Synopsis: IP phone security vulnerabilities, SIP fuzzing, Phil Zimmermann, ZRTP and IETF, Skype security, listener comments and a brief final commentary about visiting the pyramids in Egypt

Welcome to Blue Box: The VoIP Security Podcast #55, a 78-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 36MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long!
• 01:29 – Programming notes
  • Apologies for lengthy delay
  • Hope you enjoyed Blue Box Special Edition #17 with Saverio Niccolini
  • Jonathan’s IPTV session at Spring VON
  • Brief note about Dan’s trip to Cairo (more at the end of the show)
  • Blogroll
    for “Blue Box Friends” – send in email with answer to question “What is
    Dan’s #1 prediction for what’s going to happen in VoIP security this
    year?”
  • If you are a CISSP, listening to podcasts can be counted as CPE credits
  • Voice of VOIPSA and Blue Box part of Security Bloggers Network
• 11:39 – RIT VoIP Conference – Rochester, NY, May 18th – looking for papers
• 12:30 – SIP fuzzing vulnerabilities from the Madynes project
• Cisco 7940/7960 DoS
• Grandstream Budgetone 200 DoS (note that vendor did not respond to researchers)
• Asterisk SDP DoS – and then also proof-Of-Concept code for Asterisk vulnerability
• Thinking about "patch management plans for phones"?
• 17:49 – Network World: Trojan calls on Skype
• 18:28 – Shawn Merdinger starts blogging his "Top 10" list of questions to ask your vendor about VoIP security (part 3 presumably coming soon):
  • Voice of VOIPSA: Pucker up – Intimate VoIP Phone Security Questions – part 1 of 3
  • Voice of VOIPSA: Pucker up – Intimate VoIP Phone Security Questions – part 2 of 3
• 22:08 – Silicon.com Special report on VoIP Security
  • The biggest VoIP security threats – and how to stop them
  • Is Skype secure enough for businesses?
  • The dos and don’ts of VOIP security
• 25:29 – VoIP News: Pretty Good (VoIP) Privacy
• 26:10 – VoIP News: CounterPath Gets Pretty Good Privacy with ZFone
• 28:13 – Voice of VOIPSA: Skype with a ‘Z’
• 30:10 – Voice of VOIPSA: Cracking the WLAN
• Voice of VOIPSA: Ghosts of VoIP Security Tools Past…and Future?  (note the comment in reply from the grugq)
• 31:01 – Aswath Rao: OpenID Negates the Need for P2P SIP
• 33:17 – PC Advisor: Take care of your smartphone’s security
  • comment (email) from Shawn about FlexiSpy
  • mention of EE Times: Getting a lock on RTOS security
• 36:42 – IETF: VoIP Security Threats relevant to SPEERMINT  (sent in by Shawn)
• 38:12 – Mention of IETF BLISS working group
• 39:14 – Mitel Presence: Using IP Communications as a Tool For Disaster Recovery and Business Continuity
• 40:17 – Sipera’s new VoIP Threat Advisories
• 41:54 – News releases:
  • Amitelo AG Presents AmiVois, Competitor to Skype
• 43:56 – Feature discussion around the IETF 68 RTPSEC BOF that occurred in Prague about secure key exchange protocols for Secure RTP (SRTP) (with the caveat that neither of us were there)
  • comment (email) from Miguel Garcia
  • Voice of VOIPSA: SRTP key exchange – minutes of IETF RTPSEC BOF now posted pointing to RTPSEC minutes
• 53:20 – Brief mention of VOIPSA Best Practices project.
• 54:08 – Upcoming shows:
  • Apr 16-20, Vancouver, BC, Canada CanSecWest 2006
  • May 14-17, Santa Clara, CA, USA Communications Developer Conference
  • May 18, Rochester, NY, USA, RIT VoIP Conference
  • May 23-25, Paris, France Eurosec Forum 2007 – I am speaking
  • June 12-14, Stockholm, Sweden, VON Europe Spring – both Martyn and I will be there… we’ll have to have a Blue Box dinner
  • July 22-27, Chicago, USA IETF 69
  • Aug 20-23, San Francisco, CA, USA VoiceCon SF 2007
  • Sept 10-12, Los Angeles, CA, USA ITEXPO West 2007
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON
• 54:20 – comment (audio) from Hasan Diwan about adding his blog, Prolific Programmer to the Blue Box blogroll
• 56:34 – comment (email) from Detlef
• 57:18 – comment (email) from Mark Collier about ETel story
• 57:49 – comment (email) from Dean Elwood about biometrics for identity authentication
• 58:49 – comment (email) from Shawn Merdinger about http://oldskoolphreak.com/tfiles/pwf.txt
• 59:41 – comment (email) from Shawn about Hitchhiker’s Guide to SIP
• 61:28 – comment (email) from Martyn Davies about OpenID
• 64:24 -comment (email) from Seth about adding a Podnova subscription button
• 64:39 – comment (email) from Roland about RSS feed not validating
• 64:52 – comment (email) from Martyn Davies about SE16 and removing the hum
• 66:05 – Review of the last week’s traffic on the VOIPSEC public mailing list
• 67:16 – Wrap-up of the show 
  • A bit of a travelogue about Dan’s trip to Cairo, Egypt, and his impressions of the pyramids, Cairo, etc.
• 78:05 – End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis: new VoIP security tools list, teleworker FUD, Phil Zimmermann, ETel conference feedback, SPIT, IETF, listener comments and more…

