Synopsis: VoIP security news, Cisco vulnerabilities, conference news comments, news, VOIPSEC review

Welcome to Blue Box: The VoIP Security Podcast show #14, a 27-minute podcast  from Dan York and Jonathan Zar around news and commentary in the world of VoIP security. This show was actually recorded at the San Francisco Airport Marriott where the O’Reilly Emerging Telephony conference was taking place. One interesting fact is that after working together for most of a year on VOIPSA-related activities this was the first time Dan and Jonathan had actually physically met.

Download the show here (MP3, 25MB) or subscribe to the RSS feed to download the show automatically.

(This show was, in fact, recorded on January 24th and is only now
being posted primarily due to travel and other deadlines. Our apologies
for the delay.)

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.  Mention of Frappr map for the show.  Please join the map! Also included mention of upcoming interviews:
  • Jan 30 – Rick Robinson at Avaya about their teleworker set (back in show #8)
  • Feb 6 – Nick Frost, author of Information Security Forum report mentioned in #8
  • Feb 20– Per Cederqvist of Ingate systems on to talk about ‘sdescriptions’ key exchange
• 03:00 – Dan comments on O’Reilly’s Emerging Telephony Conference where his now.  Note that Jonathan will now be attending Internet Telephony happening at the same time in Florida. 
• 05:40 – Mention that this is the three-month anniversary of this show.
• 06:05 – News Section: Cisco vulnerabilities: Cisco Call Manager Privilege Elevation
  and Cisco Call Manager DoS
• 07:50 – Information Week: Paint Another Target on Cisco as Enterprise VoIP Grows  and Cisco Security Alerts Serve as VoIP Wake-Up Call
• 09:25 – eWeek: Security Patch Watch: Skype, Cisco
• 09:55 – Network World: VoIP vulnerability may be over-hyped, analyst says
• 10:50 – Security Park: Special Report on VoIP Solutions (also report here for $1295)
• 12:00 – TMC.net: Internet Telephony 2006  (Mention of VoIP security summit)
• 13:17 – Seattle Post Intelligencer: Eavesdropping leaps into 21st century
• 13:56 – Business Week:Coming to Your PC’s Back Door: Trojans
• 15:01 – BullMarket.com: Report Takes VoIP Spam; Looks at Software Security Companies That Could Benefit
• 15:41 – iTnews.com.au: Attackers to go after 2006’s weakest link: People (IBM security report)
• 17:20 – SF Chronicale: Editorial on the sale of call records
• 18:05 – Comment section – Comment from Christopher A.H. about inviting Steve Gibson
• 18:45 – David Jorrell – Podsage.com
• 19:40 – Aswath on Skype supernodes and NAT
• 22:37 – Craig Bowser on Ranch Networks and Asterisk
• 23:12 – Comment wrap-up
• 23:36 – Review of the last week’s traffic on the VOIPSEC public mailing list. Major topics this week included discussion around SIP clients that support TLS, security assessment tools, security for a home IP phone, vulnerabilities in Asterisk and a SIP client for embedded Windows 
• 24:46 – Mention of upcoming shows
• 25:25 – Shoutout to David Leblanc who enjoyed the show and sent around a note to his co-workers encouraging them to listen as well.
• 26:00 – Wrapup of the show:  final comments, notes about contributing, information about how to provide comments.
• 27:15 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis: Presentation by Brad Templeton, Chairman of the Electronic Frontier Foundation, at O’Reilly’s Emerging Telephony Conference on January 26, 2006

Welcome a special edition of Blue Box: The VoIP Security Podcast from the floor of the Emerging Telephony Conference in San Francisco, CA. In this presentation, Brad Templeton, Chairman of the Board of Directors of the Electronic Frontier Foundation (EFF), channels his "evil twin" and uses humor and sarcasm to attack the recent FCC ruling applying CALEA to VoIP Service Providers, hits the Universal Service Fund, announces a lawsuit and rips into wiretapping.  It was quite an entertaining and humorous – yet serious – session.

