Author Archives: Dan York

Blue Box #69: Linksys SPA-941 vulnerability, SIP DDoS, New release of SIPVicious, Asterisk security roadmap, other VoIP security news, listener comments and more

Synopsis:Blue Box #69: Linksys SPA-941 vulnerability, SIP DDoS, New release of SIPVicious, Asterisk security roadmap, other VoIP security news, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast #69, a 46-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners – and to all those listeners who have been here for so long!
01:03 – Programming notes:
- Reminder of new comment line – 206-350-7280
- Books from Peter Thermos and Ari Takanen – anniversary show promotion
02:13 – XSS attack against Linksys SPA-941
07:52 – USENIX ;login: article about SIP DDoS from Hement Sengar

12:10 – New release of SIPVicious tool suite

14:49 – Voice of VOIPSA: Suggestions for a Security Roadmap for Asterisk

21:02 – heise.uk: Skype silently fixes URI problem which relates to Windows issue pointed out back in July (see also here )

25:39 – heise online: Bavarian Criminal Police Office denies use of Trojan to eavesdrop on VoIP calls

27:57 – Zeenews.com (India): CBI favours monitoring of Internet gateways and networks

28:54 – Washington Post: VOIP Mix-Up Exposes Customer Call Data

31:58 – CXO Today (India): Mobile Business Applications Boost Security Demand

35:08 – Upcoming shows:
- Oct 24-25, New York, USA, Interop
- Oct 29-Nov 1, Boston, USA, Fall 2007 VON
35:33 – Comments – challenge with audio comment
35:47 – Comment (email) from Stephen Bosch asking about the CISSP credential

40:13 – Comment (email) from Scott Tanner (which we’ll hold for the 2-yr show) – Dan also gets talking about Dopplr.com

41:27 – Comment (email) from Frank Leonhardt

41:40 – Comment (email) from Michael Miller about PPT syncing software – answer is that we use a site called SlideShare

43:18 – Review of the last week’s traffic on the VOIPSEC public mailing list

43:57 – Wrap-up of the show

46:26 – End of show

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-7280 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Blue Box #68: Top 14 VoIP Vulnerabilities, Asterisk security, VoIP hacker, IMS, P2P, Skype, industry moves, VoIP security news, listener comments and more…

Synopsis:Blue Box #68: Top 14 VoIP Vulnerabilities, Asterisk security, VoIP hacker, IMS, P2P, Skype, industry moves, VoIP security news, listener comments and more…

Welcome to Blue Box: The VoIP Security Podcast #68, a 46-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners – and to all those listeners who have been here for so long!

01:03 – Programming notes:
- New comment line – 206-350-7280
- Slight web site changes
- Books from Peter Thermos and Ari Takanen – anniversary show promotion
03:27 – NetworkWorld: Top 14 VoIP Vulnerabilities – and also this comment in reply

07:08 – blog.spywareguide.com: Bubbles… for Kids! (spyware that propagates via Skype IM)

09:25 – Voice of VoIPSA: What would your security roadmap for Asterisk be? and 3Com to sell/support Asterisk

18:11 – Voice of VOIPSA: VoIP Hacker Goes to Jail pointing to Information Week interview with Robert Moore which is similar to the Telecom Junkies interview I did earlier with Robert Moore.

19:14 – Converge!Digest: Defending the IMS Core (sponsored by Sonus)

20:56 – Processor: Getting Tough with P2P= which relates to Dan’s recent issues with using Skype at a hotel

26:36 – PC World: Attack of the Killer Bots

28:57 – News Releases
- Sipera Secures $10 Million to Further Advance VoIP/UC Security=
- Bandwidth.com Bands with Acme Packet (finally, security for SIP trunking!)
- Radware Unveils Industry First Behavioral Server Protections as Part of its Full Spectrum Protection Technology
- Alcatel-Lucent Bolsters its Security Solutions in Worldwide Reseller Agreement with CloudShield Technologies
- Clavister Announces New Version of its IP-Based Security Operating System (see also press release )
- ForeScout Continues Innovation Leadership with Latest Network Access Control Offering=
32:24 – 3Com bought by Bain Capital, Huawei

34:58 – Skype CEO out, eBay takes $1.4 million charge

37:08 – Nokia to buy Navteq

38:26 – Vonage loses patent trial

39:29 – Upcoming shows:
- Oct 24-25, New York, USA, Interop
- Oct 29-Nov 1, Boston, USA, Fall 2007 VON

39:58 – Comment (email) from Peter Thermos

42:15 – Comment (email) from Frank Leonhardt about Skype malware

42:24 – Comments (blog) about video edition #1

42:51 – Brief commentary from Dan about using TalkPlus to call a SIP URI from a cell phone

45:39 – Review of the last week’s traffic on the VOIPSEC public mailing list

46:00 – Wrap-up of the show

46:51 – End of show

Thank you for listening and please do let us know what you think of the show.

