Synopsis: VoIP security news, opinions and many comments from listeners, along with a way to potentially win a copy of a new book on VoIP security.

Welcome to Blue Box: The VoIP Security Podcast show #23, a 35-minute podcast  from Dan York and Jonathan Zar with news and commentary about the world of VoIP security.  This show was also to feature the second of two interviews we have coming at you about the IETF meetings that took place in March 2006, however due to some production issues that interview will be pushed to the next show.

Download the show here (MP3, 33MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

In this show we also introduced our new promotion – anyone submitting audio comments (either by email or calling the comment line) during April will be eligible for a drawing for a free copy of "Practical VoIP Security" from Syngress Press. Many thanks to Bruce Stewart and the folks at O’Reilly & Associates (who distribute Syngress books) for providing this book.

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.  Mention of Frappr map for the show.  Please join the map!
• 02:06 – Note that if you are hearing advertising it is not from us! (and we would like to know about it)
• 03:05 – Note about the book promotion
• 04:52 – Request to help promote the show with reviews at PodcastAlley and iTunes
• 05:37 – Wired: A Pretty Good Way to Foil the NSA
• 06:20 – Wired: Why VoIP Needs Crypto (Bruce Schneier) – Ken Camp response to Schneir  and Bruce Stewart comment as well as Ars Technica reaction to Schneier: VoIP maybe not so secure?
• 08:07 – Network World: 802.11w fills wireless security holes
• 08:50 – FCW.com: Pentium computers vulnerable to cyberattack (about CanSecWest and mentions VoIP)
• 09:35 – Voiponder: Examining Two Well-Known Attacks on VoIP and Slashdot: Overlooked VoIP Security Issues?  and points to SiVuS scanner at  www.vopsecurity.org
• 11:33 – Red Herring – print: Spams New Target: VoIP
  and Ken Camp’s response 
• 12:51 – Techworld: Universities given more cash to secure VoIP  (Ram Dantu and colleagues) – also Newsblaze: U.S. Team To Study Potential Problems in Internet Phone Systems, Continuity Central: Research collaboration to investigate VoIP vulnerabilities and Contractor UK: VoIP dials up 2 million Brits (also other info about Skype users in UK)
• 14:36 – Sci-Tech Today: From PBX to VoIP: Making the Change  (security on page 4)
• 14:57 – Global Knowledge: Enterprise VoIP Security
• 15:31 – Searchsecurity.com: VoIP Security Learning Guide  (great list of links)
• 16:30 – Network World Security Strategies – newsletter pointing to Siemens white papers  (Telcom fraud, etc.)
• 17:41 – JaJah back in the news… eWeek: Cell Phones, Web Browsers to get VOIP Features  and JaJah Going Wireless Soon 
• 19:02 – Ken Camp: Skype Thoughts: P2P, tiered networks, or security risk?
• 19:28 – Podcast on telecom – Telecom Junkies
• 20:39 – Skype Podcast  (from a Skype enthusiast)
• 21:20 – Steve Gibson also continues his excellent series of podcasts with Security Now! Episode 34 on public key cryptography
• 22:09 – Upcoming shows:
  • April 18, DC (Arlington, VA) Homeland Defense & IT Security Training Conference  (I’ll be speaking)
  • Interop, April 30-May 5, Las Vegas (anyone going?)
  • June 1-2, DC, Workshop on VoIP security by Cybersecurity Industry Alliance and tekVizion – free to US gov, $195 for others
  • June 1-2, Berlin, Third Annual VoIP Security Workshop
• 23:11 – Comment from Alexis Laliberte
• 25:35 – Comment from Craig Bowser about meeting in DC
• 25:44 – Comment from Julien Goodwin about willing to engage in the debate
• 27:10 – Comment from Bruce Stewart
• 27:19 – Comment from Shawn Merdinger about  VoIP arrests in Bangladesh
• 28:08 – Comment from anonymous posting to #21 on breathing into the mike
• 29:08 – Comment from  Kandy on show 22
• 30:07 – Comment from Mark Collier that he’ll be out at Interop on a VoIP Security Panel
• 31:00 – Review of the last week’s traffic on the VOIPSEC public mailing list. Great discussion around IPSec vs TLS/SRTP (with metrics), softphones and VPNs and much more
• 32:09 – Wrap-up, info about how to leave comments, upcoming shows, etc.
• 32:24 – Question about whether we should continue with the current format of including an interview in the show or run the interviews separately?
• 34:45 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

In the spirit of the programming version of Easter eggs I will ask the question: what did we do differently with regard to the audio in the recording of this episode? I did something subtle… and I’m curious to know if it is detectable.  (Hmmm… sounds like a good idea for an audio comment back to us, eh?)

