Synopsis: VoIP fraud case, CALEA tutorial/commentary, VoIP security news, listener comments and much, much more…

Welcome to Blue Box: The VoIP Security Podcast show #31, a 53-minute podcast  from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This show includes a 10-minute segment on the recent Pena/Moore VoIP fraud case and about a 15-minute discussion of the recent FCC decision about CALEA and what that means. There is of course the usual coverage of VoIP security news and comments from listeners

Download the show here (MP3, 61MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

NOTE: I would welcome any comments about the audio quality of this MP3 file as compared to our other shows would be appreciated – I am trying out a new audio encoder. Thanks.

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.  Mention of our listener survey – PLEASE TAKE A MOMENT TO COMPLETE THE SURVEY!  (Thank you!) It looks like Dan will most likely be at the IETF 66th Meeting in Montreal, June 9-14 – Please drop us a note if you are going to be there.  Check out VOIPSA’s blog if you have not already done so.
• 10:28 – Feature discussion of recent VoIP fraud scam that was all over the news:
  • DOJ News Release
  • DOJ complaint against Pena
  • DOJ complaint against Moore
  • Business Week: Is Your VoIP Phone Vulnerable? (and my VOIPSA blog response as well as Slashdot: VoIP Security Vulnerabilities)
  • New Telephony: VoIP Network Security: How a Hacker Took Advantage of Vulnerabilities
  • Networking Pipeline: VoIP’s Real Security Threat
  • TMC.net: VoIP Security Hack Highlights the Need for Proactive Solutioins (by Bogdan Materna)
  • FOX News / Eweek: Alleged VoIP Scam Highlights Looming Security Threat
• 20:26 – Feature discussion on CALEA and the recent FCC decision:
  • VOIPSA blog
     
  • Computer World: Court upholds VoIP wiretapping
     
  • Jeff Pulver blog: The Week I Wish that Wasn’t—Down and Out in Washington, DC
     
  • InfoWorld: Internet pioneers: VOIP wiretapping complicated
    (and VOIPSA blog )
     
  • IT Assoc of America: CALEA and VoIP: Study Finds Wiretaps in Cyberspace Problematic
• 36:43 – Core Technologies Uncovers Vulnerabilities
• 37:41 – VOIPSA Blog: Not Just SPIT but SPOG and SPOM by Martyn Davies
• 38:19 – Burton Group analyst Irwin Lazar’s report Debunking the Hype About Skype now available with free login
• 38:53 – Burton Group session on VoIP
• 39:14 – VON Magazine online: Black Hat tracks VoIP
• 40:53 – Webtown – Jan in Malaysia: Ipoque PRX Traffic Manager now able to detect, control and block Skype Version 2.5.  (trackback to http://www.typepad.com/t/trackback/5124548 )
• 41:23 – Steve Gibson’s Security Now covered NAT in #42 and Open Ports in #43.
• 42:02 – Upcoming Shows:
  • July 9-14, Montreal, Canada, IETF 66th Meeting
  • July 19-21, Tokyo, Japan, VON Japan
  • August 2-3, Las Vegas, Black Hat 2006
  • August 8-10, Santa Clara, CA, 3rd Annual VoIP Developer Conference
  • Sept 11-14, Boston, MA, Fall VON 2006
  • Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
• 42:47 – Email comment from Mark Trifiro about having links launch in new windows
• 44:44 – Audio comment from Adrian Braun
• 45:27 – Email comment from Miguel Garcia – will be at IETF
• 45:51 – Email comment from “verizon user” pointing to ITAA report being on RISKS list
• 46:24 – Email comment from David Belle-Isle (threat vs vulnerability)
• 47:40 – Email comment from Chris Serafin about giving a customer case study
• 49:28 – Review of the last week’s traffic on the VOIPSEC public mailing list, mostly focused on softphone vulnerabilities and a continued heavy discussion of Skype security
• 51:26 – Shoutout to Sasha, the host of the Skype podcast
• 51:50 – Wrap-up of the show
  • Mention of our Frappr map
• 53:15 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.