Synopsis: Blue Box #72: Asterisk security vulnerabilities, Skype and the German government, VoIP security news, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast #72, a 25-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 11MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

NOTE: This show was recorded on November 30, 2007.

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long! 
• – AST-2007-025 – Asterisk – SQL Injection issue in res_config_pgsql
• – AST-2007-026 – Asterisk SQL Injection issue in cdr_pgsql
• – TechWorld: Expert scares world with VoIP hacking proof pointing to SIPtap – Articles also in ComputerWorld
• – Wired: Skype encryption baffles German police – also in The Register and TechDirt
• – VoIP News: Why Nobody’s VoIP is Secure
• – PC World: ‘Swatters’ Trick AT&T’
• – Comment (email) from Shawn Merdinger
• – Comment (email) from Yann Cloatre
• – Comment (email) from Miguel Garcia
• – Comment (email) from Roel Villarius about Dutch spam filter
• – Review of the last week’s traffic on the VOIPSEC public mailing list 
• – Wrap-up of the show
• 25:27 – End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-7280 +1-415-830-5439 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis:Blue Box #70: 2-yr Anniversary show, VoIP security vulnerabilities, Vonage, Comcast, phishing, listener comments and much, much more…

Welcome to Blue Box: The VoIP Security Podcast #70, a 51-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

NOTE: This show was recorded on October 25, 2007.

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long! 
• Programming notes:
• Dan’s new employment with Voxeo
• Dan at VON next week – Dean Elwood is doing a VoIPUser dinner – perhaps a Blue Box dinner as well?
• We hope you enjoyed Blue Box SE 21 with Phil Zimmermann – many thanks to Martyn Davies for helping with that.
• Reporters for some of the spring shows?  (we can probably get you press credentials… if you are there)
• XSS attack and SQL injection via SIP against Asterisk
• The XSS attack against Linksys SPA-941 we discussed last week was picked up by Secure Computing which resulted in this SearchSecurity.com article: New Attack Methods Target Web 2.0, VoIP (last link sent to us by Rhodri Davies)
• Sipera released a range of vulnerabilities related to Vonage, Grandstream and more – note that the Vonage thread has been picked up by ZDNet’s Russell Shaw
• Wired: Phones Aren’t Safe Either, Hackers Say – also discussed in Network World and Russell Shaw We’ve toasted so many of these (VoIP) networks… and Dustin Trammell’s blog (in the list of sessions he attended)
• SANS: Vishing, Skype, and VoIP-Based Fraud (sent in by Craig Bowser)
• CXO Today: The Phishing Epidemic
• PCWorld.CA: The eight most dangerous consumer technologies (Skype and consumer VoIP are #6 on page 2 )
• TMC Net: VoIP Peering in Search of a Viable Interconnect Business Model (note the comments about security toward the bottom)
• Cisco TechWise podcasts Session Initiation Protocol and Security (it’s on the page… came out 10/18/07 )
• TechRepublic: Sanity check: Will Microsoft be your next phone company? (nice roundup of the MS announcements… some of the comments are also interesting)
• Comcast
• AP: Comcast blocks some Internet traffic
• Ed Brill notes the impact on Notes/Domino traffic
• cnet post
• TorrentFreak: Comcast Throttles BitTorrent Traffic, Seeding Impossible
• P2PNet: Comcast impedes hi-speed file sharing
• Carnegie Mellon’s CyLab and Nortel Combine Efforts to Research Leading Security Technologies
• SearchVoIP.au: Avaya white paper: VoIP Security for Dummies
• – Upcoming shows:

  • Oct 24-25, New York, USA, Interop
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON
• Comment (email) from Dan Wing about episode 69 and the potential DDoS attack
• Comment (email) from Raul Siles about episode 66
• Comment (email) from Raul Siles about SANS VoIP Security course
• Two-year-anniversary:
  • Comment (audio) from Martyn Davies
  • Comment (audio) from Dean Elwood
  • Comment (audio) from Mike Wallace
  • Comment (audio) from Raul Siles (with Matrix inclusion)
  • Comment (audio) from Carsten Helmuth (cut off)
  • Comment (email) from Scott Tanner
  • Comment (email) from Shlomo Dubrowin
• – Drawing for the book
• – Review of the last week’s traffic on the VOIPSEC public mailing list 
• – Wrap-up of the show
• 51:14 – End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-7280 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis: Interview with ZFone and ZRTP creator Phil Zimmermann by Brenno de Winter.

Welcome to Blue Box: The VoIP Security Podcast Special Edition #21, a 44-minute interview between Phil Zimmermann and Brenno de Winter in August 2007.

Download the show here (MP3, 20MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

Brenno de Winter produces a Dutch podcast about information technology news called “ICT Roddels” (http://ictroddels.nl/) and back in early August he sat down with ZFone and ZRTP creator Phil Zimmermann to discuss (in English) what ZFone and ZRTP are all about. Brenno released the interview on his show and then offered it to us to run as a Blue Box show. In the 40-minute interview, Brenno and Phil spend the first 20 or so minutes talking about ZFone, ZRTP and VoIP security and then spend the remainder of the show talking about security in general, Phil’s background and other topics.

While we have interviewed Phil in the past ourselves, it’s been about a year since we last spoke with him and so we thought this might be an interesting update for you to hear. We thank Brenno for making the interview available to us.

I also have to say a word of thanks to long-time contributor Martyn Davies who stepped in at the last moment to provide the intro/outro to this interview. I unfortunately lost my voice after a presentation yesterday (bad news for a podcaster!) and Jonathan is currently traveling – and our goal this year is to make sure we get shows out on Wednesdays.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-7280 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.

Thank you for listening and please do let us know what you think of the show.