Thank you for listening and please do let us know what you think of the show.

Synopsis: VoIP security news, opinions and comments from listeners as well as a 25-minute interview with Dan Wing and Cullen Jennings from Cisco about SIP media security coming out of recent IETF meetings.

Welcome to Blue Box: The VoIP Security Podcast show #22, a 45-minute podcast  from Dan York and Jonathan with news and commentary about the world of VoIP security.  This show also features the first of two interviews we have coming at you about the IETF meetings that took place in March 2006.  This week’s 25-minute interview is with Dan Wing and Cullen Jennings of Cisco Systems and is primarily about Dan Wing’s presentation on methods of securing the SIP media stream.

Download the show here (MP3, 43MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.  Mention of Frappr map for the show.  Please join the map!
• 02:06 – Lycos offers free phone  (also Tom Keating blog entry)
• 08:07 – Wall Street Journal: op-ed on Skype (subscription only) – but also visible on Bruno Giussani’s blog – The fine print on Skype
• 09:37 – Jeff Pulver: Senate Extends Telephone Privacy Rules to VoIP Providers  (found via Bruce Stewart )
• 11:27 – Converge! Network Digest: Security in VoIP Networks – Stronger than TDM!
• 12:26 – Interoute Launches the First Genuinely Secure Corporate VoIP Service  – see also iSip product page – “Secure business calls wherever you are online, for free” (via Craig Bowser)
• 14:01 – TMC.net: Is Your Network VoIP Ready? (tip of the hat to Ken Camp )
• 14:58 – Upcoming shows:
  • April 18, DC (Arlington, VA) Homeland Defense & IT Security Training Conference  (I’ll be speaking)
  • Interop, April 30-May 5, Las Vegas (anyone going?)
  • June 1-2, DC, Workshop on VoIP security by Cybersecurity Industry Alliance and tekVizion – free to US gov, $195 for others
  • June 1-2, Berlin, Third Annual VoIP Security Workshop
• 15:34 – Feature interview with Dan Wing and Cullen Jennings of Cisco Systems primarily about Dan Wing’s presentation on SIP key exchange mechansims at the recent IETF meeting in March in Dallas, Texas.   In this segment, Dan goes through his first slides and explains the basic security issues around securing SIP media streams, talks about design choices for various proposed solutions and discusses where all this is going.   Given that SRTP interoperability between systems is an extremely important issue right now, it’s well worth grabbing a copy of the slides and joining Dan in a journey through the issues.  At about 32:03, the interview shifted to Cullen Jennings where he discussed the IETF re-organization and creation of the Realtime Applications and Infrastructure (RAI) Area and what that means for these issues.  Cullen also provides his view on the security discussions that occurred down at the IETF meeting.  Definitely all well worth a listen.
• 39:54 – End of interview
• 40:03 – Comment from Craig Bowser
• 40:40 – Comment from voipuser about Codenomicon interview
• 42:33 – Review of the last week’s traffic on the VOIPSEC public mailing list. Continued discussion of SRTP and UDP and much, much more
• 43:27 – Discussion of the ability to subscribe to the podcast via e-mail
• 44:04 – Wrap-up, info about how to leave comments, upcoming shows, etc.
• 45:25 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis: VoIP security news, opinions and comments from listeners as well as a 30-minute interview about Sipera.

Welcome to Blue Box: The VoIP Security Podcast show #21, a 57-minute podcast  from Dan York and Jonathan with news and commentary about the world of VoIP security.  This show also features a 30-minute interview with Micaela Giuhat, VP of product line management for Sipera.