We thank Brad Templeton and the conference team at O’Reilly for giving us permission to make this recording available to you all.

Download the show here (MP3, 19MB) or subscribe to the RSS feed to download the show automatically.  The show runs about 21 minutes.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.
Audio comments sent as attached MP3 files are definitely welcome and
will be played in future shows.  You may also call the listener comment
line at +1-206-338-6654 to leave a comment there.

Synopsis: Presentation by Phil Zimmerman at O’Reilly’s Emerging Telephony Conference on January 26, 2006

Welcome a special edition of Blue Box: The VoIP Security Podcast from the floor of the Emerging Telephony Conference in San Francisco, CA.  In this presentation, Phil Zimmermann, creator of PGP, outlines his ideas and plans for a new way to encrypt VoIP conversations.  His new software, currently called "zFone", will be available in early March for beta testing.  Updates and information will be available from his website at http://www.philzimmermann.com/.  A quote:

I would like to do for VoIP what I did for e-mail… I’d like to make it possible for you to whisper in someone’s ear – even if their ear is thousands of miles away.

We thank Phil Zimmermann and the great team at O’Reilly for giving us permission to make this recording available to you all.

Download the show here (MP3, 22MB) or subscribe to the RSS feed to download the show automatically.  The show runs about 23 minutes.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.
Audio comments sent as attached MP3 files are definitely welcome and
will be played in future shows.  You may also call the listener comment
line at +1-206-338-6654 to leave a comment there.

Synopsis: Interview with Shawn Merdinger about WiFi phone vulnerabilities, VoIP security, comments, news, VOIPSEC review

Welcome to Blue Box: The VoIP Security Podcast show #13, a 35-minute podcast  from Dan York and Jonathan Zar around news and commentary in the world of VoIP security. This show primarily features an 29-minute interview with Shawn Merdinger, an independent security researcher focused on the security of WiFi SIP handsets.

Download the show here (MP3, 33MB) or subscribe to the RSS feed to download the show automatically.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.  Mention of Frappr map for the show.  Please join the map!
• Upcoming interviews:
• Jan 30 – Rick Robinson and Jerry Ryan at Avaya about their teleworker set (mentioned in show #8)
• Feb 6 – Nick Frost, author of Information Security Forum report mentioned in #8
• Feb 20– Per Cederqvist of Ingate systems on to talk about ‘sdescriptions’ key exchange
• Upcoming events – Dan will be attending O’Reilly’s Emerging Telephony Conference in San Francisco January 24-26. If you are also planning to be there, please drop us an e-mail.  Jonathan will now be attending Internet Telephony happening at the same time in Florida.  If you are also interested in sending in a report, check out the details on the show blog.
• 02:05 – Feature interview with Shawn Merdinger,  a security researcher now employed by the Tipping Point division of 3Com.  He was previously a security researcher at Cisco and as an independent security researcher started an investigation into the security of WiFi handsets.

  On the weekend of January 13-15, he attended Shmoocon 2006, a hacker conference in Washington, DC, and presented a talk entitled “VoIP WiFi Phone Handset Security Analysis: We’ve met the enemy…and they built our stuff?!?” (his Shmoocon presentation is available for download here)  Following that, on Monday, January 16, 2006, he released advisories to the ‘full-disclosure’ mailing list outlining the vulnerabilities that he found in six SIP WiFi handsets:

  • ACT P202S VoIP wireless phone multiple undocumented ports/services
  • Senao SI-7800H VoIP wireless phone wdbrpc debug service UDP/17185
  • Clipcomm CPW-100E VoIP wireless handset phone open debug service TCP/60023
  • MPM HP-180W VoIP wireless desktop phone undocumented port UDP/9090
  • ZyXel P2000W (Version 2) VoIP wireless phone undocumented port UDP/9090
  • Clipcomm CP-100E VoIP wireless desktop phone open debug service TCP/60023

  We spoke with Shawn at length in a wide-ranging interview that covered topics such as:

  • Background – why did he start the project?

