Blue Box: The VoIP Security Podcasthttp://www.blueboxpodcast.com/A weekly podcast offering news, views and commentary on security issues for Voice Over IP and IP TelephonyenMon, 27 Oct 2008 02:24:16 -0500TypePad http://www.typepad.com/Copyright 2006 Dan YorkVoIP,IP,telephony,voice,over,IP,security,skype,telecommunicationsTechnology/Tech NewsTechnologyBusinessBusiness/Business Newsblueboxpodcast@gmail.comDan York and Jonathan ZarDan York and Jonathan ZarnoVoIP,IP,telephony,voice,over,IP,security,skype,telecommunicationsThe podcast about VoIP security: news, opinions and commentary about the latest threats and tools in the world of Voice over IP (VoIP) and IP telephony security. Created by two security professionals involved with the Voice Over IP Security Alliance (VOIPThe podcast about VoIP security: news, opinions and commentary about the latest threats and tools in the world of Voice over IP (VoIP) and IP telephony security. Created by two security professionals involved with the Voice Over IP Security Alliance (VOIPSA), the show also frequently includes interviews with people involved in the field and tutorials on VoIP security topics.http://creativecommons.org/licenses/by-nc-sa/2.0/This is an XML content feed. It is intended to be viewed in a newsreader or syndicated to another site, subject to copyright and fair use.RSS feed back...http://feeds.feedburner.com/~r/BlueBox/~3/433310933/rss-feed-back.htmlAdministriviablueboxpodcast@gmail.com (Dan York and Jonathan Zar)Mon, 27 Oct 2008 02:24:17 -0500tag:typepad.com,2003:post-57596851It looks like FeedBurner finally refreshed its DNS info and the RSS feed is back in action. My apologies for the interruption. Please do let me know if there is anything else strange going on with the website or feed. Thanks.

]]>It looks like FeedBurner finally refreshed its DNS info and the RSS feed is back in action. My apologies for the interruption. Please do let me know if there is anything else strange going on with the website or feed....http://www.blueboxpodcast.com/2008/10/rss-feed-back.htmlBlue Box RSS feed dead - waiting for Feedburner to update its DNShttp://feeds.feedburner.com/~r/BlueBox/~3/433279455/blue-box-rss-feed-dead---waiting-for-feedburner-to-update-its-dns.htmlAdministriviaBlue Boxblueboxpodcast@gmail.com (Dan York and Jonathan Zar)Sun, 26 Oct 2008 07:24:45 -0500tag:typepad.com,2003:post-57562925Ah, the joys of switching domain name providers. I transferred blueboxpodcast.com from one registrar to another last week shortly before the domain name was set to expire. Unfortunately, I made one serious mistake - I didn't check the DNS nameservers for the domain at the new registrar (GoDaddy) to ensure they were pointing to the new nameservers. They weren't... they will still pointing to the old nameservers. As a result, when the domain name expired at the end of the day on Friday, the web site was no longer available and had the message that the domain name had expired.

MANY THANKS to the couple of you who contacted me on Saturday to let me know about this!

So I fixed the web site yesterday morning so that "www.blueboxpodcast.com" pointed over to TypePad, where I host this site, and that all seems to be back in action. If you type in "blueboxpodcast.com" without the "www", it was going to a generic GoDaddy page but I've set up the forwarding now so that this should now redirect you to www.blueboxpodcast.com once the DNS propagation occurs.

feedburnerlogo.jpgWhat is still dead, though, is the RSS feed... which is rather annoying since that is what podcast subscription tools like iTunes use! In working through the issues this morning, it appears to be the issue that

Feedburner is not using the updated DNS information.
The Blue Box RSS feed, which is http://feeds.feedburner.com/BlueBox is somehow pointing over to the old page. Yet the base feed for this site, http://www.blueboxpodcast.com/atom.xml resolves perfectly fine and does have the RSS information. (Please don't switch to subscribe to that one... I do like the stats I get through Feedburner.)

