Ah, the joys of switching domain name providers. I transferred blueboxpodcast.com from one registrar to another last week shortly before the domain name was set to expire. Unfortunately, I made one serious mistake - I didn't check the DNS nameservers for the domain at the new registrar (GoDaddy) to ensure they were pointing to the new nameservers. They weren't... they will still pointing to the old nameservers. As a result, when the domain name expired at the end of the day on Friday, the web site was no longer available and had the message that the domain name had expired.

MANY THANKS to the couple of you who contacted me on Saturday to let me know about this!

So I fixed the web site yesterday morning so that "www.blueboxpodcast.com" pointed over to TypePad, where I host this site, and that all seems to be back in action. If you type in "blueboxpodcast.com" without the "www", it was going to a generic GoDaddy page but I've set up the forwarding now so that this should now redirect you to www.blueboxpodcast.com once the DNS propagation occurs.

What is still dead, though, is the RSS feed... which is rather annoying since that is what podcast subscription tools like iTunes use! In working through the issues this morning, it appears to be the issue that

Feedburner is not using the updated DNS information.

The Blue Box RSS feed, which is http://feeds.feedburner.com/BlueBox is somehow pointing over to the old page. Yet the base feed for this site, http://www.blueboxpodcast.com/atom.xml resolves perfectly fine and does have the RSS information. (Please don't switch to subscribe to that one... I do like the stats I get through Feedburner.)

So it appears that I'm waiting for FeedBurner to update its DNS. I've tried all sorts of options in the FeedBurner settings, including the "Resync Feed" but nothing works because it seems that it is unable to get to the new site (because of DNS).

I've filed a help request in the FeedBurner Google Group (which appears to be the only way to get help). Hopefully FeedBurner will age out its DNS info soon and the feed will be back in action.

What I find strange, though, is that I'm 99% sure that all the DNS records had a TTL of 1 hour (and I'm 100% positive the new ones do). So my question to FeedBurner is - if that is the case, why aren't they respected the TTL settings of the domains?

I'll update this post once I have more information.

Technorati Tags: feeds, rss, feedburner, google, dns, bluebox

Today is a special day for me. It was three years ago on October 24, 2005, that Blue Box Podcast #1 was uploaded. It was an 11-minute episode where I talked about... Skype security, SIP security, IETF, VOIPSA and some other VoIP security news..... (Hmmm... sounds lot like our recent shows, too, eh?)

Jonathan Zar joined me a week later on Blue Box Podcast #2 and we've been going ever since. We've now produced over 112 episodes, had close to 245,000 downloads of our various shows, met some amazing people, learned a lot along the way... and hopefully helped you all learn a lot out there as well.

Thank you to all of you who have joined with us on this journey... whether you've listened to our show from the very beginning (and we know of a couple of you who have) or have only recently joined in... thank you!

And now... on to the next three years... :-)

Technorati Tags: blue box, bluebox, dan york, danyork, jonathan zar, security, voip, voip security, voipsa

Synopsis: Blue Box #85: Internet phone calls and terrorism, Georgia Tech report on Emerging Cyber Security Threats, phone jamming, 802.1X-REV, 802.1AE, VoIP security news and more

---

Welcome to Blue Box: The VoIP Security Podcast #85, a 32-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 15 MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long!
• Programming notes:
  • Three-year anniversary of Blue Box coming up on October 24th - any thoughts you'd like to share with us? (Please send them to us by October 23rd.)
• The Times: "Internet phone calls are crippling fight against terrorism" - and my response on the Voice of VOIPSA blog
• FierceVoIP: "UK crimefighting concern over VoIP calls, social networks" 
• BBC: Data powers behind the times 
  
• GA Tech Survey (PDF) (link about the GA conference )
• Dark Reading: Cellphone Botnets, Blackmailing VOIP & a Healthy Cybercrime Economy
• bMighty.com: Georgia Tech Security Report Scarier Than Its Football Team
• cNet: Botnets on cell phones in 2009?
• telecoms.com: Smartphone is a hotbed of security issues
  
• VNUnet: Security industry falling behind hackers
  
• AP: Phone Jamming in NH
  
• GigaOm: EEF Challenges Telco Immunity in Court 
  
• Information Week: New Protocols Secure Layer 2
• Voice of VOIPSA: Asking The Cisco Systems IPICS and JPS Raytheon ACU-2000 Experts: Questions 36-40
• Other Voice of VOIPSA articles
• snom technology AG: snom 820 combines mature VoIP technology with exclusive design
• IDC Finds Increasing Hype Around Unified Communications Is Affecting How Customers Select Telephony Systems and Services (interesting movement in the top vendors used  - Nortel out and IBM in)
• Peerless VoIP Peering
• Comment (IM) from Christian Wieser
• Review of the last week's traffic on the VOIPSEC public mailing list
  
