Synopsis: Interview with Saverio Niccolini from NEC about efforts to combat SPIT.
Welcome to Blue Box: The VoIP Security Podcast Special Edition #17, a 9-minute podcast of an interview by Martyn Davies of Saverio Niccolini from NEC about efforts to combat Spam-for-Internet-Telephony (SPIT). The interview took place at the 3GSM World Congress 2007 held February 12-15, 2007, in Barcelona, Spain.
At the 3GSM World Congress 2007, Blue Box contributor Martyn Davies had a chance to record an interview with Saverio Niccolini about NEC’s efforts to combat Spam for Internet Telephony (SPIT). Specifically, they discussed NEC’s new program VOIPSEAL, the prototype of which was unveiled at the 3GSM conference. Saverio is a Senior Research Staff Member in the
Network Laboratories at NEC (www.netlab.nec.de)
Saverio has provided the following links for additional information about the VOIP SEAL solution:
We thank Martyn for contributing this interview and Saverio for his participation.
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.
Thank you for listening and please do let us know what you think of the show.
Synopsis: Emerging Telephony 2007 Workshop by Blue Box co-hosts Dan York and Jonathan Zar and security researcher Shawn Merdinger called the "Black Bag Security Briefing" covering VoIP security threats, tools and best practices.
Welcome to Blue Box: The VoIP Security Podcast Special Edition #16, a 91-minute podcast of a workshop presentation by Blue Box co-hosts Dan York and Jonathan Zar along with security researcher Shawn Merdinger called the "Black Bag Security Briefing" at O’Reilly’s Emerging Telephony Conference on February 27, 2007.
At O’Reilly’s 2007 Emerging Telephony conference last week in San Francisco, Jonathan, Shawn Merdinger and I presented a 90-minute workshop in which we discussed the threats to VoIP security, the tools out there to test/defend your network and the best practices for securing VoIP systems. We had a great audience that also included folks like blogger/podcaster Ken Camp and IETF RAI Area Director Cullen Jennings. This is a recording of the full session including the Q&A.
Slides will be available soon.
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.
Thank you for listening and please do let us know what you think of the show.
Synopsis: Emerging Telephony 2007 General Session by Blue Box co-host Dan York called the "Black Bag Security Review" where Dan tells a story about VoIP security.
Welcome to Blue Box: The VoIP Security Podcast Special Edition #15, a 22-minute podcast of a general session presentation by Blue Box co-host Dan York called the "Black Bag Security Review" at O’Reilly’s Emerging Telephony Conference 2007.
At O’Reilly’s 2007 Emerging Telephony conference last week in San Francisco, I (Dan) had the opportunity to give a 15-minute presentation to all attendees about VoIP security. Rather than doing the traditional slideware outlining the threats, tools, best practices, etc., I tried to do something very different and simply tell a story of what could happen if a VoIP system were installed in an insecure manner – and how to go about securing that system. I tried to make it interesting and humorous (something not often tied to VoIP security) and the feedback at the show was quite positive. Given that this was the first time I had presented the topic in this manner, I would very definitely appreciate comments (positive or negative) either left here on this blog entry or sent or called in to the email address and numbers below.
Because the presentation was quite different in style from others that were given (and yes, it does come in at 243 slides in just about 15 minutes!), I received a number of questions and wound up writing a bit more about the presentation over on my Disruptive Telephony blog. I included a bit about Lawrence Lessig and his impact on this presentation style.
I will include here an embedded view of the slides courtesy of SlideShare.net, although without being synced to the audio, they aren’t terribly useful given that I was moving through them fast. At some point I will also include a PDF version of the slides as well.
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.
Thank you for listening and please do let us know what you think of the show.
Back in Blue Box #41, listener Miguel Garcia sent in the links to the RTPSEC BOF sessions at the IETF66 meeting in Montreal, Canada, in July 2006. I meant at the time to include them in the show notes – and have now done so – but thought I would also include these links here for people who might not revisit show #41:
Note that this was the session in Montreal where the IETF attendees were trying to get to the requirements necessary for securing the RTP media stream. The eventual outcome of that session was an Internet-Draft on media security requirements that was discussed at the IETF 67 meeting last week in San Diego, California. (No word yet on the outcome of that discussion.)
Thanks, Miguel, for sending in those links – and my apologies for the delay in getting the links posted.
Synopsis:"VoIP Security Best Practices" panel at the Internet Telephony Exposition West 2006, October 13, 2006, San Diego, CA, USA.
Welcome to Blue Box: The VoIP Security Podcast special edition #13, a 59-minute podcast of the "VoIP Security Best Practices" panel presented at the Internet Telephony Expo on Friday, October 13th, in San Diego, California, USA.