So it appears that I'm waiting for FeedBurner to update its DNS. I've tried all sorts of options in the FeedBurner settings, including the "Resync Feed" but nothing works because it seems that it is unable to get to the new site (because of DNS).

I've filed a help request in the FeedBurner Google Group (which appears to be the only way to get help). Hopefully FeedBurner will age out its DNS info soon and the feed will be back in action.

What I find strange, though, is that I'm 99% sure that all the DNS records had a TTL of 1 hour (and I'm 100% positive the new ones do). So my question to FeedBurner is - if that is the case, why aren't they respected the TTL settings of the domains?

I'll update this post once I have more information.

Technorati Tags: , , , , ,

]]>Ah, the joys of switching domain name providers. I transferred blueboxpodcast.com from one registrar to another last week shortly before the domain name was set to expire. Unfortunately, I made one serious mistake - I didn't check the DNS nameservers...noAh, the joys of switching domain name providers. I transferred blueboxpodcast.com from one registrar to another last week shortly before the domain name was set to expire. Unfortunately, I made one serious mistake - I didn't check the DNS nameservers...Dan York and Jonathan ZarAh, the joys of switching domain name providers. I transferred blueboxpodcast.com from one registrar to another last week shortly before the domain name was set to expire. Unfortunately, I made one serious mistake - I didn't check the DNS nameservers...VoIP,IP,telephony,voice,over,IP,security,skype,telecommunicationshttp://www.blueboxpodcast.com/2008/10/blue-box-rss-feed-dead---waiting-for-feedburner-to-update-its-dns.htmlhttp://www.blueboxpodcast.com/atom.xmlThree years of Blue Box podcasts....http://feeds.feedburner.com/~r/BlueBox/~3/431331276/three-years-of-blue-box-podcasts.htmlBlue Boxblueboxpodcast@gmail.com (Dan York and Jonathan Zar)Thu, 06 Nov 2008 05:39:32 -0600tag:typepad.com,2003:post-57528131Today is a special day for me. It was three years ago on October 24, 2005, that Blue Box Podcast #1 was uploaded. It was an 11-minute episode where I talked about... Skype security, SIP security, IETF, VOIPSA and some other VoIP security news..... (Hmmm... sounds lot like our recent shows, too, eh?)

Jonathan Zar joined me a week later on Blue Box Podcast #2 and we've been going ever since. We've now produced over 112 episodes, had close to 245,000 downloads of our various shows, met some amazing people, learned a lot along the way... and hopefully helped you all learn a lot out there as well.

Thank you to all of you who have joined with us on this journey... whether you've listened to our show from the very beginning (and we know of a couple of you who have) or have only recently joined in... thank you!

And now... on to the next three years... :-)

Technorati Tags: , , , , , , , ,

]]>Today is a special day for me. It was three years ago on October 24, 2005, that Blue Box Podcast #1 was uploaded. It was an 11-minute episode where I talked about... Skype security, SIP security, IETF, VOIPSA and some...http://www.blueboxpodcast.com/2008/10/three-years-of-blue-box-podcasts.htmlBlue Box #85: Internet phone calls and terrorism, Georgia Tech report on Emerging Cyber Security Threats, phone jamming, 802.1X-REV, 802.1AE, VoIP security news and morehttp://feeds.feedburner.com/~r/BlueBox/~3/429956306/blue-box-85-internet-phone-calls-and-terrorism-georgia-tech-report-on-emerging-cyber-security-threats-phone-jamming-802.htmlBlue BoxPodcastsVoIP Security802.1xblue boxblueboxdan yorkdanyorkgeorgia techjonathan zarphone jammingsipskypeterrorismukvoicevoice over ipvoice securityvoipvoip securityvoipsavoipsecurityblueboxpodcast@gmail.com (Dan York and Jonathan Zar)Thu, 23 Oct 2008 14:42:12 -0500tag:typepad.com,2003:post-57466277Synopsis: Blue Box #85: Internet phone calls and terrorism, Georgia Tech report on Emerging Cyber Security Threats, phone jamming, 802.1X-REV, 802.1AE, VoIP security news and more