  • Vendor notification program

  • Future plans for further testing?  Methodology?
  • A POP e-mail client on a SIP phone?
  • Test methodology?  Access to manuals?
  • Implications for users of WiFi phones
  • Reactions from affected vendors
  • Summary of vulnerabilities
  • Timeframe for next release?
  • Advice to companies for working with independent security researchers
  • Business opportunities around helping companies work with security researchers
  • Applying this research to the VoIPSA Threat Taxonomy
  • What people and companies can do to help in his research
  • 30:38 – End of interview

  It was quite an enjoyable interview and we commend Shawn for the responsible manner in which he is interacting with vendors and his efforts to educate others about doing the same.  If you would like to assist Shawn in his efforts, by for instance providing WiFi phones for testing, Shawn can be reached at shawnmer@io.com.

• 30:43 – News section: Vulnerabilties:
  • Cisco Call Manager Privilege Elevation
  • Cisco Call Manager DoS
• 31:27 – News section: Articles:
  • Skype Journal: BW: Skype caves in to Chinese censors
  • Business Week: The Great Firewall of China
  • ZDNet Blog: George Ou: Skype 2.0 looks like a virus
  • ZDNet Blog: Russell Shaw: Why pay $2,995 for VoIP security advice? I have a better idea (about Jeremy Casteel’s term paper)
• 32:28 – Vikram, our listener who listens to us in the traffic jams of Bombay, cued us in to this new release of Asterisk: Asterisk releases 1.2.2 which refers to new functionality delivered in conjunction with Ranch Networks  (As it happens, Dan will be interviewing Asterisk co-founder Mark Spencer and someone from Ranch Networks out at ETel and we will have that interview as a show.)
• 33:50 – Wrapup of the show:  upcoming shows, notes about contributing, information about how to provide comments.
• 35:43 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Download the show here (MP3, 33MB) or subscribe to the RSS feed to download the show automatically.

Thank you for listening and please do let us know what you think of the show.

Synopsis: VoIP security news, WiFi phone vulnerabilities, comments, news, VOIPSEC review

Welcome to Blue Box: The VoIP Security Podcast show #12, a 55-minute podcast  from Dan York and Jonathan Zar around news and commentary in the world of VoIP security. This show also features an 15-minute interview with Bogdan Materna, CTO and co-founder of VoIPShield Systems