Welcome to Blue Box: The VoIP Security Podcast #54, a 57-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 27MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content: 

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long!
• 01:36 – Programming notes
  • Brief notes about Emerging Telephony show
    • O’Reilly: ETel Coverage: VOIPSA wants VoIP to be secure!
    • ETel pictures now on flickr
    • Notes about Black Bag Security Review
  • Authors of upcoming O’Reilly Asterisk Cookbook are looking for contributions related to security
  • Dan will be in Cairo, Egypt, on the week of March 19th and would be delighted to meet with any listeners
  • SRT episode on OpenID almost up there
  • If you are a CISSP, listening to podcasts can be counted as CPE credits
• 10:00 – Debian: Gnomemeeting vulnerability
• 10:35 – Asterisk Unspecified SIP packet handling DoS – also see sparse Asterisk notes here and here
• 11:33 – ComputerWorld.au: Enterprises must avoid IP telephony for teleworkers or face attack and Dan’s response on VOIPSA blog – see also:
  • ITWorld Canada: IP telephony potential security risk for businesses
  • CSO: IP telephony Can Create Open Door for Attackers
• 15:56 – Silicon.com: VoIP threats to watch out for – part of Silicon.com VoIP Security Special Report – notice upcoming reports on “big three”, Skype and Best Practices
• 17:42 – ComputerWorld: How dangerous is Skype?
• 18:48 – TechNet: Infonetics Report Predicts Continued Growth for Network Security Gear Through 2007
• 19:35 – IT Business Edge: Security Must Be Built In From The Start – points to article about Pew Internet & American Life report
  … last line of ITBusEdge entry is key… IT must be involved from the
  start.
• 21:57 – O’Reilly: VoIP encryption in a surveillance society
• 22:27 – Dean Takahashi: Interview with Phil Zimmermann
• 24:06 – xChange Online: Securing VoIP Relative to Number Mapping
• 24:52 – Voxilla: Getting Smart about SPIT
• 26:11 – Malaysia Star: Calling with confidence
• 26:56 – Voice of VOIPSA: New VoIP Phishing Scheme
• 28:36 – Voice of VOIPSA: New Hacking for Traditional Networks
• 29:31 – Voice of VOIPSA: Phone "Phreakers" Steal Minutes
• 31:38 – Voice of VOIPSA: IETF – Secure Call Recording with SIP and SRTP
• 32:48 – Voice of VOIPSA: Comment to Ringjacker story – important point here about older clients being around
• 34:27 – Mark and Dave’s book gets good reviews – read on Mark’s blog – including SearchNetworkingChannel.com- VoIP Security: Cisco Unified CallManager Quiz & Chapter – fun review in the form of a quiz.
• 36:04 – News releases:
  • Lenovo Teams Up with Avaya To Add Secure VoIP Capability to Laptops  – interesting the note about the fingerprint reader for user authentication
  • SNOM TECHNOLOGY AND BORDERWARE TECHNOLOGIES ANNOUNCE STRATEGIC PARTNERSHIP TO INCREASE VOIP SECURITY
  • snom technology focussing on VoIP security and interoperability at the CEBIT 2007
  • TMC.net Sipera delivers VoIP Security to Enterprise Branch Offices
  • Sipera and INSI Sign Agreement To Offer Secure Solutions for VoIP Services=
  • Nevis Networks Enhances its Persistent LAN Security, Per-User Costs at $15
  • Mu Security Demonstrates VoIP Testing, Measurement and Attack Surface Coverage Weaknesses at VoIPCON, VON
  • Guidebook from Infineon exposes myths about VoIP – Voice quality and security put traditional telephony in the shade
• 38:48 – Feature discussion around IETF 68 coming up next week in Prague.  The critical discussion of interest to this group is the RTPSEC BOF discussion around how to securely exchange keys for Secure RTP
  • Draft agenda for RTPSEC BOF about SRTP key exchange
• 42:31 – Feature discussion about VoIP security tools:
  • Heise – New version of live security distribution Backtrack which points to Backtrack which now includes a number of VoIP security tools
  • Voice of VOIPSA: BackTrack Version 2: Pen-test CD unleases VoIP security tools
  • new VOIPSA VoIP security tools list
  • VoIP researcher to release auditing tool at Mid East Hackers’ Conference – “The Grugq” will release “TacVTK” at HackInTheBox Dubai, April 2-4
• 49:28 – Brief commentary on Verizon/Vonage judgement and impact on VoIP with regard to patents
• 51:45 – Upcoming shows:
  • Mar 19-21, 2007, San Jose, CA, Spring 2007 VON
  • Mar 19-23, 2007, Prague, Czech Republic, 68th IETF Meeting
  • Mar 23-25, Washington, DC, ShmooCon ‘07 
  • Apr 16-20, Vancouver, BC, Canada CanSecWest 2006
• NOTE – Jonathan will be out at VON next week – drop him a note if you are going to be there
• 53:37 – comment (email) from Frank Leonhardt about conference in London April 18-20
• 54:17 – comment (email) from Miguel Garcia
• 55:15 – Review of the last week’s traffic on the VOIPSEC public mailing list 
• 56:32  – Wrap-up of the show 
  • Reminder that you can subscribe to the show via email as well as RSS 
• 57:16- End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis: Skype multiple login issue, OpenID, Cisco IP phone vulnerabilities, net neutrality, drive-by pharming, EU legislation and are smokers really a threat to VoIP security?

Welcome to Blue Box: The VoIP Security Podcast #53, a 48-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 22MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content: 

