Synopsis: Blue Box #78: Cisco IP phone vulnerabilties, WiFi handset insecurity, IETF security-related news, VoIP security news, listener comments and more
Welcome to Blue Box: The VoIP Security Podcast #78, a 40-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.
NOTE: This show was originally recorded on February 25, 2008. Yes, that was two months ago... we know!
You may also listen to this podcast right now:
- 00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners - and to all those listeners who have been here for so long!
- new comment line +1-415-830-5439
- Special Edition #23 with Sonus Networks
- Squawk Box podcast about voice phishing – also this article Vishing: The Latest, and Greatest, Security Concern
- Cisco: Cisco Unified IP Phone Overflow and DoS Vulnerabilities and Dustin Trammell’s coverage
- ZDNet: Design flaw in wireless VoIP handsets endanger the enterprise followed by Cisco confirms vulnerability in 7921 WiFi IP phone
- Voice of VOIPSA: Slides about P2PSIP security new available
- Voice of VOIPSA: RUCUS mailing list & BOF
- Voice of VOIPSA: End-to-end VoIP security using DTLS-SRTP
- Also a whole bunch on SIP Identity
- SIP Torture Tests for IPv6 now out in RFC 5118
- SIP Usage Scenarios Similar to SPIT
- SPEERMINT Security BCPs
- SIP Identity Baiting Attack
- Concerns around Applicability of RFC 4474
- VoIP Hopper 0.9.9 released (site ) – Thanks to Frank Leonhardt for the info.
- VoIP News: Is Someone Listening to Your VoIP Calls? (linked to from ZDNet )
- ZDNet: Cracking GSM
- TMCnet- Practicing Safe OCS
- TMCnet- Security Attack of the Day (Tom Cross starts blogging for TMCnet)
- Speaking of Tom, Techtionary.com Releases SIP Security Checklist
- Voice of VOIPSA: SIPTap Author forms VoIP Security Company (by Craig Bowser!)
- Voice of VOIPSA: Underpowered Hardware
- Project Spider – about SPIT
- CBC: Bell recovers stolen data on 3.4 million customers
- Comment (email) from Larry Farmer
- Comment (email) from Shlomo Dubrowin
- Comment (email) about SE #23
- Review of the last week's traffic on the VOIPSEC public mailing list
- Wrap-up of the show
- 40:01 - End of show
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to firstname.lastname@example.org. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'email@example.com' to leave a comment there.
Thank you for listening and please do let us know what you think of the show.