• Wrap-up of the show
  
• 32:10 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

It was three years ago Friday, on October 24, 2005, that I uploaded Blue Box Podcast #1, an 11-minute show where I introduced the show, talked about VoIP security news (To no surprise, I was talking about Skype security!), some projects of VOIPSA and some other podcasts people might find interesting. A week later, on Halloween 2005, Jonathan joined me in Blue Box Podcast #2 and we were off and running...

Three years later... 84 main Blue Box episodes (with one more recorded) .... 26 Special Editions (with about 10 in the queue)... almost 250,000 downloads... we're still here and, with an admitted bit of a rough patch this summer, are still going along creating shows and enjoying what we do.

Jonathan and I are planning to record a 3-year show on this coming Friday, October 24th, and if you have any comments you would like us to include in that show, please do get them to us by the end of the day on Thursday, October 23rd. You can send them to us via:

• Email to blueboxpodcast@gmail.com
• Phone to +1-415-830-5439
• Phone via SIP to sip:bluebox@voipuser.org

The show started out 3 years ago as really an experiment in seeing whether or not podcasting could be used to reach out to very specific audiences... and it's been both fun, amazing and interesting to see how well it's done.

Thank you to all of you who have continued to listen and contribute over the years!

Technorati Tags: blue box, bluebox, voip, voip security, security, dan york, jonathan zar, voipsa

Synopsis:  Blue Box #84: New Cisco, Avaya, Nortel VoIP security vulnerabilities from VoIPShield, Skype in China, UCSniff and other new tools, news and more

---

Welcome to Blue Box: The VoIP Security Podcast #84, a 30-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long!
• Programming notes:
  • Three-year anniversary of Blue Box coming up on October 24th - any thoughts you'd like to share with us? (Please send them to us by October 23rd.)
• VoIPShield announces new vulnerabilities and http://www.voipshield.com/research.php
• http://www.theregister.co.uk/2008/09/30/voip_eavesdropping_tool/
• "Sipera Develops VoIP Spy Program - to Prove a Point" - http://www.voipplanet.com/trends/article.php/3776136
• SecureLogix Announces Free Availability of VoIP Security Tools
• NY Times: Surveillance of Skype Messages Found in China - http://www.nytimes.com/2008/10/02/technology/internet/02skype.html?_r=2&partner=rssnyt&pagewanted=print
• http://securitywatch.eweek.com/privacy/skypechina_breach_is_anyone_really_surprised.html
• http://www.informationweek.com/news/telecom/voip/showArticle.jhtml?articleID=210605439
• Skype CEO's blog post about the issue: http://share.skype.com/sites/en/2008/10/answers_to_some_commonly_asked.html
• http://www.itbusinessedge.com/blogs/top/?p=398
• http://www.voip-news.com/feature/google-phone-europe-growth-092408/
• http://www.itnewsafrica.com/?p=1269
• http://news.cnet.com/8301-1009_3-10052393-83.html
• http://www.broadbandreports.com/shownews/VoIP-Vulnerabilities-Being-Exposed-Today-98039
• http://www.itbusinessedge.com/blogs/top/?p=402
• http://voipsa.org/blog/2008/10/07/5th-emergency-services-workshop-to-be-held-oct-21-23-in-vienna/
• http://eon.businesswire.com/news/eon/20080924005342/en
• http://www.crn.com/security/210602442
• http://it.tmcnet.com/topics/it/articles/41236-infoblox-unveils-dns-firewall-address-dns-vulnerability-concerns.htm
• http://www.newswire.ca/en/releases/archive/September2008/29/c9005.html
• No comments this week.
  
• Review of the last week's traffic on the VOIPSEC public mailing list
  
• Wrap-up of the show
  
• 30:26 - End of show 

NOTE: Long-time listeners will note that the show notes above are in a less descriptive form than usual. After almost three years of using one wiki for preparing for our shows, Jonathan and I switched to using a new system and are still working out some of the details that will speed the input into show notes.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis:  Blue Box #83: SIP and Asterisk vulnerabilities, voice biometrics, P2PSIP, Aircell blocking Skype, VoIP security news and more…

---

Welcome to Blue Box: The VoIP Security Podcast #83, a 39-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 18MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was recorded on September 4, 2008.