Blue Box Comment Line number changed – now +1-206-350-7280

Unfortunately, the comment line for the podcast has had to be changed. The new number is:

+1-206-350-7280

We use a free service from K7.net and unfortunately if no one calls the service for 30 days, they terminate your user account. You have no way to get back the phone number that you previously had (which, okay, it’s a free service, so I can’t complain!) and you have to register a new one. I keep using it primarily because it’s simple… people call and leave a voicemail – and a WAV file shows up in our inbox. Simple. Easy.

But it does have this 30-day rule. Given that we’ve had a stretch between shows, there haven’t been people calling in. Usually I call it once a month just to make sure that we keep the number… but I’ve been a bit distracted lately and forgot to do so. So we lost the number, which is too bad because the old one spelled out “blue” with the last 4 digits.

Somewhere in here I’m going to set up a local Asterisk server with an inbound phone number and at that point I’ll move the comment line over to it and stop using K7.net. However, until that time, we’ve just got to make sure that someone leaves an audio comment at least once a month!

(Disappointing that this happened just as I announced the call-in contest for the book for our anniversary show…)

Blue Box #67: Contest for listeners, discussion about status, some VoIP security news, listener comments

Synopsis:Blue Box #67: Contest for listeners, discussion about status, some VoIP security news, listener comments

Welcome to Blue Box: The VoIP Security Podcast #67, a 20-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners – and to all those listeners who have been here for so long!
– Discussion of:
- reasons for break in shows having to do with Dan no longer working for Mitel
- two-year anniversary of the show coming up on October 24th
- listener contest for copies of Peter Thermos and Ari Takanen’s new book “Securing VoIP Networks”
– ZDNet: “Jericho Forum voices concerns over VoIP Security”
– Telappliant: “VoIP ‘more secure than traditional phone systems'” (note the last paragraph about VOIPSA)
– SecurityFocus: “VoIP Hopping: A Method of Testing VoIP Security or Voice VLANs and Release of “VoIP Hopper tool”
– SIP Hacking Workshop in November in Vienna
– Upcoming shows:
- Oct 29-Nov 1, Boston, USA, Fall 2007 VON
– Comment (email) from Craig Bowser (about VoIP Hopping article)
– Comment (email) from Doug Simar about iPhone
– Review of the last week’s traffic on the VOIPSEC public mailing list
– Wrap-up of the show
20:46 – End of show

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

FYI – I’m out at AstriCon in Arizona (and looking for Asterisk security feedback over on the VOIPSA weblog)

FYI, I’m currently out at the Asterisk conference, AstriCon, in Phoenix, Arizona through Thursday night. If any listeners are also here at the show, please do drop a note as I’m always interested in meeting listeners face-to-face.

Also, over on the Voice of VOIPSA weblog, I’ve posted the question: “What would your ‘security roadmap’ for Asterisk be?” I’m giving a talk on the subject on Thursday and would welcome any feedback.

Technorati Tags: asterisk, astricon, conferences, security, voip, voip security, voipsa

Blue Box SE#020 – SIP Security discussion with Cullen Jennings of IETF and Cisco

Synopsis: Interview about SIP security with Cullen Jennings, Area Director for the Real-time Applications and Infrastructure area of the Internet Engineering Task Force (IETF).

Welcome to Blue Box: The VoIP Security Podcast Special Edition #20, a 42-minute interview about SIP security with Cullen Jennings of IETF and Cisco. Recorded at VoiceCon San Francisco in August 2007.