Welcome to Blue Box: The VoIP Security Podcast #85, a 32-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 15 MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

]]>Synopsis: Blue Box #85: Internet phone calls and terrorism, Georgia Tech report on Emerging Cyber Security Threats, phone jamming, 802.1X-REV, 802.1AE, VoIP security news and more Welcome to Blue Box: The VoIP Security Podcast #85, a 32-minute podcast from Dan...noSynopsis: Blue Box #85: Internet phone calls and terrorism, Georgia Tech report on Emerging Cyber Security Threats, phone jamming, 802.1X-REV, 802.1AE, VoIP security news and more Welcome to Blue Box: The VoIP Security Podcast #85, a 32-minute podcast froDan York and Jonathan ZarSynopsis: Blue Box #85: Internet phone calls and terrorism, Georgia Tech report on Emerging Cyber Security Threats, phone jamming, 802.1X-REV, 802.1AE, VoIP security news and more Welcome to Blue Box: The VoIP Security Podcast #85, a 32-minute podcast from Dan...VoIP,IP,telephony,voice,over,IP,security,skype,telecommunicationshttp://www.blueboxpodcast.com/2008/10/blue-box-85-internet-phone-calls-and-terrorism-georgia-tech-report-on-emerging-cyber-security-threats-phone-jamming-802.htmlhttp://media.libsyn.com/media/lodestar/BBP-085-2008-10-17.mp3Blue Box's 3-year anniversary coming up on Friday... http://feeds.feedburner.com/~r/BlueBox/~3/426937191/blue-boxs-3-yea.htmlBlue BoxVoIP Securityblueboxpodcast@gmail.com (Dan York and Jonathan Zar)Mon, 20 Oct 2008 19:22:26 -0500tag:typepad.com,2003:post-57320011It was three years ago Friday, on October 24, 2005, that I uploaded Blue Box Podcast #1, an 11-minute show where I introduced the show, talked about VoIP security news (To no surprise, I was talking about Skype security!), some projects of VOIPSA and some other podcasts people might find interesting. A week later, on Halloween 2005, Jonathan joined me in Blue Box Podcast #2 and we were off and running...

Three years later... 84 main Blue Box episodes (with one more recorded) .... 26 Special Editions (with about 10 in the queue)... almost 250,000 downloads... we're still here and, with an admitted bit of a rough patch this summer, are still going along creating shows and enjoying what we do.

Jonathan and I are planning to record a 3-year show on this coming Friday, October 24th, and if you have any comments you would like us to include in that show, please do get them to us by the end of the day on Thursday, October 23rd. You can send them to us via:

The show started out 3 years ago as really an experiment in seeing whether or not podcasting could be used to reach out to very specific audiences... and it's been both fun, amazing and interesting to see how well it's done.

Thank you to all of you who have continued to listen and contribute over the years!

Technorati Tags: , , , , , , ,

]]>It was three years ago Friday, on October 24, 2005, that I uploaded Blue Box Podcast #1, an 11-minute show where I introduced the show, talked about VoIP security news (To no surprise, I was talking about Skype security!), some...http://www.blueboxpodcast.com/2008/10/blue-boxs-3-yea.htmlBlue Box #84: New Cisco, Avaya, Nortel VoIP security vulnerabilities from VoIPShield, Skype in China, UCSniff and other new tools, news and morehttp://feeds.feedburner.com/~r/BlueBox/~3/426417749/blue-box-84-new.htmlBlue BoxPodcastsVoIP SecurityVOIPSAavayablue boxblueboxchinaciscodan yorkdanyorkjonathan zarnortelsecurelogixsiperasipera systemsskypeskype securitytoolsvoicevoice over ipvoice securityvoipvoip securityvoipsavoipsecurityvoipshieldblueboxpodcast@gmail.com (Dan York and Jonathan Zar)Tue, 28 Oct 2008 10:02:31 -0500tag:typepad.com,2003:post-57285477