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long!
• Programming notes:
  • Three-year anniversary of Blue Box coming up on October 24th - any thoughts you'd like to share with us? (Please send them to us by October 23rd.)
• Remote DoS in reSIProcate
• Remote root shell in Trixbox
• Second route of VoIPShield Cisco/Avaya/Nortel vulnerabilities
• AST-2008-010 – IAX2 ‘POKE’ Resource Exhaustion
• AST-2008-011 – IAX2 Firmware Provisioning System
• Saunderslog: Squawk Box – July 10, 2008: Voice biometrics and VoiceVerified.com
• Saunderslog: Squawk Box – July 9, 2008: P2PSIP
• IETF: P2PSIP Security Requirements
• Voice of VOIPSA: “Aircell blocking VoIP on a plane” – part 1 , part 2 and an update
• Voice of VOIPSA: Shawn Merdinger’s series on “Asking The Cisco IPICS Expert” – Questions 1-5 – 6-10 – 11-15 – 16-20 – 21-25
• Voice of VOIPSA: Asterisk ‘hack’ to show blocked Caller-ID points to larger trust issues with SIP (and SpeechTEK speech)
• NetworkWorld: Georgia student arrested for hacking grades, VoIP
• CRN: Analysis: Hacking VoIP as easy as 1-2-3
• Ari Takanen starts blogging at InfoWorld
• InfoWorld: Motivation for VoIP Fuzzing
• TMCnet: How to keep your tech career afloat
• New analyst report: Security Threats Loom Over Unified Communications pointing to Light Reading report and article
• VoIP Companies to Fight For Market Share
• IEEE approves 802.11r standard
• Google Chrome – upgrading the web to be application-centric
• Items on my DisruptiveTelephony blog… Skype 5th birthday, Asterisk future, Digium/Nortel
• No comments this week.
  
• Review of the last week's traffic on the VOIPSEC public mailing list
  
• Wrap-up of the show
  
• 39:08 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis:  Blue Box #81: iSkoot vulnerability, OFCOM legislation, VoIP security news and more

---

Welcome to Blue Box: The VoIP Security Podcast #81, a 42-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 19MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was originally recorded on May 21, 2008.

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long!
• Programming notes:
  • Note about the hiatus
• Voice of VOIPSA: Are your Skype username and password completely exposed if you use iSkoot?
• Voice of VOIPSA: Chronology
• Voice of VOIPSA: iSkoot disclosure of Skype credentials resolved – new version by Wednesday
• Ofcom confirms VoIP providers must provide access to 999 and 112 – and Hannes Tschofenig points to 4th Emergency Services Coordination Workshop and presentation about the UK
• MarketingVOX: British Proposal May Force ISPs to Fork Over Online Activity, Emails, VOIP Calls pointing to Reuters article: Britain mulls plan to store all email and calls
• Enterprise VoIP Planet: VoIP Security: SIP-Versatile but Vulnerable


• IT Business Edge: Pay Attention to VoIP Security Before The Storm
• NetworkWorld: Business Guide to VoIP Security


• Pocket-lint: Fraudsters targeting VoIP Users based on report out of Newport Networks (reported in VoIP News) – also covered at Fierce VoIP: Newport Networks riles up VoIP Security Fears and Computeractive: Phreak-out over VoIP and TechHerald article


• Network World: Security and management considerations when deploying OCS


• LXer: Secure Calling Initiative Reaches Second Milestone pointing to Secure Calling Initiative



• [H]Enthusiast: Mobile Phones, VoIP Not Secure, Experts Warn=



• VoIP News: The Essential Guide to VoIP Privacy



• Voice of VOIPSA: Information Week interviews SecureLogix about VoIP security


• eWeek: VoIP Security through Responsible Software Development


• Microsoft gives back door keys to Vista to police


• Comment (blog) from Martyn Davies


• Comment (email) from Detlef


• Comment (email) from Dan McGinn-Combs


• Review of the last week's traffic on the VOIPSEC public mailing list 


• Wrap-up of the show


• 41:43 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis:  Blue Box #80: VoIPShield vulnerabilities, what is ethical disclosure?, SIP trunking, VoIP security news, new nomadism, and much more...

---

Welcome to Blue Box: The VoIP Security Podcast #80, a 44-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 20MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was originally recorded on April 17, 2008.

