Synopsis: VoIP security in the mainstream news, Martyn Davies’ report on the 3rd Annual VoIP Security Workshop in Berlin, listener comments and much, much more…

Welcome to Blue Box: The VoIP Security Podcast show #30, a 57-minute podcast  from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This show includes a 24-minute report from Martyn Davies on the 3rd Annual VoIP Security Workshop in Berlin.  Martyn’s report also includes interviews with workshop participants.

Download the show here (MP3, 65MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

NOTE: I would welcome any comments about the audio quality of this MP3 file as compared to our other shows would be appreciated – I am trying out a new audio encoder. Thanks.

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.  Mention of our listener survey – PLEASE TAKE A MOMENT TO COMPLETE THE SURVEY!  (Thank you!) It looks like Dan will most likely be at the IETF 66th Meeting in Montreal, June 9-14 – Please drop us a note if you are going to be there.  Check out VOIPSA’s blog if you have not already done so.
• 01:43 – Asterisk vulnerability with IAX2
• 02:50 – Discussion of recent VoIP fraud scam that was all over the news:
  • NY Times: Hacker said to resell Internet Phone Service  (sent in by Mark Trifiro )
  • DOJ News Release
  • DOJ complaint against Pena
  • DOJ complaint against Moore
  • CNET: Hacker cracked Net phone networks for gain, feds say  (sent in by Craig Bowser)
  • VOIPSA Blog posting
  • ABC News: Miami Man Arrested for Theft of VoIP Calls
  • TMC.net: Hacking Scheme, Arrests Highlight Embryonic State of VoIP Security
  • Information Week: VoIP Security Alert: Hackers Start Attacking For Cash
• 10:07 – Red Herring: VoIP Security Attracts Funding  (also TMC.net: SIP Expert Covergence Secures $15 Million in Series C Funding )
• 11:00 – NetworkWorld: Cisco, Juniper, Nortel airing telecom gear at Globalcomm and Red Orbit: Prepare for the coming VoIP Revolution
• 11:39 – New Zealand Reseller Online: Border patrol on worldwide scale
• 12:02 – ComputerWorld Malaysia: Wireless and VoIP security
• 12:15 –NIST releases two publications:
  • Information Security Guide for Managers
  • Guide to 802.11i
• 12:59 – CE-Infosys today
  announced the release of secure VoIP solution [ClosedTalk]® which
  include enhanced features and maintain the highest standard of security
  for free Internet-based phone calls.
• 13:38 – Ranch Networks Announces Availability of its Asterisk Security Code in Digium’s New Version of the Asterisk Business Edition
• 13:57 – Info Security Products Guide Names Covergence’s Eclipse Winner of the 2006 Global Excellence in VoIP Award; Eclipse Gains the Highest Trust of Customers Worldwide as Chosen by Info Security’s Readers
• 14:28 – June 21, CheckPoint: Cut Costs and Increase Flexibility With A Secure VoIP Solution (from Craig Bowser)
• 15:12 – Burton Group analyst Irwin Lazar’s report Debunking the Hype About Skype now available with free login
• 15:41 – Upcoming Shows:
  • June 20-21, Tel Aviv, Israel, VON Israel
  • July 9-14, Montreal, Canada, IETF 66th Meeting
  • July 19-21, Tokyo, Japan, VON Japan
  • August 2-3, Las Vegas, Black Hat 2006
  • August 8-10, Santa Clara, CA, 3rd Annual VoIP Developer Conference
  • Sept 11-14, Boston, MA, Fall VON 2006
  • Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
• 16:34 – Feature report from Martyn Davies on the  3rd Annual VoIP Security Workshop in Berlin. Note that the presentations now online (or as one file ).
• 41:58 – Comment from Hank Cohen
• 42:48 – Audio comment from Patrick
• 43:50 – Comment from Sergio Meinardi
• 45:04 – Comment from Trent Williams
• 45:51 – Comment from Perry Engle
• 50:39 – Review of the last week’s traffic on the VOIPSEC public mailing list, mostly focused on softphone vulnerabilities and a spirited discussion of Skype security!
• 53:16 – VOIPSA blog
• 54:00 – www.vloggercon.com and the upcoming Podcast Academy
• 55:14 – Podcast and Portable Media Expo, Sept 29-30, Ontario, California
• 55:27 – Wrap-up of the show
  • Mention of our Frappr map
• 56:56 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis: Interview with Jim Gallagher of Codenomicon, provider of VoIP security test tools, from the floor of Spring VON 2006.

Welcome to a special edition of Blue Box: The VoIP Security Podcast from the floor of the Spring 2006 VON conference in San Jose, CA. In this 15 minute podcast, host Dan York interviews Jim Gallagher of Codenomicon about their company, their test tools and how they can help companies developing VoIP products.

Download the show here (MP3, 14MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

This is actually the only recording I will be bringing you from the Spring VON exhibitors.  However, Victor Garza over at Infoworld’s "Zero Day Security" recorded a number of podcasts from VON that listeners to this show may also find of interest.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Synopsis: Joint interview with Mikey from the Pulvermedia Podcasting Network where I talk about the security presentations that occurred here at VON. The interview was recorded at the PPN booth on the exhibit floor of the Spring VON show in San Jose, California, on March 16, 2006.

Welcome a special edition of Blue Box: The VoIP Security Podcast from the floor of the Spring 2006 VON conference in San Jose, CA.  This was a joint interview between myself and Mikey from the Pulvermedia Podcasting Network where I first talked about Blue Box and then discussed the security presentations that were here at the show, spoke a bit about SPIT and then relayed other thoughts about the show this year.   Mikey also talked a bit about what he and his colleague Laura have been doing there at their booth talking to people about podcasting and interviewing various folks (those interviews are available here)

Download the show here (MP3, 15MB) or subscribe to the RSS feed to download the show automatically.  The interview runs about 16 minutes.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.
Audio comments sent as attached MP3 files are definitely welcome and
will be played in future shows.  You may also call the listener comment
line at +1-206-338-6654 to leave a comment there.

Synopsis: Interview with Phil Zimmermann about his new Zfone project, the ZRTP protocol and other related topics. The interview was recorded at the Spring VON show in San Jose, California, on March 16, 2006.

Welcome a special edition of Blue Box: The VoIP Security Podcast from the floor of the Spring 2006 VON conference in San Francisco, CA. In this interview with Phil Zimmermann we talk about his Zfone project and how it has evolved since it was first announced in January (which we covered here).  Phil explains the origins of his ideas, how Zfone works, how ZRTP works and how people can get involved with the public Zfone beta program.  More information is available at http://www.philzimmermann.com/

Download the show here (MP3, 20MB) or subscribe to the RSS feed to download the show automatically.  The interview runs about 22 minutes.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.
Audio comments sent as attached MP3 files are definitely welcome and
will be played in future shows.  You may also call the listener comment
line at +1-206-338-6654 to leave a comment there.