Synopsis: Skype multiple login issue, OpenID, Cisco IP phone vulnerabilities, net neutrality, drive-by pharming, EU legislation and are smokers really a threat to VoIP security?

Welcome to Blue Box: The VoIP Security Podcast #53, a 48-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 22MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content: 

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long! D
• 01:36 – Programming notes
  • Dan will be in Cairo, Egypt, on the week of March 19th and would be delighted to meet with any listeners
  • Blogroll for listener blogs?
  • If you happen to use the Digg website, we noticed there is a podcast directory there and Blue Box could use some more Diggs
  • SRT episode on OpenID
  • Blue Box #51 set a new record – no Skype security issues!
  • Stay tuned for security sessions coming out of ETel
  • Martyn Davies did an interview about VoipSEAL anti-spam solution
• 04:05 – Cisco: Cisco Unified IP Conference Station and IP Phone Vulnerabilities – also 802.1X -tons of press coverage, including Cisco IP phone flaws show vulnerabilities of ‘Vo-Fi’
• 10:15 – Voice of VOIPSA:IPTComm Call for Papers
• 11:07 – Voice of VOIPSA: Combatting Voice Spam with VOIP Seal  (Martyn has also provided an interview which we will air as a Special Edition)
• 11:56 – Dan Wing of Cisco has introduced a new Internet Draft on Disclosing Secure RTP (SRTP) Session Keys with a SIP Event Package – critical thing we’ve been talking about
• 14:43 – An Internet-Draft is out on Requirements for Session Border Controllers
• 16:33 – Disruptive Telephony: I’ve been writing a good bit about OpenID and Dean Elwood has reponded with Why SIP doesn’t need OpenID
• 18:48 – Barton Hudson: A suggestion for solving the Skype multiple login issue
• 23:55 – eWeek: VoIP: What? Me, worry?
• 24:37 – Kevin Murphy summarizes a draft paper by researchers at Indiana
  University and Symantec in an article in Computer Business Review
  Online: Drive-By Pharming Attack Could Hit Home Networks
  –also see
• 25:44 – Net Neutrality is back in the news at the FCC, At the FTC and in wireless as it relates to Skype
• 30:43 – IT Reseller Online: Seven Tips For VoIP Security Success (requires login)
• 31:47 – Irwin Lazar is in a Cisco video: Cisco Techwise TV on securing unified communications (requires login)
• 32:34 – ComputerWorld: Smokers may be the weak IT security link  (the attacker tried to get on the VoIP network)
• 35:06 – Feature – EU privacy legislation –IHT article on privacy
• 40:02 – IT Business Edge – Consumer Mobile VoIP Services: The Next Security Challenge?
• 40:59 – Upcoming shows:
  • Mar 1-2, 2007, London, EUSecWest 
  • Mar 19-21, 2007, San Jose, CA, Spring 2007 VON
  • Mar 23-25, Washington, DC, ShmooCon ‘07 
  • Apr 16-20, Vancouver, BC, Canada CanSecWest 2006
• 41:47 – comment (email) from Andy Zmolek about BlueBox gathering at RSA… and note that we’d be glad to publicize dinners at conferences
• 42:39 – comment (email) from Martyn Davies about IPTComm
• 42:53 – comment (email) from Bill Stackpole
• 44:24 – comment (blog) from Tonio
• 47:07 – Review of the last week’s traffic on the VOIPSEC public mailing list 
• 47:4 – Wrap-up of the show 
  • Dan’s going to Cairo the week of March 19th – any listeners out there?
  • Reminder that you can subscribe to the show via email as well as RSS 
• 48:24- End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.