Category Archives: Blue Box

Blue Box #73: SIP security issues at IETF 70, Skype security, vulnerabilities in Cisco and Nokia phones, Vietnam’s cyberdissidents, VoIP security news, listener comments and more…

Synopsis: Blue Box #73: SIP security issues at IETF 70, Skype security, vulnerabilities in Cisco and Nokia phones, Vietnam’s cyberdissidents, VoIP security news, listener comments and more…

Welcome to Blue Box: The VoIP Security Podcast #73, a 44-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 20MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

NOTE: This show was recorded on December 11, 2007.

Show Content:

00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners – and to all those listeners who have been here for so long!
Voice of VOIPSA: Skype fixes flaw in Windows version
Cisco 7940 Denial of Service
Nokia N95 Remote Denial of Service using the SIP Stack
Network World: VoIP Security Lessons Microsoft OCS Can Learn From Vonage and Others pointing over to series of posts on the Telecosm blog and the start of a series on VoIP security including DoS and anonymity
VoIP News: Not Waiting For the Big One
TechWorld: VoIP is the next big hack (follow up on Peter Cox)
Globe and Mail: Cyberdissidents weaving along new path
National Security Agency Certifies New Sectra vIPer Phone by General Dynamics for Top Secret Communications (sent in by Peter Thermos)
Websense Predicts 2008’s Top Ten Security Threats
International Telephone Services Company Deploys Secure Computing’s Sidewinder to Protect VoIP Communications
Feature – IETF 70
- IETF 70 Agenda
- Security a major discussion point
- Media control – requirements and architecture to need more security work
- SPEERMINT – Saverio Niccolini will bring security document back through
- SIPPING – Spam Score and SRTP Key Disclosure and Updates to Asserted Identity – also covered in SPITting in your general direction
- SIP – Media Identity and DTLS Framework
- MMUSIC – big news was that ICE is now in the queue to be issued as an RFC
- BEHAVE – TURN
- P2PSIP – interesting discussion on NAT in P2P SIP and security in P2P SIP
Comment (email) from Frank Leonhardt
Comment (email) from Rhodri Davies
Comment (email) from Peter Thermos
Comment (email) from Ben Penson
Review of the last week’s traffic on the VOIPSEC public mailing list
Wrap-up of the show
44:28 – End of show

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-415-830-5439 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Blue Box SE#022 – SIP NAT Traversal discussion with Jonathan Rosenberg

Synopsis: Interview about SIP NAT Traversal with Dr. Jonathan Rosenberg, Cisco Fellow and author of many RFCs and Internet-Drafts related to SIP for the Internet Engineering Task Force (IETF).

Welcome to Blue Box: The VoIP Security Podcast Special Edition #20, a 25-minute interview with Dr. Jonathan Rosenberg about SIP and NAT Traversal. Recorded at Interop New York in October 2007.

Download the show here (MP3, 13MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

In this Special Edition, I sat down with Dr. Jonathan Roseberg at Interop New York in October 2007 to talk about SIP NAT Traversal. Jonathan, a Cisco Fellow, has authored many RFCs related to SIP for the Internet Engineering Task Force (IETF) and in fact was a co-author of RFC 3261, the original specification for the SIP protocol. He is also the author of "The Hitchhiker’s Guide to SIP", a document that aims to help people find their way through all the many documents that today make up what we call "SIP".

For the past few years, Jonathan has been extremely involved in the whole issue of SIP and NAT traversal and has authored several of the major Internet-Drafts on the issue. In this interview, we discuss:

What the issue is with SIP and NAT traversal
How ALGs and SBCs attempt to solve the problem
Methods that have been developed by the IETF, specifically:
- STUN
- TURN
- ICE
The role of ICE going forward, who is supporting it, etc.

I believe you will find it a very educational session and very helpful in understanding this major issue with regard to SIP. We thank Jonathan Rosenberg for his time.

If you enjoy this show, we would also suggest you go back and listen to Blue Box Special Edition #20, our interview with Cullen Jennings about SIP security. The two shows complement each other extremely well and provide a solid understanding of the current state of SIP security.

Thank you for listening and please do let us know what you think of the show.