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long! D
• 01:36 – Programming notes
  • Dan will be in Cairo, Egypt, on the week of March 19th and would be delighted to meet with any listeners
  • Blogroll for listener blogs?
  • If you happen to use the Digg website, we noticed there is a podcast directory there and Blue Box could use some more Diggs
  • SRT episode on OpenID
  • Blue Box #51 set a new record – no Skype security issues!
  • Stay tuned for security sessions coming out of ETel
  • Martyn Davies did an interview about VoipSEAL anti-spam solution
• 04:05 – Cisco: Cisco Unified IP Conference Station and IP Phone Vulnerabilities – also 802.1X -tons of press coverage, including Cisco IP phone flaws show vulnerabilities of ‘Vo-Fi’
• 10:15 – Voice of VOIPSA:IPTComm Call for Papers
• 11:07 – Voice of VOIPSA: Combatting Voice Spam with VOIP Seal  (Martyn has also provided an interview which we will air as a Special Edition)
• 11:56 – Dan Wing of Cisco has introduced a new Internet Draft on Disclosing Secure RTP (SRTP) Session Keys with a SIP Event Package – critical thing we’ve been talking about
• 14:43 – An Internet-Draft is out on Requirements for Session Border Controllers
• 16:33 – Disruptive Telephony: I’ve been writing a good bit about OpenID and Dean Elwood has reponded with Why SIP doesn’t need OpenID
• 18:48 – Barton Hudson: A suggestion for solving the Skype multiple login issue
• 23:55 – eWeek: VoIP: What? Me, worry?
• 24:37 – Kevin Murphy summarizes a draft paper by researchers at Indiana
  University and Symantec in an article in Computer Business Review
  Online: Drive-By Pharming Attack Could Hit Home Networks
  –also see
• 25:44 – Net Neutrality is back in the news at the FCC, At the FTC and in wireless as it relates to Skype
• 30:43 – IT Reseller Online: Seven Tips For VoIP Security Success (requires login)
• 31:47 – Irwin Lazar is in a Cisco video: Cisco Techwise TV on securing unified communications (requires login)
• 32:34 – ComputerWorld: Smokers may be the weak IT security link  (the attacker tried to get on the VoIP network)
• 35:06 – Feature – EU privacy legislation –IHT article on privacy
• 40:02 – IT Business Edge – Consumer Mobile VoIP Services: The Next Security Challenge?
• 40:59 – Upcoming shows:
  • Mar 1-2, 2007, London, EUSecWest 
  • Mar 19-21, 2007, San Jose, CA, Spring 2007 VON
  • Mar 23-25, Washington, DC, ShmooCon ‘07 
  • Apr 16-20, Vancouver, BC, Canada CanSecWest 2006
• 41:47 – comment (email) from Andy Zmolek about BlueBox gathering at RSA… and note that we’d be glad to publicize dinners at conferences
• 42:39 – comment (email) from Martyn Davies about IPTComm
• 42:53 – comment (email) from Bill Stackpole
• 44:24 – comment (blog) from Tonio
• 47:07 – Review of the last week’s traffic on the VOIPSEC public mailing list 
• 47:4 – Wrap-up of the show 
  • Dan’s going to Cairo the week of March 19th – any listeners out there?
  • Reminder that you can subscribe to the show via email as well as RSS 
• 48:24- End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis: Skype spyware? Cisco SIP issue again, secure call recording, Phil Zimmermann on VON Magazine, US Congress and Caller ID, ringjacking, Skype security, VoIP security, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast #52, a 45-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions. 

NOTE: This show was originally recorded February 14, 2007. 

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content: 