Download the show here (MP3, 54MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.  Mention of Frappr map for the show.  Please join the map!
• 01:07 – It has been five months since we launched this show!
• 01:41 – News – discussion of launch of Yahoo!Voice
• 04:55 – Black Hat Europe: Silver Needle in the Skype  (115 slides)  (also at this URL )
• 05:30 – UPI: PGP founder unveils new VoIP security
• 06:03 – VON Magazine: Security at Spring VON 2006
• 06:13 – Network IT Week: VoIP security at odds with QoS
• 07:01 – Continuity Central: Keeping the VoIP House in Order (written by Jonathan)
• 07:38 -itnews.com.au: ISS Moves into VoIP Security  (see also the ISS news release )
• 08:07 – VoIP News Australia: ACIF VoIP Security Fact Sheet  (ACIF web site and VoIP security fact sheet )
• 09:03 – IT Observer: Keeping Voice Safe in the New Converged Age Voice Safe in the New Converged Age (written by BT)
• 09:18 – Government Computer News: FCC’s new homeland security unit
• 09:46 – Xmco Partners: White Paper – VoIP Security: A Layered Approach
• 10:10 – Cisco will have VoIP security article in April 2006 of IEEE Communications World
• 10:28 –Dan Wing’s presentation on SIP key exchange mechansims
• 11:36 – Steve Gibson over at Security Now! has started a series of podcasts on crypto issues:
  • Episode 30: Crypto 101 – ethics and intro
  • Episode 31: Crypto 102 – symmetric stream ciphers
• 12:59 – Upcoming shows:
  • April 18, DC (Arlington, VA) Homeland Defense & IT Security Training Conference  (I’ll be speaking)
  • Interop, April 30-May 5, Las Vegas (anyone going?)
  • June 1-2, DC, Workshop on VoIP security by Cybersecurity Industry Alliance and tekVizion – free to US gov, $195 for others
  • June 1-2, Berlin, Third Annual VoIP Security Workshop
• 
• 14:32 – Mention of Codenomicon interview and the fact that Victor Garza over at InfoWorld had some great VoIP-security-related podcasts published at weblog.infoworld.com/zeroday/
• 16:00 – Feature interview with Micaela Giuhat, VP of product line management for Sipera.  Sipera was recently in the news for their $13.2M financing round (news release ) and also the launch of their VoIP Security System. The interview covered:
  • the background of Sipera
  • their products
  • how their systems are different from all the other VoIP security systems out there
  • the research they have done into VoIP security
  • what they plan to do with the $13 million dollars
  • and much, much more…
• 45:54 – End of interview
• 46:45 – Comment from Tom Hayden
• 47:18 – Comment from Craig Bowser
• 47:46 – Comment from Hema Krishnamurthy
• 49:08 – Audio comment from David Retikoff from Nerds On-site
• 52:44 – Comment from Doug Simar
• 54:18 – Review of the last week’s traffic on the VOIPSEC public mailing list. Large amount of interesting traffic on SPIT (Spam for Internet Telephony), SRTP, VoIP security whitepapers, Skype report and more
• 56:00 – Wrap-up, info about how to leave comments, upcoming shows, etc.
• 56:54 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis: Review of VoIP security news and comments from listeners

Welcome to Blue Box: The VoIP Security Podcast show #10, a 19-minute podcast  from Dan York with news and commentary in the world of VoIP security.  Due to scheduling issues, Dan and Jonathan were unable to connect to do the show together and given the number of news items in the queue Dan went ahead with a solo show.  Both will be back together next week.

Download the show here (MP3, 18MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.  Mention of Frappr map for the show.  Please join the map!
• 01:45 – Phil Zimmermann has released a public beta of Zfone
• 02:07 – Sipera Gets a $13.2M Call (news release ) and also launches their VoIP Security System
• 03:05 – Three Skype related items:
  • Skype Security Blog: One times ten?
  • Skype Security Blog: Admin control of Skype features
  • Black Hat Europe: Silver Needle in the Skype 
• 04:55 – Irwin Lazar from the Burton Group has come out with a report on Skype:
  • Burton Group news release
  • Burton Group podcast about the report
  • Techworld UK: IT Warned against Skype Hype
  • IT Week: Analyst firm savages Skype

  Note that the full report is only available to Burton Group clients.