Blue Box #72: Asterisk security vulnerabilities, Skype and the German government, VoIP security news, listener comments and more

Synopsis: Blue Box #72: Asterisk security vulnerabilities, Skype and the German government, VoIP security news, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast #72, a 25-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 11MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

NOTE: This show was recorded on November 30, 2007.

Show Content:

00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners – and to all those listeners who have been here for so long!
– AST-2007-025 – Asterisk – SQL Injection issue in res_config_pgsql
– AST-2007-026 – Asterisk SQL Injection issue in cdr_pgsql
– TechWorld: Expert scares world with VoIP hacking proof pointing to SIPtap – Articles also in ComputerWorld
– Wired: Skype encryption baffles German police – also in The Register and TechDirt
– VoIP News: Why Nobody’s VoIP is Secure
– PC World: ‘Swatters’ Trick AT&T’
– Comment (email) from Shawn Merdinger
– Comment (email) from Yann Cloatre
– Comment (email) from Miguel Garcia
– Comment (email) from Roel Villarius about Dutch spam filter
– Review of the last week’s traffic on the VOIPSEC public mailing list
– Wrap-up of the show
25:27 – End of show

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either ~~+1-206-350-7280~~ +1-415-830-5439 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Blue Box #71: VLAN Hopping, SIP Digest vulnerability, VoIP security hype, Skype security, Google’s latest moves, listener comments and much more…

Synopsis: Blue Box #71: VLAN Hopping, SIP Digest vulnerability, VoIP security hype, Skype security, Google’s latest moves, listener comments and much more…

Welcome to Blue Box: The VoIP Security Podcast #71, a 51-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

NOTE: This show was recorded on November 8, 2007.

Show Content:

00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners – and to all those listeners who have been here for so long!
SIP Digest Access Authentication RELAY-ATTACK for Toll-Fraud
VoiceCon ENews: VoIP Security Update (about my talk at Interop)
Telecom Junkies episode about VLAN Hopping
Network World: VoIP security notices show security remains a multi-vendor issue – also TechRepublic article about VoIP Hopper
Network World: VoIP security industry: Guilty as charged (Plus, 10 nasty questions to ask your VoIP supplier)
VoIP-News.com: Vonage Security Problems May Be Just the Start
The Ethical Hacker Network: Fun with Online VoIP Hacking
SearchVoIP: Unified communications security vulnerabilities
SecurityPark: Seeing through the VoIP security hype
The Guardian: Why VoIP is the next target for spammers
Skype Blog: Skype for Mac on Leopard (note comments about embracing security)
Voice of VOIPSA: Isolation vs. Integration (Dustin Trammell)
Converge!Network Digest: The Future IC/UC Net Will Be Federated (by Acme Packet)
TMCNet: Telecom Italia Sparke Enhances VoIP Services with Acme Packet
Mark Collier: VoIP Training Courses – he also has made available his presentation on security that he recently gave at AT&T’s Focus Conference.
InfoWorld: Vetting the quality of VoIP (follow-on to The lie that is Voice over IP )
Comment (email) from Matt Hillman about http://www.podcastersmeetup.com/ at ShmooCon Feb 15-17 in DC
Comment (audio) from Mohammad Halawah
Comment (email) from Frank Leonhardt
Comment (email) from Josef Janitor
– Review of the last week’s traffic on the VOIPSEC public mailing list
– Wrap-up of the show
– End of show

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-7280 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Blue Box #70: 2-yr Anniversary show, VoIP security vulnerabilities, Vonage, Comcast, phishing, listener comments and much, much more…

Synopsis:Blue Box #70: 2-yr Anniversary show, VoIP security vulnerabilities, Vonage, Comcast, phishing, listener comments and much, much more…

Welcome to Blue Box: The VoIP Security Podcast #70, a 51-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

NOTE: This show was recorded on October 25, 2007.