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long! Discussion of bandwidth in Japan and Asia.
• 02:07 – Programming notes
  • Podcasts by phone is back up with new number – +12183398544
  • Dan will be in Cairo, Egypt, on the week of March 19th and would be delighted to meet with any listeners
  • Experiment with Yahoo Pipes to make a combined feed for all VOIPSA RSS feeds
  • Blogroll for listener blogs?
• 5:08 – Cisco Security Advisory: SIP Packets Reload IOS Devices with support for SIP – we talked about it last week but now it turns out any device with SIP support is vulnerable (not just those where it was disabled)
• 6:59 – Voice of VOIPSA:Skype 3.0 and BIOS
• 10:50 – Voice of VOIPSA: Mercury News: Will wiretapping kill P2P VoIP
• 13:42 – Voice of VOIPSA: Ringjacker
• 15:06 – Voice of VOIPSA: Truth in Caller ID Act of 2007
• 16:48 – SC Magazine: How to protect your business from VoIP threats
• 17:17 – Australian IT: VoIP threat as crims seek out soft targets
• 18:18 – thestar (Malaysia): Getting high quality VoIP for your company
• 18:42 – ComputerWorld: FaceTime, Skype team on enterprise policy enforcement – also Skype blog: Skype partners with Facetime to make Enterprise control even easier and WindowsITPro: Skype teams with Symantec and Facetime
• 21:35 – CBC: VoIP phones disrupting some security alarm systems
• 24:20 – VON Magazine Cover Story on Phil Zimmermann – good background if you are not up on Zfone
• 26:53 – Aswath: Extending OpenID Authentication Scheme for Communication Systems
• 28:31 – Press Releases:
• Sipera Adds Worldwide Sales and Service Provider Expertise to Management Team=
• VoIP Logic Announces the Integration of Iperia and Covergence IP Applications into Its ’’Best of Breed’’ Class 5 Platform (a service provider talking about security!)
• BorderWare Delivers New Class of SBCs – also at TMC.net
• Security for VoIP on Sun hardware
• 29:52 – Quick update on Best Practices project
• 30:29 – Upcoming shows:
  • Mar 1-2, 2007, London, EUSecWest 
  • Mar 19-21, 2007, San Jose, CA, Spring 2007 VON 
  • Mar 23-25, Washington, DC, ShmooCon ‘07 
  • Apr 16-20, Vancouver, BC, Canada CanSecWest 2006
• 31:36 – comment (email) from Martyn Davies about 3GSM conference
• 32:26 – comment (email) from Simon Wood
• 33:23 – comment (email) from Keith about feed
• 33:53 – comment (email) from Anthony Congdon about SRTP and recording
• 40:33 – comment (email) from Peter Thermos about vopsecurity.org
• 41:01 – comment (email) from Michael Miller
• 41:35 – comment (email) from Mark Noble about NEC SPIT
• 41:47 – thanks out to Craig Bowser and Rhodri Davies
• 42:19 – comment (email) from Dean Elwood about video with AT&T companies
• 44:11 – Review of the last week’s traffic on the VOIPSEC public mailing list 
• 44:33 – Wrap-up of the show 
  • Dan’s going to Cairo the week of March 19th – any listeners out there?
  • Reminder that you can subscribe to the show via email as well as RSS 
• 45:18 – End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis: Cisco SIP security vulnerabilities, VoIP security hype, SPIT, OpenID, other VoIP security news and more… 