• 05:18 – Techworld UK: VoIP heading for mainstream  (see also Computerworld article that is essentially the same)
• 05:40 – Tom Keating: Adtran NetVanta 7100 launches
• 05:52 – Edmonton Journal: Input/Output
• 06:13 – TMC.Net: ShoreTel/Extreme Networks Partnership Promises VoIP Benefits
• 06:28 – Irish Developer Network: VoIP, your desire
• 06:43 – Processor: Software & Services You May Not Know About
• 07:26 – News releases: Mark Collier announces blog
• 07:34 – Covergence, RedSky Team to Develop E911 Solution for VoIP Service Providers
• 07:38 – Acme Packet Broadens Lawful Intercept/CALEA Support
• 07:43 – AVM Presents Professional VoIP for PBXs- VoIP for Businesses More Convenient Than Ever
• 07:51 – Juniper Networks Showcases Secure and Assured Voice Networking at Spring 2006 VON
• 07:57 – Codenomicon First to Offer Full Solution for Testing VoIP Security
• 08:02 – snom and Ingate Secure VoIP Traffic
• 08:19 – Covergence Joins Forces with Centillium Communications and NETGEAR to Deliver Bullet-Proof Consumer VoIP Security
• 08:40 – Upcoming shows
• 09:30 – Comment from Bobby Fentress
• 10:30 – Comment from Craig Bowser, including mention of Homeland Defense conference on VOIP
• 12:53 – Review of the last week’s traffic on the VOIPSEC public mailing list. Large amount of interesting traffic on SPIT (Spam for Internet Telephony)
• 15:53 – Note that you can now subscribe to the show via e-mail
• 17:23 – Wrap-up, info about how to leave comments, upcoming shows, etc.
• 19:30 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis: Interview with Geoff Devine from Cedar Point Communications about the security of VoIP over cable networks, VoIP security news and much more

Welcome to Blue Box: The VoIP Security Podcast show #19, a 63-minute podcast  from Dan York and Jonathan Zar around news and commentary in the world of VoIP security.  This show features a 36-minute interview with Geoff Devine from Cedar Point Communications about security of VoIP over cable networks.  As usual, the show also features news and comments from listeners.

Download the show here (MP3, 33MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.  Mention of Frappr map for the show.  Please join the map!
• 01:59 – Per Mark Collier the  Jonathan Collier term paper was a forgery.  Unfortunately, the term paper is a blatant plagarism of Mark’s earlier article.
• 06:07 – Irwin Lazar has made his presentation available from his webcast
• 06:48 – TMC.net: Sipera Launches VoIP Security Product and Sipera news release
• 08:08 – VoIP Magazine: SecureLogix CTO to Discuss Best Practices in Securing VoIP Networks
• 08:31 – Mark Collier launches his own VoIP Security Blog
• 08:58 – InsideBayArea.com (AP story) Caller ID not as reliable as you think  (also WombatNation blog entry )
• 12:16 – SecurityWatch blog: VoIP not that popular in the UK which points to BBC article:  Hanging on the Internet telephone
• 12:59 – Report on SANS/Nortel webcast last week about VoIP security
• 13:40 – News release: Mitel: MedQuist Virtual Workforce on the job through Mitel Technology
• 14:03 – Mitel: Foundry Networks and Mitel Expand Partnership with Advanced Open VoIP Solutions
• 15:02 – Upcoming conferences – anyone interested in reporting from any of the upcoming shows?
• 16:44 – Feature interview with Geoff Devine from Cedar Point Communications about the security of VoIP over cable.  Interesting glimpse into the world of cable systems and the PacketCable series of standards, including how security really works on cable systems.
• 53:30 – End of interview and brief discussion.
• 55:19 – Comment from "ponyboy" who also has a show called BellCoreRadio on DDP HackRadio Saturday nights at 8pm
• 56:47 – Comment from Shawn Merdinger on start of investigation into Linksys WIP300 WiFi handset
• 57:31 – Comment from Bruce Stewart on ETel coverage
• 58:05 – Comment from Martyn Davies on voice quality
• 59:07 – Review of the last week’s traffic on the VOIPSEC public mailing list. Large amount of interesting traffic on topics including security tools, books, links and more
• 60:54 – Note that Chris Martin is looking for questions for a new poll at SIP1.com
• 61:36 – Wrap-up, info about how to leave comments, upcoming shows, etc.
• 62:48 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.