Synopsis:Blue Box #67: Contest for listeners, discussion about status, some VoIP security news, listener comments

Welcome to Blue Box: The VoIP Security Podcast #67, a 20-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long! 
• – Discussion of:
  • reasons for break in shows having to do with Dan no longer working for Mitel
  • two-year anniversary of the show coming up on October 24th
  • listener contest for copies of Peter Thermos and Ari Takanen’s new book “Securing VoIP Networks”
• – ZDNet: “Jericho Forum voices concerns over VoIP Security”

• – Telappliant: “VoIP ‘more secure than traditional phone systems'” (note the last paragraph about VOIPSA)

• – SecurityFocus: “VoIP Hopping: A Method of Testing VoIP Security or Voice VLANs and Release of “VoIP Hopper tool”

• – SIP Hacking Workshop in November in Vienna

• – Upcoming shows:

  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON
• – Comment (email) from Craig Bowser (about VoIP Hopping article)
• – Comment (email) from Doug Simar about iPhone

• – Review of the last week’s traffic on the VOIPSEC public mailing list 
• – Wrap-up of the show
• 20:46 – End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis: Blue Box #66: Cisco/Grandstream/Thomson VoIP security vulnerabilities, Skype outage, VoiceCon coverage, VoIP security news, listener comments and more..

Welcome to Blue Box: The VoIP Security Podcast #66, a 56-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long! 
• 03:00 – Programming notes
  • First Blue Box video – what did you all think?  Should we do more of these?  (Anyone interested in helping?)
  • Upcoming interviews: excellent SIP
    security session with Cullen Jennings, update interview with Dave
    Endler/Mark Collier, contribution from Brenno deWinter of a Phil
    Zimmermann interview
  • Apologies if any of you had a problem downloading shows last week. Our hosting provider, LibSyn had a DNS configuration issue and people couldn’t get to the site.
• 07:55 – 3 messages SIP Remote DOS on Cisco 7940 SIP Phone – and Cisco response
• 12:17 – SIP remote attack on Grandstream SIP Phone GXV-3000
• 16:45 –Remote DOS on Thomson SIP phone ST 2030 using the VIA header and Remote DOS on Thomson SIP phone ST 2030 using the TO header
• 19:55 – Cisco: Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager
• 21:55 – Asterisk AST-2007-021 – Crash from invalid/corrupted MIME bodies when using voicemail with IMAP storage (note the move away from “ASA” which Avaya had been using)
• 24:30 – Sipera softphone issue – still working with the vendor
• 25:20 – Skype outage:
  • Voice of VOIPSA: It’s official – Skype blames the outage on Microsoft
  • Skype responds The Microsoft connection clarified and Dan’s commentary
  • Guardian: Skype’s nightmare weekend highlights peer-to-peer fears
  • PCWorld: Vendor Warning on Skype Eavesdropping
• 33:51 – ZDNet: Sipera introduces new enterprise VoIP security toolset
• 34:32 – Voice of VoIPSA VoiceCon coverage: SIP Security and IP Telephony Security Threats and Countermeasures
• 35:36 – VoIPNews: Hacking VoIP Exposed (interview with Mark Collier)
• 37:03 – eWeek Channel Insider: VOIP Security Requires Layered Approach, Experts Say and a blog reaction
• 37:23 – Computerworld: VoIP requires attention to security best practices
• 38:30 – Network World: VoIP hacker talks: Service provider nets easy pickings based on Telecom Junkies podcast: Interview with a VoIP Hacker – also tricityherald.com: Spokane man heads to prison for hacking
• 39:14 – IEEE Digital Library: Service Provider Implementations of SIP Regarding Security
• 40:32 – News Releases: 
  • Enterasys secures enterprise VoIP
  • Fortinet Adds UTM for Small Offices (mention of VoIP and 3G)
  • ResearchAndMarkets releases a new report on VoIP security
  • Raketu Realizes Over 50% Jump in Service Subscribers in Wake of Skype Outage
• 42:50 – Upcoming shows:
  • Sept 10-12, Los Angeles, CA, USA ITEXPO West 2007 
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON
• 43:44 – comment (email) from Rhodri Davies about PSTN being more secure
• 48:12 – comment (email) from Atilla asking about slides for SE 19
• 49:01 – comment (email) from Jose Luis about OCS
• 52:46 – comment (email) from Sachin Joglekar about video
  
• 54:31 – Review of the last week’s traffic on the VOIPSEC public mailing list 
• 55:09 – Wrap-up of the show
  • Jonathan mentions that Jaxtr received $10million in VC funding.
• 56:15 – End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis: Blue Box #65: VoIP fraud case revisited, Black Hat and Defcon presentations, VoIP security news, listener comments and more..

Welcome to Blue Box: The VoIP Security Podcast #65, a 46-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was recorded on August 6, 2007.

You may also listen to this podcast right now:

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long! 
• 01:14 – Programming notes
  • VoIP Security Panel from VON now available as a Special Edition
• 02:27 – Telecom Junkies: Interview with a VoIP Hacker
• 13:21 – Black Hat / Defcon Coverage
  • Forbes: VoIP Vandals
• ZDNet: VoIP security vulnerabilities demonstrated at Black Hat conference
• GCN: Security an issue in dual-mode VoIP phones
• ComputerWeekly: VoIP security reaches tipping point
• ComputerWorld: Researchers flag VoIP exploits at Black Hat
  which points to these exploit tools and presentation
• iSEC also had a presentation/tools: “Point, Click, RTPInject” on this page of presentations
• tgdaily: PGP creator shows off VoIP encryption app – more in this weblog
• PC World: Networks: No Sweat to Skilled Hackers  (Good roundup and also mention of Estonian botnets)
• Risque Management: VoIP Scaremongers (good counterpoint)
• 23:55 – TMC.net: Security and Disaster Recovery for IP Telephony Systems (interview with Dan)
• 26:55 – TechRepublic: SolutionBase: Creating a secure and reliable VoIP solution
• 27:47 – TechRepublic: Will your VoIP provider go out of business?
• 29:07 – Enterprise VoIPPlanet: VoIPowering Your Office: Eavesdropping on VoIP Calls – Part 1
• 30:39 – vnunet: Homeland Security warns on US power threat
• 32:15 – ComputerWorld: RIM refutes security concerns over BlackBerry 8820 (interesting note about dual-mode and implications of WiFi on enterprise security)
• 35:38 – News Releases: 
  • Edgewater Networks, Inc. Introduces VoIP Performance Reporting Tool for Managed Service Providers
  • Sipera to Demonstrate VoIP-to-Data Exploit
• 37:44 – Upcoming shows:
  
  • Aug 20-23, San Francisco, CA, USA VoiceCon SF 2007 
  • Sept 10-12, Los Angeles, CA, USA ITEXPO West 2007 
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON
• 38:37 – comment (email) from Tom Cross of ISS about vulnerabilities
• 40:15- Review of the last week’s traffic on the VOIPSEC public mailing list 
• 41:56 – Wrap-up of the show
  • Jonathan talks about recent studies around security of electronic voting machines.
• 46:05 – End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.