Download the show here (MP3, 19MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

In this Special Edition, I sat down with Cullen Jennings out at VoiceCon San Francisco in August 2007 to talk about SIP security. Cullen had just co-presented with Eric Rescorla a 3-hour tutorial on SIP security and in this interview we covered an overview of the topics covered in that session, such as:

challenges in encrypting SIP signaling (forking, early media (including what it is))
proposed methods of encrypting voice/media, including ZRTP and DTLS
SIP identity
SIP outbound, a proposal for helping SIP signaling work across firewalls
certificate management in SIP
future security issues of concern within SIP

I believe you will find it both a very educational and interesting interview that will help explain some of the various areas of SIP security.

Cullen is a Distinguished Engineer with Cisco Systems but more relevantly is one of the Area Directors for the "Real-time Applications and Infrastructure" (RAI) area of the Internet Engineering Task Force (IETF). Basically almost all of the SIP-related standards move through the RAI area of the IETF. Cullen also has a strong interest in security and has been an author on several of the security-related RFCs and Internet-Drafts related to SIP.

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Blue Box #66: Cisco/Grandstream/Thomson VoIP security vulnerabilities, Skype outage, VoiceCon coverage, VoIP security news, listener comments and more..

Synopsis: Blue Box #66: Cisco/Grandstream/Thomson VoIP security vulnerabilities, Skype outage, VoiceCon coverage, VoIP security news, listener comments and more..

Welcome to Blue Box: The VoIP Security Podcast #66, a 56-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners – and to all those listeners who have been here for so long!
03:00 – Programming notes
- First Blue Box video – what did you all think? Should we do more of these? (Anyone interested in helping?)
- Upcoming interviews: excellent SIP
  security session with Cullen Jennings, update interview with Dave
  Endler/Mark Collier, contribution from Brenno deWinter of a Phil
  Zimmermann interview
- Apologies if any of you had a problem downloading shows last week. Our hosting provider, LibSyn had a DNS configuration issue and people couldn’t get to the site.
07:55 – 3 messages SIP Remote DOS on Cisco 7940 SIP Phone – and Cisco response
12:17 – SIP remote attack on Grandstream SIP Phone GXV-3000
16:45 –Remote DOS on Thomson SIP phone ST 2030 using the VIA header and Remote DOS on Thomson SIP phone ST 2030 using the TO header
19:55 – Cisco: Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager
21:55 – Asterisk AST-2007-021 – Crash from invalid/corrupted MIME bodies when using voicemail with IMAP storage (note the move away from “ASA” which Avaya had been using)
24:30 – Sipera softphone issue – still working with the vendor
25:20 – Skype outage:
- Voice of VOIPSA: It’s official – Skype blames the outage on Microsoft
- Skype responds The Microsoft connection clarified and Dan’s commentary
- Guardian: Skype’s nightmare weekend highlights peer-to-peer fears
- PCWorld: Vendor Warning on Skype Eavesdropping
33:51 – ZDNet: Sipera introduces new enterprise VoIP security toolset
34:32 – Voice of VoIPSA VoiceCon coverage: SIP Security and IP Telephony Security Threats and Countermeasures
35:36 – VoIPNews: Hacking VoIP Exposed (interview with Mark Collier)
37:03 – eWeek Channel Insider: VOIP Security Requires Layered Approach, Experts Say and a blog reaction
37:23 – Computerworld: VoIP requires attention to security best practices
38:30 – Network World: VoIP hacker talks: Service provider nets easy pickings based on Telecom Junkies podcast: Interview with a VoIP Hacker – also tricityherald.com: Spokane man heads to prison for hacking
39:14 – IEEE Digital Library: Service Provider Implementations of SIP Regarding Security
40:32 – News Releases:
- Enterasys secures enterprise VoIP
- Fortinet Adds UTM for Small Offices (mention of VoIP and 3G)
- ResearchAndMarkets releases a new report on VoIP security
- Raketu Realizes Over 50% Jump in Service Subscribers in Wake of Skype Outage
42:50 – Upcoming shows:
- Sept 10-12, Los Angeles, CA, USA ITEXPO West 2007
- Oct 29-Nov 1, Boston, USA, Fall 2007 VON
43:44 – comment (email) from Rhodri Davies about PSTN being more secure
48:12 – comment (email) from Atilla asking about slides for SE 19
49:01 – comment (email) from Jose Luis about OCS
52:46 – comment (email) from Sachin Joglekar about video
54:31 – Review of the last week’s traffic on the VOIPSEC public mailing list
55:09 – Wrap-up of the show
- Jonathan mentions that Jaxtr received $10million in VC funding.
56:15 – End of show

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Blue Box Video Podcast #01 – SIP softphone exploit demonstration by Sipera Systems at VoiceCon San Francisco 2007

Synopsis: Blue Box Video Edition #1: SIP softphone exploit demonstration by Sipera Systems recorded at VoiceCon San Francisco 2007

Welcome to Blue Box: The VoIP Security Podcast Video Edition #1, a 5-minute video podcast from Dan York showing an exploit of a SIP softphone by Sipera Systems.