Synopsis:  Blue Box #84: New Cisco, Avaya, Nortel VoIP security vulnerabilities from VoIPShield, Skype in China, UCSniff and other new tools, news and more

Welcome to Blue Box: The VoIP Security Podcast #84, a 30-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

NOTE: Long-time listeners will note that the show notes above are in a less descriptive form than usual. After almost three years of using one wiki for preparing for our shows, Jonathan and I switched to using a new system and are still working out some of the details that will speed the input into show notes.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

]]>Synopsis: Blue Box #84: New Cisco, Avaya, Nortel VoIP security vulnerabilities from VoIPShield, Skype in China, UCSniff and other new tools, news and more Welcome to Blue Box: The VoIP Security Podcast #84, a 30-minute podcast from Dan York and...noSynopsis: Blue Box #84: New Cisco, Avaya, Nortel VoIP security vulnerabilities from VoIPShield, Skype in China, UCSniff and other new tools, news and more Welcome to Blue Box: The VoIP Security Podcast #84, a 30-minute podcast from Dan York and...Dan York and Jonathan ZarSynopsis: Blue Box #84: New Cisco, Avaya, Nortel VoIP security vulnerabilities from VoIPShield, Skype in China, UCSniff and other new tools, news and more Welcome to Blue Box: The VoIP Security Podcast #84, a 30-minute podcast from Dan York and...VoIP,IP,telephony,voice,over,IP,security,skype,telecommunicationshttp://www.blueboxpodcast.com/2008/10/blue-box-84-new.htmlhttp://media.libsyn.com/media/lodestar/BBP-084-2008-10-10.mp3Blue Box #83: SIP and Asterisk vulnerabilities, voice biometrics, P2PSIP, Aircell blocking Skype, VoIP security news and more…http://feeds.feedburner.com/~r/BlueBox/~3/422759142/blue-box-83-sip.htmlBlue BoxPodcastsVoIP Securityaircellasteriskavayablue boxblueboxciscodan yorkdanyorkjonathan zarnortelp2psipsecuritysipskypesquawkboxtrixboxvoicevoipvoip securityvoipsavoipsecurityblueboxpodcast@gmail.com (Dan York and Jonathan Zar)Mon, 20 Oct 2008 19:08:21 -0500tag:typepad.com,2003:post-57081861

Synopsis:  Blue Box #83: SIP and Asterisk vulnerabilities, voice biometrics, P2PSIP, Aircell blocking Skype, VoIP security news and more…

Welcome to Blue Box: The VoIP Security Podcast #83, a 39-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 18MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was recorded on September 4, 2008.

You may also listen to this podcast right now:

Show Content:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

]]>Synopsis: Blue Box #83: SIP and Asterisk vulnerabilities, voice biometrics, P2PSIP, Aircell blocking Skype, VoIP security news and more…Welcome to Blue Box: The VoIP Security Podcast #83, a 39-minute podcast from Dan York and Jonathan Zar covering VoIP security news,...noSynopsis: Blue Box #83: SIP and Asterisk vulnerabilities, voice biometrics, P2PSIP, Aircell blocking Skype, VoIP security news and more…Welcome to Blue Box: The VoIP Security Podcast #83, a 39-minute podcast from Dan York and Jonathan Zar covering VoIP seDan York and Jonathan ZarSynopsis: Blue Box #83: SIP and Asterisk vulnerabilities, voice biometrics, P2PSIP, Aircell blocking Skype, VoIP security news and more…Welcome to Blue Box: The VoIP Security Podcast #83, a 39-minute podcast from Dan York and Jonathan Zar covering VoIP security news,...VoIP,IP,telephony,voice,over,IP,security,skype,telecommunicationshttp://www.blueboxpodcast.com/2008/10/blue-box-83-sip.htmlhttp://media.libsyn.com/media/lodestar/BBP-083-2008-09-04.mp3Blue Box SE#026 - Astricon 2007 presentation on VoIP security and Asteriskhttp://feeds.feedburner.com/~r/BlueBox/~3/382765294/blue-box-se026.htmlConferencesPodcastsVoIP SecurityVOIPSAasteriskasterisk securityastriconastricon2007blue boxblueboxdan yorkdanyorkopen sourcesecurityvoipvoip securityvoipsablueboxpodcast@gmail.com (Dan York and Jonathan Zar)Wed, 03 Sep 2008 18:54:30 -0500tag:typepad.com,2003:post-55099816