Welcome to Blue Box: The VoIP Security Podcast #51, a 35-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions. 

NOTE: This show was originally recorded February 7, 2007. 

Download the show here (MP3, 16MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content: 

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long! Discussion of bandwidth in Japan and Asia.
• 03:13 – Programming notes
  • Podcasts by phone is back up with new number – +12183398544
• 3:53 – Cisco Security Advisory: SIP Packet Reloads IOS Devices Not Configured for SIP – note also that Cisco is now using CVSS as mentioned in their (Cisco) FAQ
• 06:33 – Multiple VOIP Phones Aredfox PA168 Chipset Session Hijacking Vulnerability
• 09:26 – InfoWorld NL: Hype versus reality in VoIP security
• 13:37 – ITWire: NEC’s VoIP spam detector turns Turing Test on its head and also Engadget: NEC invents 99 percent effective SPIT catcher and also ZDNet: VoIP spam tipped to rocket
• 16:49 – IIS Zone: What To Do When SPIT Hits The Fan (sponsored by Verisign)
• 18:59 – Network World: Expert: Phishing and other social attacks threaten VoIP (Dave Endler)
• 20:23 – CommsDesign: VoIP security: Scenarios, challenges, and counter measures—Part I
• 21:11 – CompTIA: Concerns Over IP Telephony Security Still Present in SMB Market, CompTIA Study Reveals – see also vnunet article and techtarget (sent in by Rhodri Davies)
• 23:49 – Aswath: Extending OpenID Authentication Scheme for Communication Systems
  • Comment from Shlomo Dubrowin about OpenID
• 29:09 – darkreading: FBI Faces Fresh Cyber Threats
• 29:36 – CRN: CRN Poll: No concerns around VoIP adoption (sample size?)
• 30:06 – Press Releases
  • Postini Annual Communications Intelligence Report Shows Security and Compliance Top Communications Professionals’ Concerns=
  • Sipera boots VoIP Security
  • Eyeball Intros AnyFirewall Engine (sent in by Craig Bowser)
  • SONUS NETWORKS OFFERS NETWORK OPERATORS ENHANCED SECURITY WITH LATEST RELEASE OF NETWORK BORDER SWITCH
  • Secure Computing Introduces Sidewinder 7.0, Industry’s First Reputation-based Firewall
  • Info Security Products Guide Awards Covergence the ’’Hot Companies’’ Recognition for 2007
• 31:18 – Hudson Barton has a new blog Borderless Communications with a VoIP Security Bulletins page
• 31:35 – Dr. Richard Zhao Liang has relocated his blog to http://sbin.cn/blog/ because of issues accessing WordPress.com from within China His Chinese blog is still at http://blog.zhaol.cn/
• 32:07 – Rodolfo Rosini’s company has changed its name to CellCrypt and raised $3.1M in financing
• 32:22 – Comments will be held until next week.
• 32:35 – Review of the last week’s traffic on the VOIPSEC public mailing list 
• 32:51 – Wrap-up of the show 
  • Dan’s going to Cairo the week of March 19th – any listeners out there?
  • Reminder that you can subscribe to the show via email as well as RSS 
• 35:54 – End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis: Grand Central’s anti-SPIT initiative, Cisco buys Ironport, Skype targets business, other VoIP security news, listener comments and more… 