In this first video podcast, Dan interviewed Sachin Joglekar, Vulnerability Research Lead for Sipera Systems, about the exploit that Sipera first demonstrated at Black Hat USA 2007 last month in Las Vegas. Sachin shows how by sending a specific SIP packet, he can crash the SIP softphone but in doing so have it execute server code to which he can connect via netcat. He then has a command prompt on the Windows system and can execute arbitrary commands. In this case he just copied over some files. He did indicate that they are working with the vendor of the (unnamed) SIP softphone to correct the problem.

The interview was recorded on the show floor of VoiceCon San Francisco 2007.

Download the show here (MP4, 30MB) or subscribe to the RSS feed to download the show automatically.

You may also view the show here on this page:

Click To Play

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.

Given that this is our very first "video edition", comments are definitely appreciated. We may try to do more of these in the future.

Thank you for listening and please do let us know what you think of the show.

P.S. Those of you wanting to know more about how I recorded the video and the tools I used (hint: I just used my Canon point-and-shoot camera) can read my post over on my Disruptive Conversations blog.

Blue Box #65: VoIP fraud case revisited, Black Hat and Defcon presentations, VoIP security, listener comments and more..

Synopsis: Blue Box #65: VoIP fraud case revisited, Black Hat and Defcon presentations, VoIP security news, listener comments and more..

Welcome to Blue Box: The VoIP Security Podcast #65, a 46-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically.

NOTE: This show was recorded on August 6, 2007.

You may also listen to this podcast right now:

Show Content:

00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners – and to all those listeners who have been here for so long!
01:14 – Programming notes
- VoIP Security Panel from VON now available as a Special Edition
02:27 – Telecom Junkies: Interview with a VoIP Hacker
13:21 – Black Hat / Defcon Coverage
- Forbes: VoIP Vandals

ZDNet: VoIP security vulnerabilities demonstrated at Black Hat conference

GCN: Security an issue in dual-mode VoIP phones

ComputerWeekly: VoIP security reaches tipping point

ComputerWorld: Researchers flag VoIP exploits at Black Hat
which points to these exploit tools and presentation

iSEC also had a presentation/tools: “Point, Click, RTPInject” on this page of presentations

tgdaily: PGP creator shows off VoIP encryption app – more in this weblog

PC World: Networks: No Sweat to Skilled Hackers (Good roundup and also mention of Estonian botnets)

Risque Management: VoIP Scaremongers (good counterpoint)

23:55 – TMC.net: Security and Disaster Recovery for IP Telephony Systems (interview with Dan)
26:55 – TechRepublic: SolutionBase: Creating a secure and reliable VoIP solution
27:47 – TechRepublic: Will your VoIP provider go out of business?
29:07 – Enterprise VoIPPlanet: VoIPowering Your Office: Eavesdropping on VoIP Calls – Part 1
30:39 – vnunet: Homeland Security warns on US power threat
32:15 – ComputerWorld: RIM refutes security concerns over BlackBerry 8820 (interesting note about dual-mode and implications of WiFi on enterprise security)
35:38 – News Releases:
- Edgewater Networks, Inc. Introduces VoIP Performance Reporting Tool for Managed Service Providers
- Sipera to Demonstrate VoIP-to-Data Exploit
37:44 – Upcoming shows:
- Aug 20-23, San Francisco, CA, USA VoiceCon SF 2007
- Sept 10-12, Los Angeles, CA, USA ITEXPO West 2007
- Oct 29-Nov 1, Boston, USA, Fall 2007 VON
38:37 – comment (email) from Tom Cross of ISS about vulnerabilities
40:15- Review of the last week’s traffic on the VOIPSEC public mailing list
41:56 – Wrap-up of the show
- Jonathan talks about recent studies around security of electronic voting machines.
46:05 – End of show

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Blue Box #64: ARP storms, IPTComm, SRTP animations, VoIP security news, listener comments and more…

Synopsis: Blue Box #64: ARP storms, IPTComm, SRTP animations, VoIP security news, listener comments and more…

Welcome to Blue Box: The VoIP Security Podcast #63, a 38-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 15MB) or subscribe to the RSS feed to download the show automatically.