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long!
• MANY thanks for all the offers of audio production assistance – getting it organized now


• Ingate SIP Trunking webinar now available (and a note about participating in things like this)


• VOIPSA blog site hacked
• Voice of VOIPSA: Quarterly VoIP Vulnerabilities Summary


• VoIPshield list of vulnerabilities


• Cisco Advisory


• Cisco Advisory about Disaster Recovery Framework


• Voice of VOIPSA: VoIPshield announces discovery of over 100 vulnerabilities along with a YouTube video


• CIO


• Washington Post: Reach Out And Hack Someone


• Voice of VOIPSA: GNUcitizen research discovery: Default key algorithm in Thomson and BT Home Hub routers


• VoIP News: The Essential Guide to VoIP Security


• Information Week: Securing VoIP with SecureLogix – includes YouTube video with Mark Collier


• Voice of VOIPSA: VoIP and the International Space Station


• Voice of VOIPSA: Xplico Network Forensic Analysis Tool


• Voice of VOIPSA: Australians falling victim to foreign phone hackers


• VoIP News Australia: How ACMA Plans to Regulate VoIP


• Network World: Government agencies rejecting VoIP?



• Linux Professional Institute to develop enterprise-level security exam


• Net neutrality and Bell Canada


• ZDNet: Attacks escalate on critical U.S. government networks: Will a Manhattan Project work?


• Google XSS Attack (interesting as it shows the complexity of such attacks)
• The Economist: Special Report: The New Nomadism


• VoiceBiometrics – May 14-15, New York


• IP Telephony University – June 23-24, Alexandria, VA


• Review of the last week's traffic on the VOIPSEC public mailing list 


• Wrap-up of the show


• 44:22 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis:  Blue Box Special Edition #25: An interview with Eric Hernaez, CEO of Solegy, about the OpenSBC project

---

Welcome to Blue Box: The VoIP Security Podcast Special Edition #25, a 13-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 6MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

In this interview, I sat down with Eric Hernaez, CEO of Solegy, to talk about the OpenSBC Project and how it provides an open source implementation of a session border controller (SBC).  We talked about how OpenSBC came about, who is using it, how scalable it is and where users can learn more.  We also discussed Solegy, the company supporting the open source OpenSBC project and what they are doing. It was an enjoyable talk that really came about randomly when I met Eric near the press room at IT Expo in Los Angeles back in September 2007. We had been wanting to learn more about the OpenSBC project so I put my recorder on a table and we started talking.

More information about the OpenSBC project and other open source SIP-related projects can be found at opensourcesip.org.

Production assistance on this Special Edition was provided by Sergio Meinardi.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis:  Blue Box #79: Asterisk vulnerabilities, VoiceCon/VON coverage, eavesdropping, FBI, ZFone, P2P, VoIP security news and more

---

Welcome to Blue Box: The VoIP Security Podcast #78, a 32-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 15MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was originally recorded on March 27, 2008. Yes, that was over two months ago... we know...

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 
• MANY thanks for all the offers of audio production assistance


• Dan met with Craig Bowser down at VoiceCon, also David Endler, Mark Collier, etc.


• Jonathan met with Dean Elwood, Martyn Davies, etc.


• Four Asterisk vulnerabilities


• The Economist: Bugging The Cloud


• Forbes: How to Make Your Phone Untappable


• VoIP News: VoIP: Who Might Be Spying on Your Communications? (Hint – It’s Not Just the NSA


• VoIP News: Listen Up: 17 Signs That You Are Being Wiretapped


• eChannelLine: Businesses lagging in securing VoIP (also ComputerWeekly.com and news release )


• eChannelLine: Ingate launches enhanced security for VoIP and SIP (also Enterprise VoIPPlanet )


• Voice of VOIPSA: Hacking Zyxel Gateways


• Voice of VOIPSA: Vishing Attacks


• Voice of VOIPSA: FBI VoIP Surveillance Requirements Leaked (also in FierceVoIP and Slashdot )


• Voice of VOIPSA: Hackers Send Thousands of Fake Calls to Deaf People


• SnapVoIP: Unified Communications in Virtual Worlds to Solve ‘Tower of Babel’ for Intelligence Agencies


• Israeli-made Cryptophone attracts world spy agencies pointing to product site


• BlogInfoSec.com: Save The Whales (about a new form of phishing)


• Network Computing: Your Data and the P2P Peril


• NetQoS: VoIP Monitor 1.1 released


• PC World: FaceTime Security Product Scans Skype’s Encrypted IM and news release


• Sipera IPCS Solution for Teleworkers Rated ‘Avaya Compliant’


• Extreme Networks Boosts Security for Converged Voice and Data Networks with New Tools
• Review of the last week's traffic on the VOIPSEC public mailing list 


• Wrap-up of the show


• 32:27 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.