Ken Camp (Moderator), Speaker – Author – Consultant IP Adventures
Dan York, Mitel
Shahadat Khan, Eyeball Networks
Jonathan Weiss, Lucent
Micaela Giuhat, Sipera Systems
Tom Gilheany, Nortel
This is the second of several panel presentations we will be making available from the Internet Telephony conference. We thank Rich Tehrani and the rest of the TMCNet staff for allowing us to record the sessions. Thanks also to Ken Camp for his assistance and to the panelists who gave their permission to be recorded as well.
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.
Thank you for listening and please do let us know what you think of the show.
Synopsis:"Intro to VoIP Security" panel at the Internet Telephony Exposition West 2006, October 13, 2006, San Diego, CA, USA.
Welcome to Blue Box: The VoIP Security Podcast special edition #12, a 51-minute podcast of the "Intro to VoIP Security" panel presented at the Internet Telephony Expo on Friday, October 13th, in San Diego, California, USA.
Ken Camp (Moderator), Speaker – Author – Consultant IP Adventures
Emmitt Wells, Security and Communications Practice Manager, Getronics
Eric Rasmussen, Juniper Networks
Tom Gilheany, Leader, Enterprise Security Solutions, Nortel
Surya Kumar IVG, Deputy General Manager- VoIP Products and Eng, HCL Technologies
This is the first of several panel presentations we will be making available from the Internet Telephony conference. We thank Rich Tehrani and the rest of the TMCNet staff for allowing us to record the sessions. Thanks also to Ken Camp for his assistance and to the panelists who gave their permission to be recorded as well.
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.
Thank you for listening and please do let us know what you think of the show.
Synopsis:VoIP security news, comments and opinions – Skype security, fugitive CEOs, Phil Zimmermann, Paris Hilton, the IETF and more.
Welcome to Blue Box: The VoIP Security Podcast #39, a 42-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions. In this week’s show, we cover recent news, what happened at the VON show, 802.11 wireless security and more…
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.
Thank you for listening and please do let us know what you think of the show.
If any of you will be attending the Podcast and Portable Media Expo coming up this Friday and Saturday, September 29th and 30th, in Ontario, California (near L.A.), please do drop an email and it would be great to connect. If you aren’t going but are interested in podcasting, there’s still time… 🙂
… Jonathan will be there on August 28th and 29th! See his post about the VoIP conference or go directly to the conference brochure for more information. Jonathan would very much be interested in meeting any listeners who will be attending, so please do send us an email if you are in the area.
Synopsis: Black Hat 2006 super-sized edition – VoIP security news, interviews with David Endler, Mark Collier, Ofir Arkin and much, much more
Welcome to Blue Box: The VoIP Security Podcast show #36, a 83-minute podcast from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This is a special edition focusing on the 2006 Black Hat Briefing in Las Vegas and the voice security talks that were given at the conference.
NOTE: As explained in the show, this podcast #36 is being released before show #35, which will be released next week. You didn’t miss #35… it just hasn’t been released yet.
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-350-2583(new comment phone number!) to leave a comment there.
NOTE: As I will explain in more detail on our next show (#37), there were a number of issues with the audio in this show both in the recording as well as in the post-production. One of the issues was some very annoying noise artifacts in the Endler/Collier interview that sound like cell phone interference. There are also a couple of gaps… and those with finally attuned ears will hear some clipping of the audio. Suffice it to say that I would not want our podcast to be judged by the audio quality of this episode! I’ll explain more in our next episode about exactly why this episode didn’t hit our usual quality level.
Show Content:
(NOTE – More detailed show notes with links will be made available next week. For right now, we just want to get the show posted.)
00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners.
08:10 – Interview with Dave Endler and Mark Collier about their Black Hat talk and the VoIP security tools they released this week. (News articles from ZDNet and the Register.)
35:41 – Discussion of Hendrik Sholz’s new smap tool and his zero-day exploit against Cisco PIX firewalls
39:46 – Discussion of Jay Schulman’s session on phishing with Asterisk
45:29 – Discussion of Doug Mohney’s session on using voice analytics to defeat social engineering
46:13 – Discussion of Nicolas Fischbach’s session on carrier VoIP security
48:38 – Interview with Ofir Arkin about his session on NAC, Insightix, his role in VOIPSA, security research, etc.
1:05:42 – Mention of Alan Schimmler and his Still Secure blog and NAC
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-350-2583 to leave a comment there.
Thank you for listening and please do let us know what you think of the show.
At the 3GSM World Congress 2007, Blue Box contributor Martyn Davies had a chance to record an interview with Saverio Niccolini about NEC’s efforts to combat Spam for Internet Telephony (SPIT). Specifically, they discussed NEC’s new program VOIPSEAL, the prototype of which was unveiled at the 3GSM conference. Saverio is a Senior Research Staff Member in the
