoIP providers must provide access to 999 and 112



• Bogdan Materna’s blog is live
• Realtime Community: The Essentials Series:
  Messaging and Web Security
  Volume III


• Global Knowledge: On-Demand Webinar on VoIP Security (hat tip to Thomas Lee )


• SearchSecurity: The threats to telcos and how they can repel them


• TMCnet: Balancing Issues in World of Telepresence


• Network World: VoIP Security Buying Guide
• Nortel and SecureLogix Team to Deliver Voice Security and Management Solutions to Worldwide Enterprise Market (see also this analysis )


• Sipera Partner Network Arms Resellers With Comprehensive UC and VoIP Security


• VIVOphone Deploys Paradial RealTunnel® to Solve NAT Traversal Challenges for VoIP Services


• Audiocodes joins the ranks of SBC vendors


• SearchSecurity: Securing the new network (interesting because it shows the layers of a defense in depth)


• The Hindu Business News: Serious about Security


• Shows:
  
  
  
  • IP Telephony University – June 23-24, Alexandria, VA
  
  
  • IPTComm 2008 – July 1-2, Heidelberg, Germany
  
  
  • The Last H.O.P.E. – July 18-20, New York
  
  
  • SpeechTek – August 18-20, New York
  
  
  
  
• Call for papers for Hack-in-the-box Malaysia ends June 30th



• SchmooCon 2008 videos available – several dealing with VoIP
• No comments this week.
  
• Review of the last week's traffic on the VOIPSEC public mailing list 


• Wrap-up of the show


• 47:09 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis:  Blue Box #81: iSkoot vulnerability, OFCOM legislation, VoIP security news and more

Welcome to Blue Box: The VoIP Security Podcast #81, a 42-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 19MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was originally recorded on May 21, 2008.

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long!
• Programming notes:
  • Note about the hiatus
• Voice of VOIPSA: Are your Skype username and password completely exposed if you use iSkoot?
• Voice of VOIPSA: Chronology
• Voice of VOIPSA: iSkoot disclosure of Skype credentials resolved – new version by Wednesday
• Ofcom confirms VoIP providers must provide access to 999 and 112 – and Hannes Tschofenig points to 4th Emergency Services Coordination Workshop and presentation about the UK
• MarketingVOX: British Proposal May Force ISPs to Fork Over Online Activity, Emails, VOIP Calls pointing to Reuters article: Britain mulls plan to store all email and calls
• Enterprise VoIP Planet: VoIP Security: SIP-Versatile but Vulnerable


• IT Business Edge: Pay Attention to VoIP Security Before The Storm
• NetworkWorld: Business Guide to VoIP Security


• Pocket-lint: Fraudsters targeting VoIP Users based on report out of Newport Networks (reported in VoIP News) – also covered at Fierce VoIP: Newport Networks riles up VoIP Security Fears and Computeractive: Phreak-out over VoIP and TechHerald article


• Network World: Security and management considerations when deploying OCS


• LXer: Secure Calling Initiative Reaches Second Milestone pointing to Secure Calling Initiative



• [H]Enthusiast: Mobile Phones, VoIP Not Secure, Experts Warn=



• VoIP News: The Essential Guide to VoIP Privacy



• Voice of VOIPSA: Information Week interviews SecureLogix about VoIP security


• eWeek: VoIP Security through Responsible Software Development


• Microsoft gives back door keys to Vista to police


• Comment (blog) from Martyn Davies


• Comment (email) from Detlef


• Comment (email) from Dan McGinn-Combs


• Review of the last week's traffic on the VOIPSEC public mailing list 


• Wrap-up of the show


• 41:43 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Blue Box listeners,

Well, it's been a while. A long while. This summer turned out to be a bit crazier than Jonathan or I ever expected. The good news is that the renovation at my home is finally done and I've moved into my home office. The box of podcasting gear has come up from the basement. I'm not traveling for several weeks... so everything looks good to finally get the huge queue of back episodes out the door.

My goal this week is to get some of the older main shows out first followed by some of the excellent Special Editions that our volunteer production team has put together. If things work out the way I hope I should be getting you a show a day for the rest of the week. (We'll see.)

Thanks for your patience and continued interest in the show. We have very definitely not "podfaded"... and we'll be back with more shows and interviews in the weeks and months ahead! Thanks for continuing to listen.

Dan & Jonathan