Download the show here (MP3, 50MB) or subscribe to the RSS feed to download the show automatically.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.  Mention of Frappr map for the show.  Please join the map!
• 01:33 – Upcoming interviews:
• soon – Shawn Merdinger about WiFi handset vulnerabilities
• Jan 30 – Rick Robinson at Avaya about their teleworker set (back in show #8)
• Feb 6 – Nick Frost, author of Information Security Forum report mentioned in #8
• Feb 20– Per Cederqvist of Ingate systems on to talk about ‘sdescriptions’ key exchange
• 02:46 – Upcoming events – Dan will be attending O’Reilly’s Emerging Telephony Conference in San Francisco January 24-26. If you are also planning to be there, please drop us an e-mail.  Jonathan will now be attending Internet Telephony happening at the same time in Florida.  If you are also interested in sending in a report, check out the details on the show blog.
• 04:06 – Apology and explanation about problems with show #10
• 04:31 – News section: Vulnerabilities – eStara Softphone Remote Buffer Overflow FSIRT post – solved in 3.0.1.47 per msg to VOIPSEC mailing list
• 05:49 – Cisco 7940 IP Phone Reboot DoS – milw0rm.com exploit and Cisco response
• 06:33 – WiFi SIP handset vulnerabilities from Shawn Merdinger at Shmoocon:
• ACT P202S VoIP wireless phone multiple undocumented ports/services
• Senao SI-7800H VoIP wireless phone wdbrpc debug service UDP/17185
• Clipcomm CPW-100E VoIP wireless handset phone open debug service TCP/60023
• MPM HP-180W VoIP wireless desktop phone undocumented port UDP/9090
• ZyXel P2000W (Version 2) VoIP wireless phone undocumented port UDP/9090
• Clipcomm CP-100E VoIP wireless desktop phone open debug service TCP/60023
• 08:30 – The NON-vulnerability – Yahoo News: Avaya Bitten Hard by WMF Bug and Avaya security advisory (Can people please read security bulletins before writing articles about them?)
• 10:16 – Intranet Journal: Five Questions to Consider Before Migrating to VoIP
• 10:52 – Contractor UK: VoIP Free? You must be joking (reference to upcoming guest Nick Frost)
• 12:05 – Unstrung: WLANs Enter Integration Age
• 12:48 – IT Observer: Sound Choices for VoIP Security
  – white paper by Jonathan Casteel, which curiously  appears to be a term paper for a university class (but is a good
  summary)
• 13:53 – TMC.Net: TI introduces PIQUA for VoIP QoS  (See also InfoWorld Netherlands and ElectronicsTalk )
• 15:27 – TechWorld: Ipoque launches Skype-killer  (also news release )
• 16:08 – VON Magazine: Security Gizmos at CES (Sonare “Babble” technology and comment that it may be built into phones)
• 17:16 – VON Magazine: WiFi (in)security (talks about Shmoocon)
• 17:42 – IPCommunications.com Meru Offers RF-Level Security (also news release= )
• 18:58 – Call for Papers: CanSecWest – Apr 5-7 in Vancouver, specifically looking for VoIP security info
• 19:27 – Slashdot: NSA Wiretap Whistleblower
• 19:53 – IDC: Latest VoIP Semiconductor Forecast
• 20:30 – ZDNet: Russell Shaw: "Is ENUM the key to true VoIP directory assistance?"
• 22:09 – News releases – Pennsylvania State University chooses Qovia for VoIP Management (ordinarily wouldn’t include this but Steve Mank from Qovia was on last week)
• 22:45 – Emperix, Shenick and CT Labs announcing VoIP security testing of Juniper Netscreen
• 24:00 – Feature interview with Bogdan Materna of VoipShield Systems
  
  • Background on VoIPShield, formation, funding, etc.
  • VoIPAudit description
  • Type of solution, form factor
  • Update mechanism?
  • 29:34 – Typical threats
  • Layers of solution
  • What IP-PBXs does it work with?
  • Who is using VoIPAudit
  • 34:15 – How are you different from IDS’?
  • Competitors? Relationship to VoIP vendors?
  • What’s next?
  • 37:28 – What do you see as main threats to VoIP?
  • 38:57 – End of interview
• 39:02 – Comment section – Comment from Shawn Merdinger about the WiFi vulnerabilities he was releasing
• 39:45 – Comment from Bruce Stewart, editor of O’Reilly’s Emerging Telephony website, which supports the conference, but will continue after the conference is over.
• 40:51 – Comment from Vikram Rangnekar about listening to the show in the traffic jams of Bombay, ideas for the show and his own company
• 44:20 – Book review by Martyn Davies of The 3G IP Multimedia Subsystem (IMS) : Merging the Internet and the Cellular Worlds by Gonzalo Camarillo and Miguel-Angel Garcia-Martin
• 49:35 – Review of the last week’s traffic on the VOIPSEC public mailing list. Major topics this week included discussion around what is the most popular key exchange protocol: MIKEY vs SDP sdescriptions, feasiblity of protecting just part of the SDP packet, estara and Cisco vulnerabilities, SIP being used to send data and more.
• 50:80 – Mention of new search feature by Podzinger available on the right side of the show blog
• 52:07 – Reminder that next week there might be multiple shows coming out of the conferences.
• 52:42 – Wrapup of the show:  upcoming shows, notes about contributing, information about how to provide comments.
• 55:27 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Download the show here (MP3, 50MB) or subscribe to the RSS feed to download the show automatically.