Show Content:

00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners – and to all those listeners who have been here for so long!
Programming notes:

Dan’s new employment with Voxeo
Dan at VON next week – Dean Elwood is doing a VoIPUser dinner – perhaps a Blue Box dinner as well?
We hope you enjoyed Blue Box SE 21 with Phil Zimmermann – many thanks to Martyn Davies for helping with that.
Reporters for some of the spring shows? (we can probably get you press credentials… if you are there)

XSS attack and SQL injection via SIP against Asterisk
The XSS attack against Linksys SPA-941 we discussed last week was picked up by Secure Computing which resulted in this SearchSecurity.com article: New Attack Methods Target Web 2.0, VoIP (last link sent to us by Rhodri Davies)
Sipera released a range of vulnerabilities related to Vonage, Grandstream and more – note that the Vonage thread has been picked up by ZDNet’s Russell Shaw
Wired: Phones Aren’t Safe Either, Hackers Say – also discussed in Network World and Russell Shaw We’ve toasted so many of these (VoIP) networks… and Dustin Trammell’s blog (in the list of sessions he attended)
SANS: Vishing, Skype, and VoIP-Based Fraud (sent in by Craig Bowser)
CXO Today: The Phishing Epidemic
PCWorld.CA: The eight most dangerous consumer technologies (Skype and consumer VoIP are #6 on page 2 )
TMC Net: VoIP Peering in Search of a Viable Interconnect Business Model (note the comments about security toward the bottom)
Cisco TechWise podcasts Session Initiation Protocol and Security (it’s on the page… came out 10/18/07 )
TechRepublic: Sanity check: Will Microsoft be your next phone company? (nice roundup of the MS announcements… some of the comments are also interesting)
Comcast

– Upcoming shows:
- Oct 24-25, New York, USA, Interop
- Oct 29-Nov 1, Boston, USA, Fall 2007 VON
Comment (email) from Dan Wing about episode 69 and the potential DDoS attack
Comment (email) from Raul Siles about episode 66
Comment (email) from Raul Siles about SANS VoIP Security course
Two-year-anniversary:
- Comment (audio) from Martyn Davies
- Comment (audio) from Dean Elwood
- Comment (audio) from Mike Wallace
- Comment (audio) from Raul Siles (with Matrix inclusion)
- Comment (audio) from Carsten Helmuth (cut off)
- Comment (email) from Scott Tanner
- Comment (email) from Shlomo Dubrowin
– Drawing for the book
– Review of the last week’s traffic on the VOIPSEC public mailing list

– Wrap-up of the show

51:14 – End of show

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-7280 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Blue Box podcast #70 successfully recorded… on conference WiFi!

I’m delighted to report that Jonathan and I successfully recorded Blue Box #70 this morning. It was a bit surreal, actually. There I was at the Javits Center in a vacant room on conference WiFi and Jonathan’s audio quality was outstanding! In fact, when I listened to the recording afterward his audio sounded far better than my audio that was recorded off of my local USB headset! Of course, in contrast to the stats I showed yesterday, here’s how our call looked today:

200710251121

0.0% packet loss on receiving Jonathan’s signal! Very cool! And a 94ms round trip sure beats a 200-300ms round trip, eh?

To get this good quality on a conference WiFi really speaks to the efforts of the Interop NOC team to deliver this kind of network. Kudos to them!

For those curious, I recorded the show locally on my MacBook Pro using WireTap Studio from Ambrosia Software. Given that our recording levels were quite different, I’m probably going to need to run the recording through the Levelator in order to bring the levels in line.

It should be posted probably some time early tomorrow. I’m at Interop all day today and so the post-production will probably be done during my time out at JFK and flying home later today.

Technorati Tags: bluebox

Two years ago today, Blue Box podcast #1 was launched

It seems rather amazing to me that it was two years ago today – October 24, 2005 – when we launched this show with Blue Box Podcast #1 (I remember because 10/24 is just a great number for a geek!). It’s been a long, strange trip since then… we’ve learned a lot… about podcasting, about building a community… and, of course, about VoIP security. We’ve put out 69 main shows and 21 special editions – a total of 90 shows… with more in the queue. It’s truly been a remarkable experience and we greatly appreciate all the contributions and support we’ve had from all of you over the years. Thank you for all of your support!

Sadly, despite our best efforts, Blue Box #70 , our 2-year anniversary show, did NOT make it out today on our actual anniversary. With my schedule, we wound up trying to record tonight and unfortunately the hotel WiFi at the hotel I am staying at in New York City just wasn’t up to giving us the quality recording that we wanted to have via Skype. Here’s a taste of what we were experiencing:

200710242221

If I read that right, we were getting a 32% packet loss… even if it was really 9%, it was still a lot. The roundtrip was much higher sometimes… up near 300 or more milliseconds. You just can’t get a good recording in those circumstances. Skype was working fine earlier in the night, so I don’t know if we just hit a time when more people were back at the hotel using the network. Whatever the reason, we eventually just had to give up. I thought about trying Yahoo!Voice or Gizmo, but generally if Skype is having problems the other ones will as well.

