Synopsis: VoIP security news, Cisco vulnerabilities, conference news comments, news, VOIPSEC review

Welcome to Blue Box: The VoIP Security Podcast show #14, a 27-minute podcast  from Dan York and Jonathan Zar around news and commentary in the world of VoIP security. This show was actually recorded at the San Francisco Airport Marriott where the O’Reilly Emerging Telephony conference was taking place. One interesting fact is that after working together for most of a year on VOIPSA-related activities this was the first time Dan and Jonathan had actually physically met.

Download the show here (MP3, 25MB) or subscribe to the RSS feed to download the show automatically.

(This show was, in fact, recorded on January 24th and is only now
being posted primarily due to travel and other deadlines. Our apologies
for the delay.)

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.  Mention of Frappr map for the show.  Please join the map! Also included mention of upcoming interviews:
  • Jan 30 – Rick Robinson at Avaya about their teleworker set (back in show #8)
  • Feb 6 – Nick Frost, author of Information Security Forum report mentioned in #8
  • Feb 20– Per Cederqvist of Ingate systems on to talk about ‘sdescriptions’ key exchange
• 03:00 – Dan comments on O’Reilly’s Emerging Telephony Conference where his now.  Note that Jonathan will now be attending Internet Telephony happening at the same time in Florida. 
• 05:40 – Mention that this is the three-month anniversary of this show.
• 06:05 – News Section: Cisco vulnerabilities: Cisco Call Manager Privilege Elevation
  and Cisco Call Manager DoS
• 07:50 – Information Week: Paint Another Target on Cisco as Enterprise VoIP Grows  and Cisco Security Alerts Serve as VoIP Wake-Up Call
• 09:25 – eWeek: Security Patch Watch: Skype, Cisco
• 09:55 – Network World: VoIP vulnerability may be over-hyped, analyst says
• 10:50 – Security Park: Special Report on VoIP Solutions (also report here for $1295)
• 12:00 – TMC.net: Internet Telephony 2006  (Mention of VoIP security summit)
• 13:17 – Seattle Post Intelligencer: Eavesdropping leaps into 21st century
• 13:56 – Business Week:Coming to Your PC’s Back Door: Trojans
• 15:01 – BullMarket.com: Report Takes VoIP Spam; Looks at Software Security Companies That Could Benefit
• 15:41 – iTnews.com.au: Attackers to go after 2006’s weakest link: People (IBM security report)
• 17:20 – SF Chronicale: Editorial on the sale of call records
• 18:05 – Comment section – Comment from Christopher A.H. about inviting Steve Gibson
• 18:45 – David Jorrell – Podsage.com
• 19:40 – Aswath on Skype supernodes and NAT
• 22:37 – Craig Bowser on Ranch Networks and Asterisk
• 23:12 – Comment wrap-up
• 23:36 – Review of the last week’s traffic on the VOIPSEC public mailing list. Major topics this week included discussion around SIP clients that support TLS, security assessment tools, security for a home IP phone, vulnerabilities in Asterisk and a SIP client for embedded Windows 
• 24:46 – Mention of upcoming shows
• 25:25 – Shoutout to David Leblanc who enjoyed the show and sent around a note to his co-workers encouraging them to listen as well.
• 26:00 – Wrapup of the show:  final comments, notes about contributing, information about how to provide comments.
• 27:15 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.