Synopsis: Blue Box #86: Dan and Jonathan provide an update on what’s happened in the year since Blue Box #85 and talk a bit about what’s next

Welcome to Blue Box: The VoIP Security Podcast #86, a 19-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 9 MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long!
• Dan and Jonathan discuss what has happened in the past year and why there have not been new shows.
• Discussion of what some of the main issues in VoIP security have been over the past year.
• Mention that fugitive Edwin Pena was extradited back to the US and arraigned in New Jersey court last Friday
• Mention of the recent traffic on the VOIPSEC public mailing list
• Wrap-up of the show
• 19:38 – End of show 

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

If you found this post interesting or useful, please consider either subscribing to the RSS feed or following BlueBox on Twitter.

Synopsis: Blue Box #85: Internet phone calls and terrorism, Georgia Tech report on Emerging Cyber Security Threats, phone jamming, 802.1X-REV, 802.1AE, VoIP security news and more

Welcome to Blue Box: The VoIP Security Podcast #85, a 32-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 15 MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long!
• Programming notes:
  • Three-year anniversary of Blue Box coming up on October 24th – any thoughts you'd like to share with us? (Please send them to us by October 23rd.)
• The Times: "Internet phone calls are crippling fight against terrorism" – and my response on the Voice of VOIPSA blog
• FierceVoIP: "UK crimefighting concern over VoIP calls, social networks" 
• BBC: Data powers behind the times 
• GA Tech Survey (PDF) (link about the GA conference )
• Dark Reading: Cellphone Botnets, Blackmailing VOIP & a Healthy Cybercrime Economy
• bMighty.com: Georgia Tech Security Report Scarier Than Its Football Team
• cNet: Botnets on cell phones in 2009?
• telecoms.com: Smartphone is a hotbed of security issues
• VNUnet: Security industry falling behind hackers
• AP: Phone Jamming in NH
• GigaOm: EEF Challenges Telco Immunity in Court 
• Information Week: New Protocols Secure Layer 2
• Voice of VOIPSA: Asking The Cisco Systems IPICS and JPS Raytheon ACU-2000 Experts: Questions 36-40
• Other Voice of VOIPSA articles
• snom technology AG: snom 820 combines mature VoIP technology with exclusive design
• IDC Finds Increasing Hype Around Unified Communications Is Affecting How Customers Select Telephony Systems and Services (interesting movement in the top vendors used  - Nortel out and IBM in)
• Peerless VoIP Peering
• Comment (IM) from Christian Wieser
• Review of the last week's traffic on the VOIPSEC public mailing list
• Wrap-up of the show
• 32:10 – End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis:  Blue Box #83: SIP and Asterisk vulnerabilities, voice biometrics, P2PSIP, Aircell blocking Skype, VoIP security news and more…

Welcome to Blue Box: The VoIP Security Podcast #83, a 39-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 18MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was recorded on September 4, 2008.

You may also listen to this podcast right now:

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long!
• Programming notes:
  • Three-year anniversary of Blue Box coming up on October 24th – any thoughts you’d like to share with us? (Please send them to us by October 23rd.)
• Remote DoS in reSIProcate
• Remote root shell in Trixbox
• Second route of VoIPShield Cisco/Avaya/Nortel vulnerabilities
• AST-2008-010 – IAX2 ‘POKE’ Resource Exhaustion
• AST-2008-011 – IAX2 Firmware Provisioning System
• Saunderslog: Squawk Box – July 10, 2008: Voice biometrics and VoiceVerified.com
• Saunderslog: Squawk Box – July 9, 2008: P2PSIP
• IETF: P2PSIP Security Requirements
• Voice of VOIPSA: “Aircell blocking VoIP on a plane” – part 1 , part 2 and an update
• Voice of VOIPSA: Shawn Merdinger’s series on “Asking The Cisco IPICS Expert” – Questions 1-5 – 6-10 – 11-15 – 16-20 – 21-25
• Voice of VOIPSA: Asterisk ‘hack’ to show blocked Caller-ID points to larger trust issues with SIP (and SpeechTEK speech)
• NetworkWorld: Georgia student arrested for hacking grades, VoIP
• CRN: Analysis: Hacking VoIP as easy as 1-2-3
• Ari Takanen starts blogging at InfoWorld
• InfoWorld: Motivation for VoIP Fuzzing
• TMCnet: How to keep your tech career afloat
• New analyst report: Security Threats Loom Over Unified Communications pointing to Light Reading report and article
• VoIP Companies to Fight For Market Share
• IEEE approves 802.11r standard
• Google Chrome – upgrading the web to be application-centric
• Items on my DisruptiveTelephony blog… Skype 5th birthday, Asterisk future, Digium/Nortel
• No comments this week.
• Review of the last week’s traffic on the VOIPSEC public mailing list
• Wrap-up of the show
• 39:08 – End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis:  Blue Box #79: Asterisk vulnerabilities, VoiceCon/VON coverage, eavesdropping, FBI, ZFone, P2P, VoIP security news and more

Welcome to Blue Box: The VoIP Security Podcast #78, a 32-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 15MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was originally recorded on March 27, 2008. Yes, that was over two months ago… we know…

You may also listen to this podcast right now:

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long! 
• MANY thanks for all the offers of audio production assistance
• Dan met with Craig Bowser down at VoiceCon, also David Endler, Mark Collier, etc.
• Jonathan met with Dean Elwood, Martyn Davies, etc.
• Four Asterisk vulnerabilities
• The Economist: Bugging The Cloud
• Forbes: How to Make Your Phone Untappable
• VoIP News: VoIP: Who Might Be Spying on Your Communications? (Hint – It’s Not Just the NSA
• VoIP News: Listen Up: 17 Signs That You Are Being Wiretapped
• eChannelLine: Businesses lagging in securing VoIP (also ComputerWeekly.com and news release )
• eChannelLine: Ingate launches enhanced security for VoIP and SIP (also Enterprise VoIPPlanet )
• Voice of VOIPSA: Hacking Zyxel Gateways
• Voice of VOIPSA: Vishing Attacks
• Voice of VOIPSA: FBI VoIP Surveillance Requirements Leaked (also in FierceVoIP and Slashdot )
• Voice of VOIPSA: Hackers Send Thousands of Fake Calls to Deaf People
• SnapVoIP: Unified Communications in Virtual Worlds to Solve ‘Tower of Babel’ for Intelligence Agencies
• Israeli-made Cryptophone attracts world spy agencies pointing to product site
• BlogInfoSec.com: Save The Whales (about a new form of phishing)
• Network Computing: Your Data and the P2P Peril
• NetQoS: VoIP Monitor 1.1 released
• PC World: FaceTime Security Product Scans Skype’s Encrypted IM and news release
• Sipera IPCS Solution for Teleworkers Rated ‘Avaya Compliant’
• Extreme Networks Boosts Security for Converged Voice and Data Networks with New Tools
• Review of the last week’s traffic on the VOIPSEC public mailing list 
• Wrap-up of the show
• 32:27 – End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.