Synopsis: Cisco SIP security vulnerabilities, VoIP security hype, SPIT, OpenID, other VoIP security news and more… 

Welcome to Blue Box: The VoIP Security Podcast #51, a 35-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions. 

NOTE: This show was originally recorded February 7, 2007. 

Download the show here (MP3, 16MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content: 

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long! Discussion of bandwidth in Japan and Asia.
• 03:13 – Programming notes
  • Podcasts by phone is back up with new number – +12183398544
• 3:53 – Cisco Security Advisory: SIP Packet Reloads IOS Devices Not Configured for SIP – note also that Cisco is now using CVSS as mentioned in their (Cisco) FAQ
• 06:33 – Multiple VOIP Phones Aredfox PA168 Chipset Session Hijacking Vulnerability
• 09:26 – InfoWorld NL: Hype versus reality in VoIP security
• 13:37 – ITWire: NEC’s VoIP spam detector turns Turing Test on its head and also Engadget: NEC invents 99 percent effective SPIT catcher and also ZDNet: VoIP spam tipped to rocket
• 16:49 – IIS Zone: What To Do When SPIT Hits The Fan (sponsored by Verisign)
• 18:59 – Network World: Expert: Phishing and other social attacks threaten VoIP (Dave Endler)
• 20:23 – CommsDesign: VoIP security: Scenarios, challenges, and counter measures—Part I
• 21:11 – CompTIA: Concerns Over IP Telephony Security Still Present in SMB Market, CompTIA Study Reveals – see also vnunet article and techtarget (sent in by Rhodri Davies)
• 23:49 – Aswath: Extending OpenID Authentication Scheme for Communication Systems
  • Comment from Shlomo Dubrowin about OpenID
• 29:09 – darkreading: FBI Faces Fresh Cyber Threats
• 29:36 – CRN: CRN Poll: No concerns around VoIP adoption (sample size?)
• 30:06 – Press Releases
  • Postini Annual Communications Intelligence Report Shows Security and Compliance Top Communications Professionals’ Concerns=
  • Sipera boots VoIP Security
  • Eyeball Intros AnyFirewall Engine (sent in by Craig Bowser)
  • SONUS NETWORKS OFFERS NETWORK OPERATORS ENHANCED SECURITY WITH LATEST RELEASE OF NETWORK BORDER SWITCH
  • Secure Computing Introduces Sidewinder 7.0, Industry’s First Reputation-based Firewall
  • Info Security Products Guide Awards Covergence the ’’Hot Companies’’ Recognition for 2007
• 31:18 – Hudson Barton has a new blog Borderless Communications with a VoIP Security Bulletins page
• 31:35 – Dr. Richard Zhao Liang has relocated his blog to http://sbin.cn/blog/ because of issues accessing WordPress.com from within China His Chinese blog is still at http://blog.zhaol.cn/
• 32:07 – Rodolfo Rosini’s company has changed its name to CellCrypt and raised $3.1M in financing
• 32:22 – Comments will be held until next week.
• 32:35 – Review of the last week’s traffic on the VOIPSEC public mailing list 
• 32:51 – Wrap-up of the show 
  • Dan’s going to Cairo the week of March 19th – any listeners out there?
  • Reminder that you can subscribe to the show via email as well as RSS 
• 35:54 – End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.