It’s disappointing, primarily because I really wanted to get the show out today. We’ve recorded shows from hotels in the past (even using hotel WiFi) and this is the first time in two years that we’ve actually had to cancel a recording because of poor connectivity!

We’re going to try again tomorrow from the Interop show where I did find I got great connectivity in some areas. We’ll see. If not it may need to wait until Friday when I’m back in my home studio.

In the meantime, thanks again to all of you who have made this show a joy to produce and do each week!

Technorati Tags: danyork, jonathanzar, bluebox, voip security

Blue Box SE#021: Interview with ZFone and ZRTP creator Phil Zimmermann by Brenno de Winter

Synopsis: Interview with ZFone and ZRTP creator Phil Zimmermann by Brenno de Winter.

Welcome to Blue Box: The VoIP Security Podcast Special Edition #21, a 44-minute interview between Phil Zimmermann and Brenno de Winter in August 2007.

Download the show here (MP3, 20MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

Brenno de Winter produces a Dutch podcast about information technology news called “ICT Roddels” (http://ictroddels.nl/) and back in early August he sat down with ZFone and ZRTP creator Phil Zimmermann to discuss (in English) what ZFone and ZRTP are all about. Brenno released the interview on his show and then offered it to us to run as a Blue Box show. In the 40-minute interview, Brenno and Phil spend the first 20 or so minutes talking about ZFone, ZRTP and VoIP security and then spend the remainder of the show talking about security in general, Phil’s background and other topics.

While we have interviewed Phil in the past ourselves, it’s been about a year since we last spoke with him and so we thought this might be an interesting update for you to hear. We thank Brenno for making the interview available to us.

I also have to say a word of thanks to long-time contributor Martyn Davies who stepped in at the last moment to provide the intro/outro to this interview. I unfortunately lost my voice after a presentation yesterday (bad news for a podcaster!) and Jonathan is currently traveling – and our goal this year is to make sure we get shows out on Wednesdays.

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-7280 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Blue Box #69: Linksys SPA-941 vulnerability, SIP DDoS, New release of SIPVicious, Asterisk security roadmap, other VoIP security news, listener comments and more

Synopsis:Blue Box #69: Linksys SPA-941 vulnerability, SIP DDoS, New release of SIPVicious, Asterisk security roadmap, other VoIP security news, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast #69, a 46-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners – and to all those listeners who have been here for so long!
01:03 – Programming notes:
- Reminder of new comment line – 206-350-7280
- Books from Peter Thermos and Ari Takanen – anniversary show promotion
02:13 – XSS attack against Linksys SPA-941
07:52 – USENIX ;login: article about SIP DDoS from Hement Sengar

12:10 – New release of SIPVicious tool suite

14:49 – Voice of VOIPSA: Suggestions for a Security Roadmap for Asterisk

21:02 – heise.uk: Skype silently fixes URI problem which relates to Windows issue pointed out back in July (see also here )

25:39 – heise online: Bavarian Criminal Police Office denies use of Trojan to eavesdrop on VoIP calls

27:57 – Zeenews.com (India): CBI favours monitoring of Internet gateways and networks

28:54 – Washington Post: VOIP Mix-Up Exposes Customer Call Data

31:58 – CXO Today (India): Mobile Business Applications Boost Security Demand

35:08 – Upcoming shows:
- Oct 24-25, New York, USA, Interop
- Oct 29-Nov 1, Boston, USA, Fall 2007 VON
35:33 – Comments – challenge with audio comment
35:47 – Comment (email) from Stephen Bosch asking about the CISSP credential

40:13 – Comment (email) from Scott Tanner (which we’ll hold for the 2-yr show) – Dan also gets talking about Dopplr.com

41:27 – Comment (email) from Frank Leonhardt

41:40 – Comment (email) from Michael Miller about PPT syncing software – answer is that we use a site called SlideShare

43:18 – Review of the last week’s traffic on the VOIPSEC public mailing list

43:57 – Wrap-up of the show

46:26 – End of show

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-7280 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Blue Box #68: Top 14 VoIP Vulnerabilities, Asterisk security, VoIP hacker, IMS, P2P, Skype, industry moves, VoIP security news, listener comments and more…

Synopsis:Blue Box #68: Top 14 VoIP Vulnerabilities, Asterisk security, VoIP hacker, IMS, P2P, Skype, industry moves, VoIP security news, listener comments and more…

Welcome to Blue Box: The VoIP Security Podcast #68, a 46-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners – and to all those listeners who have been here for so long!