Thank you for listening and please do let us know what you think of the show.

Synopsis: VoIP security news, WiFi phone vulnerabilities, comments, news, VOIPSEC review

Welcome to Blue Box: The VoIP Security Podcast show #11, a 39-minute podcast  from Dan York and Jonathan Zar around news and commentary in the world of VoIP security. This show also features an 18-minute interview with Steve Mank, COO of Qovia.

Download the show here (MP3, 39MB) or subscribe to the RSS feed to download the show automatically.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Note: Audio quality was a bit lower than previous shows and there was some echo.  We know – and more importantly we know how to fix it.  Future shows will be bettter.

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners. , especially those Vermonters who joined as a result of 802Online posting. Mention of Frappr map for the show.  Please join the map! Mention that we are open to considering other contributors, either as "correspondents" or potentially as another co-host. Drop us an e-mail if you are interested in being considered!
• 02:46 – Upcoming events – Dan will be attending O’Reilly’s Emerging Telephony Conference in San Francisco January 24-26. If you are also planning to be there, please drop us an e-mail.  If anyone will be attending Internet Telephony happening at the same time in Florida, we would love some reports coming out of the show.  More details on the show blog.
• 03:38 – Comment section – comment from Shawn Merdinger about the AIO from Chandran at Sun
• 04:24 – Comment from Steve Blair that he’ll be attending the Internet Telephony conference
• 04:45 – Question from Craig Bowser about show notes and comment about VON Magazine
• 05:39 – Mention from ‘natas’ that he will be attending Shmoocon in Washington, DC next week (we mentioned this in show #10)
• 07:26 – News section – Network World: What will generate the real heat in ‘06?
• 08:35 – Call For Papers: Third Annual VoIP Security Workshop, Berlin, Germany, June 2006
• 09:16 – ABC News: DECT Phone bridges landline, VoIP
• 10:52 – Aswath Weblog: Optimized for Skype
• 12:36 – SECGURU:  VoIP Security Planning, Threats and Recommendations by Dan Sass
• 13:16 – Mention that there was an article (behind a gated web site) that seemed to imply a new VoIP white paper published by Internet Security Systems, but no mention could be found in other sources
• 13:53 – News release from PMC-Sierra about their new wired and WiFi phone reference platform that includes hardware security chips  (See also this story)
• 14:55 – ‘ResearchAndMarkets’ analyst firm releases VoIP Security report
• 15:48 – VoIP Magazine picks Borderware as one of the top 20 VoIP companies to watch (see also VoIP Magazine full "Top 20" list)
• 17:27 Feature interview with Steve Mank, COO, of Qovia, a company providing VoIP management tools and one of the first ones to use the term "SPIT" for "Spam for Internet Telephony"
  
  • 17:27 – history, overview of products, typical architecture
  • 25:50 – focus on security, DoS, encryption, rogue device detection
  • 29:15 – patents around SPIT prevention, techniques, DoS server solution, modularity
  • 32:00 – call logging/recording?, future directions, IP video
  • 33:00 – IP video equivalent of MOST score, go-to-market strategy, supported platforms, final thoughts
  • 35:39 – end of interview
• 36:01 – Review of the last week’s traffic on the VOIPSEC public mailing list. Major topics this week included continued discussion on Skype usefulness in the enterprise (resulted in Matthew Kaufmann posting about Amicima – a secure p2p VoIP company whose code is apparently open source ), VoIP attack statistics, and a call for papers for the Third Annual VoIP Security Workshop in Berlin June 1 and 2.
• 37:55 – Wrapup of the show:  upcoming shows, notes about contributing, information about how to provide comments.
• 39:35 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Download the show here (MP3, 38MB) or subscribe to the RSS feed to download the show automatically.

Thank you for listening and please do let us know what you think of the show.