Welcome to Blue Box: The VoIP Security Podcast #50, a 26-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions. 

NOTE: This show was originally recorded January 17, 2007. 

Download the show here (MP3, 12MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now: 

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long!  Special welcome to readers who found us through the new Hacking Exposed: VoIP book that was just recently released.
• 01:13 – Programming notes
• 02:34 – Skype Security Blog: Deploying Skype in a Windows domain – and my response on VOIPSA blog
• 06:13 – Voice of VOIPSA: Voice SPAM – The Fightback begins pointing to Grand Central anti-spam page (sent in my Hasan Diwan)
• 07:48 – VoipUser: How To Build A Voip Network: 7 rules for the VoIP entrepreneur in 2007 – note my comment on security
• 10:00 – VoIPNews: VoIP Scams, Phishing, And Denial Of Service Attacks
• 11:10 – Register: Security vendors talk up VoIP threats
• 11:55 – VNUNet: Convergence brings business challenges and companion Tips for securing VoIP
• TechRepublic: Make a SIP-based VoIP network more secure
• 14:42 – CRM Buyer: Cisco Buys IronPort for $830 Million – interesting for Gartner quote at end… and also for potential for VoIP security – see also earthweb
• 17:41 – VoIPNews: Will Vonage Work for Your Business?
• 19:25 – BT announces that consumer VoIP subscribers has hit the one million mark
• 20:38 – And from the alarm department – VoIP Alarm Introduced at CES
• 21:51 – ERF Launches First Secure Wireless VoIP System for Banking Industry
• 23:16 – Sipera IPCS 310 Awarded Internet Telephony Magazine’s 2006 Product of the Year=
• 23:26 – Q1 Labs Announces New Network Security Management Capabilities for VoIP Networks
• 24:10 – Upcoming shows:
• Feb 5-9, 2007, San Francisco, CA, RSA Conference 2007 
• Feb 27-Mar 1, 2007, San Francisco, Emerging Telephony 2007 
• Mar 1-2, 2007, London, EUSecWest 
• Mar 19-21, 2007, San Jose, CA, Spring 2007 VON 
• Mar 23-25, Washington, DC, ShmooCon ‘07 
• Apr 16-20, Vancouver, BC, Canada CanSecWest 2006
• 24:51 – Comments
• 25:85 – Review of the last week’s traffic on the VOIPSEC public mailing list 
• 25:31 – Wrap-up of the show 
  • Thank you to our listeners for staying with us through 50 shows
  • Reminder that you can subscribe to the show via email as well as RSS 
  • Mention of our Frappr map
• 26:39 – End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.