NOTE: This show was originally recorded on July 26, 2007.

You may also listen to this podcast right now:

Show Content:

00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners – and to all those listeners who have been here for so long!
01:23 – Programming notes
- ETel presentations available with sync’d audio
02:47 – Follow-up on story last show about iPhone and ARP packets – NetworkWorld: New Cisco advisory outlines fix for ARP storms on wireless LANs% pointing to Cisco security advisory
06:12 – Voice of VOIPSA: IPTComm 2007, Day One and IPTComm 2007, Day Two
07:21 – PC World: Black Hat/Defcon Hackfests Promise Rollicking Action (note VoIP references)
09:43 – ITSecurity.com: The Dark Side of VoIP: Security Vulnerabilities
10:18 – Techtionary.com: SRTP/Secure RTP for VoIP/SIP (animation from our friend Tom Cross)
11:20 – TMCNet: Bluesocket Acquires VoIP Leader Pingtel (Interesting because Bluesocket is a security firm.)
13:07 – Enterprise VoIP Planet: Mark Miller continues his series with The VoIP Peering Puzzle – Part 39: SBC Architectures – Ditech Networks
14:31 – ZDNet UK: Research: Convergence in mobile communications (note the very last bullet around barriers to adoption)
15:34 – TMCNet: Cedar Point Launches Campus Emergency Notification System
17:20 – Tipping Point comes out with DV Labs Blog which actually pointed to SysAdmin Magazine goes quietly into the night
19:27 – News Releases:
- Edgeline Holdings Completes the Acquisiton of Secure Voice Communications, a VoIP Security Company
- CommScope and IPcelerate Join to Make VoIP Safer
22:06 – Upcoming shows:
- Aug 20-23, San Francisco, CA, USA VoiceCon SF 2007
- Sept 10-12, Los Angeles, CA, USA ITEXPO West 2007
- Oct 29-Nov 1, Boston, USA, Fall 2007 VON
22:33 – comment (email) from Stuart McLeod about 4-day VoIP Security course he wrote that is being offered by Global Knowledge (course description is online )
23:14 – comment (email) from Frank Leonhardt about Facetime seminars invitation
24:26 – comment (blog) from “Nope” about the slidecasts
25:16 – Review of the last week’s traffic on the VOIPSEC public mailing list
25:42 – Wrap-up of the show
- Mention of potential legislation about peer-to-peer communication
- Update on the Pena/Moore VoIP Fraud case
31:51 – End of show

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Blue Box: The Voice-over-IP Security Podcast

A podcast offering news, views and commentary on security issues for Voice Over IP(VoIP), Unified Communications (UC) and IP Telephony

Author Archives: Dan York

Blue Box #69: Linksys SPA-941 vulnerability, SIP DDoS, New release of SIPVicious, Asterisk security roadmap, other VoIP security news, listener comments and more

Blue Box #68: Top 14 VoIP Vulnerabilities, Asterisk security, VoIP hacker, IMS, P2P, Skype, industry moves, VoIP security news, listener comments and more…

Blue Box Comment Line number changed – now +1-206-350-7280

Blue Box #67: Contest for listeners, discussion about status, some VoIP security news, listener comments

FYI – I’m out at AstriCon in Arizona (and looking for Asterisk security feedback over on the VOIPSA weblog)

Blue Box SE#020 – SIP Security discussion with Cullen Jennings of IETF and Cisco

Blue Box #66: Cisco/Grandstream/Thomson VoIP security vulnerabilities, Skype outage, VoiceCon coverage, VoIP security news, listener comments and more..

Blue Box Video Podcast #01 – SIP softphone exploit demonstration by Sipera Systems at VoiceCon San Francisco 2007

Blue Box #65: VoIP fraud case revisited, Black Hat and Defcon presentations, VoIP security, listener comments and more..

Blue Box #64: ARP storms, IPTComm, SRTP animations, VoIP security news, listener comments and more…