Synopsis: Blue Box #60: new VoIP security offerings from CheckPoint, VoIPShield, VoIP and business continuity, CALEA, new VoIP Security book, NAC mini-tutorial, more on botnets, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast #60, a 28-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long!
• 01:15 – Programming notes
  • Martyn Davies will be moderating a panel on VoIP security at VON Europe that will include Dan and others
  • Blue Box dinner at the June VON show on Monday, June 11th
  • We’ve recently set up a group on the Facebook social networking site for fans of the show.  If you are a Facebook user, feel free to join.
• 02:28 – ComputerWeekly.com: Check Point promises more VoIP security, fewer slowdowns
• 03:35 – VoIPShield Security Suite Debuts…
  • VoIPShield Security Suite Debuts at Interop Las Vegas
  • Ken Camp response
  • InfoWorld
• 05:21 – PC World: Attackers Get Chatty on VoIP
• 06:37 – Skype Journal: UK: Paedophiles use Skype to find and pursue likely targets
• 07:42 – TMC.net: VoIP Helps Increase Business Continuity Awareness
• 10:10 – VoIPNews: VoIP Providers Hold Their Breath as CALEA Deadline Passes
• 12:15 – New book coming out in August: Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures by Peter Thermos and Ari Takanen
• 13:38 – Voice of VOIPSA: Security: A Question of Balance
• 14:23 – Voice of VOIPSA: Google Launches Security Blog
• 14:54 – Follow-up on the Estonian botnet issue – it apparently wasn’t Russia but instead was botnet groups and Cyberattack in Estonia—what it really means
• 15:48 – SPIT Framework Internet-Draft – stay tuned for a URL
• 16:43 – News Releases:
  • Covergence Announces Support for IBM BladeCenter
• 16:54 – Feature – mini-tutorial on NAC
• 20:17 – Upcoming shows:
  • Dustin Trammell will be speaking at Defcon 15 about VoIP and steganography
  • Ken Camp will be moderating two panels on VoIP Security at IT Expo
  • June 12-14, Stockholm, Sweden, VON Europe Spring – both Martyn and I will be there… we’ll have a Blue Box dinner
  • July 22-27, Chicago, USA IETF 69
  • Aug 20-23, San Francisco, CA, USA VoiceCon SF 2007
  • Sept 10-12, Los Angeles, CA, USA ITEXPO West 2007
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON
• 21:32 – comment (email) from Rhodri Davies about SIP botnets
• 23:55 – comment (email) about analog surveillance
• 25:09 – comment (blog) from Security4All
• 25:22 – comment (blog) from Ludovic Petit that he can’t see the PDF files
• 25:44 – comment (facebook) from Reuven
• 26:31 – Review of the last week’s traffic on the VOIPSEC public mailing list
• 27:29 – Wrap-up of the show 
• 28:35 – End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis: 802.1X mini-tutorial, new VoIP security vulnerabilities, new security tools, the biggest threat to VoIP? … botnets hitting Estonia…  and chimichangas and sushi trains…

Welcome to Blue Box: The VoIP Security Podcast #59, a 55-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 24MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long!
• 01:36 – Dan and Jonathan discuss recent conferences, the US DOD’s JITC certification process and stray into Mexican food…
• 06:38 – Programming notes
  • Martyn Davies will be moderating a panel on VoIP security at VON Europe that will include Dan and others
  • Blue Box dinner at the June VON show on Monday, June 11th
  • We’ve recently set up a group on the Facebook social networking site for fans of the show.  If you are a Facebook user, feel free to join.
• 08:01 – Sipera Finds New VoIP Phone Security Threats
• 12:58 -Information Week: Security Tools Top 2007 IT Professionals Poll (VoIP drops to 3rd) – see also IT Business Edge
• 16:59 – ITP Technology: Cracking the code
• 18:25 – Network World: Security in PacketCable networks
• 20:59 – Speaking of Network World, by way of Mark Collier , we learned that Network World has a VoIP Security page
• 21:28 – VoIPPlanet: A series of ‘The VoIP Peering Puzzle’ background pieces on SBC’s
• 23:24 – Ken Camp: What’s the biggest Threat to Enterprise VoIP?
• 25:21 – CRN: VoIP Demystified
• 26:08 – TMCnet: Trends in IP Communications and the Evolution of the SBC
• 27:15 – ComputerWeekly.com: VoIP, UC adoption continue to rise
• 29:45 – Botnet attacks against Estonia:
  • Washington Post: Cyber Assaults on Estonia Typify a New Battle Tactic
  • CNN: Estonia suspects Kremlin in Web attacks
  • BBC: Estonia hit by ‘Moscow cyber war’
  • Global Guerrillas: Russia vs. Estonia: 21st Century State vs State conflict 
• 34:04 – News Releases:
  • General Dynamics Awarded $18 Million Contract to Deliver VoIP to the Pentagon
  • Freebird releases VoIP call recorders
• 35:27 – Feature – mini-tutorial on IP phones and 802.1X
• 40:00 – Upcoming shows:
  • Dustin Trammell will be speaking at Defcon 15 about VoIP and steganography
  • June 12-14, Stockholm, Sweden, VON Europe Spring – both Martyn and I will be there… we’ll have a Blue Box dinner
  • July 22-27, Chicago, USA IETF 69
  • Aug 20-23, San Francisco, CA, USA VoiceCon SF 2007
  • Sept 10-12, Los Angeles, CA, USA ITEXPO West 2007
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON
• 42:12 – comment (email) from Phil about analog tapping of VoIP phone
• 44:28 – comment (email) from Shlomo Dubrowin
• 49:13 – Review of the last week’s traffic on the VOIPSEC public mailing list
• 49:35 – Wrap-up of the show 
• 51:13 – End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis: The SIP Botnet edition – VoIP bots are here, now what?  Also rogue firmware mini-tutorial, other VoIP security news, listener comments, more…

Welcome to Blue Box: The VoIP Security Podcast #58, a 35-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 14MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long!
• 00:53 – Programming notes
  • Dan was out in Fort Huachuca, AZ, for a US DoD telecommunications conference
  • Martyn Davies will be speaking on May 23 at the Eurosec conference in Paris (replacing Dan)
• 02:20 – Voice of VOIPSA: Ready or not, here come the IRC-controlled SIP/VoIP attack botnets
• 15:15 – Voice of VOIPSA: SIPit 20 shows the very clear need for SIP security interoperability
• 15:29 – MSN Money: Your phone may be under attack
• 16:43 – TechRepublic: Four obstacles to implementing VoIP (also Russell Shaw blog post)
• 17:31 – News Releases:
  • Borderware: The economic impact of VoIP Security Vulnerabilities and how to secure VoIP for business  (announcing new white paper)
• 18:23 – Feature – mini-tutorial on set firmware and the issue of rogue firmware loads
• 22:41 – Upcoming shows:
  • May 23-25, Paris, France Eurosec Forum 2007 – Martyn Davies will be speaking
  • June 12-14, Stockholm, Sweden, VON Europe Spring – both Martyn and I will be there… we’ll have a Blue Box dinner
  • July 22-27, Chicago, USA IETF 69
  • Aug 20-23, San Francisco, CA, USA VoiceCon SF 2007
  • Sept 10-12, Los Angeles, CA, USA ITEXPO West 2007
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON
• 23:20 – comment (email) from Craig Bowser about CPEs
• 25:08 – comment (email) from Frank Leonhardt about GoogleTalk and SIP
• 25:42 – comment (email) from Simon Wood about recording hardware
• 27:14 – comment (email) from natas
• 28:51 – Review of the last week’s traffic on the VOIPSEC public mailing list
• 29:21 – Wrap-up of the show 
• 30:16 – End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis: Call signaling encryption mini-tutorial, VoIP eavesdropping, VoIP security news, listener comments and men in white vans…

Welcome to Blue Box: The VoIP Security Podcast #57, a 35-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 18MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

(Time codes were lost in a browser crash and will be added back in the future.)

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long!
• VoIP News: Your VoIP Calls are Wiretapped – and Other Legal Surprises
• ZD Net blogs: They CAN spy on your IP, VoIP – through walls!
• ComputerWorldUK: Virus and access protection slip down security concerns (none of execs concerned about VoIP security) – also WebWire
• IETF: New draft of media keying security requirements
• ChannelWeb: Cisco To Partners: Make Security Part Of Every Deal
• eWeek: Extreme pumps up the network
• News Releases:
  • Sipera: Transition Toward End-to-End IP Driving Demand for Enterprise Media Gateways
• Feature section on voice encryption
• Upcoming shows:
  • May 14-17, Santa Clara, CA, USA Communications Developer Conference
  • May 18, Rochester, NY, USA, RIT VoIP Conference
  • May 23-25, Paris, France Eurosec Forum 2007 – I am speaking
  • June 12-14, Stockholm, Sweden, VON Europe Spring – both Martyn and I will be there… we’ll have to have a Blue Box dinner
  • July 22-27, Chicago, USA IETF 69
  • Aug 20-23, San Francisco, CA, USA VoiceCon SF 2007
  • Sept 10-12, Los Angeles, CA, USA ITEXPO West 2007
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON
• comment (blog) from Zapperlink
• comment (email) from Craig Bowser about Verizon vs Vonage
• comment (email) from Ponyboy about our mention of Project Wal-Mart Freedom
• comment (email) from Reuven Lakein
• comment (email) from Roel Villerius
• Review of the last week’s traffic on the VOIPSEC public mailing list
• Wrap-up of the show 
• 35:10 – End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis: Voice encryption tutorial, Skype worm, McAfee’s Sage Journal, Zfone, VoIP security news, listener comments and more… 

UPDATE – April 24: Unfortunately, due to an error in coding the appropriate enclosure (now fixed) many of you who subscribe via RSS will have downloaded a PDF file instead of the MP3 file. My apologies, and you’ll need to unfortunately download the file directly from the website at this point.

Welcome to Blue Box: The VoIP Security Podcast #56, a 38-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 18MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long!
• 01:24 – New worm wriggles around on Skype  (also on CSO Online ) – See also F-Secure blog and Jan Geirnaert
• 03:06 – Voice of VOIPSA: Ghosts of VoIP Security Tools Past…and Future?  (note the comment in reply from the grugq)
• 04:41 – McAfee’s Sage Journal and their Global Threat Review (and the mention of VoIP)
  • McAfee news release
  • McAfee Sage Journal (PDF)
  • InfoWorld: McAfee: Cyber-crime will continue to pay
  • CNET/ZDNet: McAfee offers ‘Sage’ advice on security issues
  • Tech.co.uk: Cybercrims will ‘find new ways to make money’
  • Khaleej Times (UAE): Cybercrime, other security issues will increase=
  • also interesting to note that McAfee Avert Labs has a blog

• 08:00 – Information Week: VoIP Too Complicated? Tell That To The Cable Companies
• 11:02 – TechRepublic: PKI vs. Zfone: What’s your best bet for VoIP security?
• 12:07 – SC Magazine: Mobile security: when will it become necessary?
• 13:04 – ComputerWorld Malaysia: All-in-one security devices face hurdles
  – interesting for the mention of “Unified Threat Management” (UTM) and
  the growing concern about how to work with VoIP (expressed in final
  paragraph)
• 17:04 – Security Watch by Steve Gold: VoIP – a flawed technology?
• 19:47 – News releases:
  • AGN and Sipera partner to provide secure SIP Trunking
  • Mu Security Receives Frost & Sullivan 2007 Product of the Year Award
  • Top Layer Networks’ Enterprise-Series Intrusion Prevention Solution Raises the Bar for Protection against Emerging Cyber Threats
  • Radware Earns Top Ratings in Extensive Lab Testing of VoIP Traffic Resiliency and Quality
• 22:23 – Feature section on voice encryption
• 31:53 – Upcoming shows:
  • May 14-17, Santa Clara, CA, USA Communications Developer Conference
  • May 18, Rochester, NY, USA, RIT VoIP Conference
  • May 23-25, Paris, France Eurosec Forum 2007 – I am speaking
  • June 12-14, Stockholm, Sweden, VON Europe Spring – both Martyn and I will be there… we’ll have to have a Blue Box dinner
  • July 22-27, Chicago, USA IETF 69
  • Aug 20-23, San Francisco, CA, USA VoiceCon SF 2007
  • Sept 10-12, Los Angeles, CA, USA ITEXPO West 2007
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON
• 33:25 – comment (email) from Aswath Rao
• 35:25 – comment (email) from Craig Bowser
• 35:47 – comment (blog) from Amit about VoIP SEAL PDF files
• 36:33 – Review of the last week’s traffic on the VOIPSEC public mailing list
• 37:02 – Wrap-up of the show 
• 38:14 – End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.