01:03 – Programming notes:
- New comment line – 206-350-7280
- Slight web site changes
- Books from Peter Thermos and Ari Takanen – anniversary show promotion
03:27 – NetworkWorld: Top 14 VoIP Vulnerabilities – and also this comment in reply

07:08 – blog.spywareguide.com: Bubbles… for Kids! (spyware that propagates via Skype IM)

09:25 – Voice of VoIPSA: What would your security roadmap for Asterisk be? and 3Com to sell/support Asterisk

18:11 – Voice of VOIPSA: VoIP Hacker Goes to Jail pointing to Information Week interview with Robert Moore which is similar to the Telecom Junkies interview I did earlier with Robert Moore.

19:14 – Converge!Digest: Defending the IMS Core (sponsored by Sonus)

20:56 – Processor: Getting Tough with P2P= which relates to Dan’s recent issues with using Skype at a hotel

26:36 – PC World: Attack of the Killer Bots

28:57 – News Releases
- Sipera Secures $10 Million to Further Advance VoIP/UC Security=
- Bandwidth.com Bands with Acme Packet (finally, security for SIP trunking!)
- Radware Unveils Industry First Behavioral Server Protections as Part of its Full Spectrum Protection Technology
- Alcatel-Lucent Bolsters its Security Solutions in Worldwide Reseller Agreement with CloudShield Technologies
- Clavister Announces New Version of its IP-Based Security Operating System (see also press release )
- ForeScout Continues Innovation Leadership with Latest Network Access Control Offering=
32:24 – 3Com bought by Bain Capital, Huawei

34:58 – Skype CEO out, eBay takes $1.4 million charge

37:08 – Nokia to buy Navteq

38:26 – Vonage loses patent trial

39:29 – Upcoming shows:
- Oct 24-25, New York, USA, Interop
- Oct 29-Nov 1, Boston, USA, Fall 2007 VON

39:58 – Comment (email) from Peter Thermos

42:15 – Comment (email) from Frank Leonhardt about Skype malware

42:24 – Comments (blog) about video edition #1

42:51 – Brief commentary from Dan about using TalkPlus to call a SIP URI from a cell phone

45:39 – Review of the last week’s traffic on the VOIPSEC public mailing list

46:00 – Wrap-up of the show

46:51 – End of show

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-7280 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Blue Box: The Voice-over-IP Security Podcast

A podcast offering news, views and commentary on security issues for Voice Over IP(VoIP), Unified Communications (UC) and IP Telephony

Category Archives: Blue Box

Blue Box #73: SIP security issues at IETF 70, Skype security, vulnerabilities in Cisco and Nokia phones, Vietnam’s cyberdissidents, VoIP security news, listener comments and more…

Blue Box SE#022 – SIP NAT Traversal discussion with Jonathan Rosenberg

Blue Box #72: Asterisk security vulnerabilities, Skype and the German government, VoIP security news, listener comments and more

Blue Box #71: VLAN Hopping, SIP Digest vulnerability, VoIP security hype, Skype security, Google’s latest moves, listener comments and much more…

Blue Box #70: 2-yr Anniversary show, VoIP security vulnerabilities, Vonage, Comcast, phishing, listener comments and much, much more…

Blue Box podcast #70 successfully recorded… on conference WiFi!

Two years ago today, Blue Box podcast #1 was launched

Blue Box SE#021: Interview with ZFone and ZRTP creator Phil Zimmermann by Brenno de Winter

Blue Box #69: Linksys SPA-941 vulnerability, SIP DDoS, New release of SIPVicious, Asterisk security roadmap, other VoIP security news, listener comments and more

Blue Box #68: Top 14 VoIP Vulnerabilities, Asterisk security, VoIP hacker, IMS, P2P, Skype, industry moves, VoIP security news, listener comments and more…