Synopsis:  Blue Box Special Edition #26: Astricon 2007 presentation - "Hacking and Attacking VoIP Systems: What you need to worry about"

Welcome to Blue Box: The VoIP Security Podcast Special Edition #26, a 55-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 6MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

A year ago in September 2007, I (Dan York) spoke at Astricon 2007 in Arizona, USA, about "Hacking and Attacking VoIP Systems: What You Need To Worry About" My presentation covered a lot of the typical VoIP security threats, tools and best practices but also expanded a bit into specific security issues with Asterisk.  Please do keep in mind that it has been a year since this presentation and so some of the issues I mention have been addressed. (Astricon, for those who don't know, is an annual developer conference for those who work with the Asterisk open source telephony platform. Astricon 2008 is, in fact, coming up in about 3 weeks but I will not be attending this year.)

The slides for this talk are available from Slideshare:

Hacking and Attacking VoIP Systems - What You Need To Know
View SlideShare presentation or Upload your own. (tags: voip voipsecurity)

(And yes, at some point I'll sync the audio with the slides.)

Production assistance on this Special Edition was provided by Michael Graves who had a very tough task given the poor quality of the recording that I gave to him!  Kudos to Michael for getting it to sound as good as it does.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

]]>Synopsis: Blue Box Special Edition #26: Astricon 2007 presentation - "Hacking and Attacking VoIP Systems: What you need to worry about"Welcome to Blue Box: The VoIP Security Podcast Special Edition #26, a 55-minute podcast from Dan York and Jonathan Zar...noSynopsis: Blue Box Special Edition #26: Astricon 2007 presentation - "Hacking and Attacking VoIP Systems: What you need to worry about"Welcome to Blue Box: The VoIP Security Podcast Special Edition #26, a 55-minute podcast from Dan York and Jonathan Zar..Dan York and Jonathan ZarSynopsis: Blue Box Special Edition #26: Astricon 2007 presentation - "Hacking and Attacking VoIP Systems: What you need to worry about"Welcome to Blue Box: The VoIP Security Podcast Special Edition #26, a 55-minute podcast from Dan York and Jonathan Zar...VoIP,IP,telephony,voice,over,IP,security,skype,telecommunicationshttp://www.blueboxpodcast.com/2008/09/blue-box-se026.htmlhttp://media.libsyn.com/media/lodestar/BBP-SE026-Astricon2007-VoIPSecurity.mp3Blue Box #82: Asterisk & Skype security vulnerabilities, new VoIP security tools, VoIP steganography, VoIP security news and much, much more...http://feeds.feedburner.com/~r/BlueBox/~3/376657116/blue-box-82-ast.htmlasteriskasterisk securityblue boxblueboxdan yorkdanyorkjonathan zarsecuritysecurity toolsSIPSIP securityskypeskype securitysteganographytoolsvoipvoip securityvoipsavoipsecurityblueboxpodcast@gmail.com (Dan York and Jonathan Zar)Wed, 27 Aug 2008 19:53:33 -0500tag:typepad.com,2003:post-54784026

Synopsis:  Blue Box #82: Asterisk & Skype security vulnerabilities, new VoIP security tools, VoIP steganography, VoIP security news and much, much more...

Welcome to Blue Box: The VoIP Security Podcast #82, a 47-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was originally recorded on June 21, 2008.

You may also listen to this podcast right now:

Show Content: