Category Archives: VoIP Security

Telecom Junkies podcast on Pena/Moore VoIP fraud case

As we mentioned on recent shows, I (Dan) was a guest on a recent Telecom Junkies Podcast called “VoIP Fraud Sets Off New Alarms” where we discussed the Pena/Moore voip fraud case that we’ve been discussing on recent shows. Target audience was for “telecom managers” at large enterprises and is produced by the folks who create “The Telecom Manager’s Voice Report“.

The other guests on the show with me were Gary Meliefsky from NetClarity and consultant Ken Agress. Definitely a fun show to do and I appreciated the Voice Report folks having me on the show.

Blue Box #33 – VoIP Fraud case and CALEA revisited, VoIP security news, listener comments and more

Synopsis: VoIP fraud case and CALEA revisited, VoIP security news, listener comments and much, much more…

Welcome to Blue Box: The VoIP Security Podcast show #33, a 44-minute podcast from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This show covers the usual VoIP security news, but then through some excellent listener comments gets back into a continued discussion of the Pena/Moore VoIP fraud case and also CALEA.

Download the show here (MP3, 40MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Show Content:

00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners. Mention of our listener survey – PLEASE TAKE A MOMENT TO COMPLETE THE SURVEY! (Thank you!)
02:35 – Mention of upcoming Telecom Junkies podcast where this VoIP fraud case will be discussed.
02:56 – Mention of IETF meeting and the audio streaming and the actual IETF agenda (also, if you have no understanding of how the IETF works, you may want to read The Tao of IETF )
04:33 – Dan will be at Fall VON in Boston and Internet Telephony in San Diego – we’ll plan dinners there.
05:10 – Returning to using the LAME encoder.
04:51 – The Register: Say Hello to voice phishing (pointing to Websense security alert ) tip of the hat to Liquidmatrix security blog
07:18 -eChannelLine: VoIP hackers present opportunity for channel
08:22 – VOIPSA Blog: VoWLAN with Smartphones
09:57 – NetworkWorld: AT&T tests disaster response
10:41 – More Than Half Of Tech Companies Admit Breaches In Past Year, Not Sufficiently Funding Security, Says Deloitte Report
12:50 – BellSouth Chooses Tektronix for Real-Time VoIP Service Monitoring
13:29 – Upcoming shows:
- July 19-21, Tokyo, Japan, VON Japan
- August 2-3, Las Vegas, Black Hat 2006
- August 8-10, Santa Clara, CA, 3rd Annual VoIP Developer Conference
- (new) August 21-24, San Francisco, VoiceCon Fall 2006
- Sept 11-14, Boston, MA, Fall VON 2006
- (new) Sept 18-22, New York, Interop
- Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
- Oct 25-26, Rome, Italy, VON Italy
- Nov 6-9, Berlin, Germany, VON Europe Autumn
- Dec 4-6, Atlanta, GA, VON Enterprise
14:06 – Comment (audio) from Martyn Davies
18:53 – Comment (email) from Aswath Rao on CALEA
21:14 – Comment (VOIPSA blog) from Randell Jesup on FCC and CALEA
24:21 – Comment (email) from Craig Bowser about VoIP fraud
25:55 – Comment (web) from Robert Welbourn
29:15 – Comment (audio) from Andy Zmolek about VoIP fraud
34:52 – Comment (email) from Julien Goodwin on LAME encoder
35:23 – Comment (email) from Matt Gibson about domains
37:08 – Comment (email) from magazine editor – Can anyone point to documented SPIT attacks?
38:03 – Comment (email) from Mark Trifiro on ENUM and ISN
41:52 – Review of the last week’s traffic on the VOIPSEC public mailing list
42:30 – Wrap-up of the show
- Mention of our Frappr map
44:05 – End of show

Thank you for listening and please do let us know what you think of the show.

Blue Box #32: ENUM Tutorial, VoIP security news, listener comments and more

Synopsis: ENUM tutorial, VoIP security news, listener comments and much, much more…

Welcome to Blue Box: The VoIP Security Podcast show #32, a 49-minute podcast from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This show includes a 14-minute tutorial on ENUM – what it is and what implications it has for security – as well as the usual coverage of VoIP security news and comments from listeners

Download the show here (MP3, 45MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners. Mention of our listener survey – PLEASE TAKE A MOMENT TO COMPLETE THE SURVEY! (Thank you!)
02:38 – Discussion of why the first release of show #31 sounded like a really bad rap mashup
06:23 – I will be a guest on the upcoming Telecom Junkies podcast where the recent Pena/Moore VoIP fraud case will be discussed.
07:50 – Dan will be at the IETF 66th Meeting in Montreal, June 9-14 – Please drop us a note if you are going to be there.
08:11 – Dan will be attending Fall VON 2006 in Boston in September and will also be speaking out at the Internet Telephony conference in San Diego in October… so we’ll definitely have to do something there.
08:29 – Anyone have any opinions about WordOfBlog.net – they have contacted us about putting a graphic in there and I’m still not sure what all it is.
09:18 – IPCommunications.com(TMC.Net): Verizon Blocks Threats Linked to IP-Based Phone Systems (see also news release: Verizon launches ‘VoIP Security Assessment Service’
10:53 – VOIPSA Blog: A Tour Through Zfone by Eric Chen of NTT
12:01 – Computer Weekly: Skype to tighten up VoIP security – also CNet: Skype to address user identification concerns and VOIPSA blog
13:42 – VOIPSA Blog: Skype security pointing to RECON presentations part one and part two
14:51 – eWeek: Unpatched iTunes, Skype, Firefox Inviting Malware Targets
15:42 – VOIPSA blog: Black Hats and Evil Twins by Martyn Davies on WiFi
16:23 – ITBusiness.ca: VoIP systems bring in new vulnerabilities
16:40 – Dave Endler and Mark Collier launch a website and a weblog about their upcoming book “Hacking VoIP Exposed”. They will also be out at Black Hat in August.
18:09 – CNet: FCC approves new Internet phone taxes
20:02 – Mitel: Two out of three UK business unprepared for disasters
21:33 – XConnect Announces Availability of Local Directory Server™; Telio and VozTelecom First Alliance Members to Deploy
22:00 – Feature discussion/tutorial about ENUM:
- Wikipedia entry on ENUM
- IETF ENUM WG charter
- RFC 3761: The E.164 to Uniform Resource Identifiers (URI) Dynamic Delegation Discovery System (DDDS) Application
- IETF ENUM Working Group Internet drafts
- ITU page on ENUM
- Richard Stastny’s VoIP and ENUM blog
- Voiponder: ENUM: Mapping the E.164 Number Space into the DNS
- Eurescom mess@ge: ENUM – The bridge between telephony and the Internet
- Internet Telephony: ENUM—It’s All In The Numbers
- Powerpoint presentations: Overview of ENUM and Richard Stastny’s overview of current status
- ENUM Forum
- Voice Peering Forum
- CC1 ENUM LLC
- Austrian ENUM Trial Site (all in German)
- e164.org
- e164.info (private peering network)
- Expired Internet draft on Privacy and Security Considerations in ENUM
- ENUM / E.164 Validation Architecture
- Electronic Privacy Information Center (EPIC) page on ENUM
- Roger Clarke: ENUM – A Case Study in Social Irresponsibility
- 2nd Annual ENUM Sumit 2006 on April 19-20, 2006, in Boston
- ENUM and VoIP Peering Forum on June 19-20 in London
- CircleID website
- Nominum: Paul Mockapetris on Harmonizing the World of IP Communications with ENUM Technologies (co-inventor of DNS)
36:00 – Upcoming Shows:
- July 9-14, Montreal, Canada, IETF 66th Meeting
- July 19-21, Tokyo, Japan, VON Japan
- August 2-3, Las Vegas, Black Hat 2006
- August 8-10, Santa Clara, CA, 3rd Annual VoIP Developer Conference
- Sept 11-14, Boston, MA, Fall VON 2006
- Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
37:09 – Email comment from Simon Wood
39:18 – Audio and email comment from Miguel Castillo Holgado
42:27 – Email comment from Reid Palmeira
43:18 – Audio comment from Andy Zmolek and mention of audio comment from Perry Engle
44:11 – Email comment from Miguel Castillo Holgado asking about Juniper’s white papers
46:15 – Review of the last week’s traffic on the VOIPSEC public mailing list, mostly focused on softphone vulnerabilities and a continued heavy discussion of Skype security
47:22 – Wrap-up of the show
- Mention of our Frappr map
48:45 – End of show

Thank you for listening and please do let us know what you think of the show.

Blue Box #31: VoIP Fraud case, CALEA tutorial/commentary, VoIP security news, comments and more

Synopsis: VoIP fraud case, CALEA tutorial/commentary, VoIP security news, listener comments and much, much more…

Welcome to Blue Box: The VoIP Security Podcast show #31, a 53-minute podcast from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This show includes a 10-minute segment on the recent Pena/Moore VoIP fraud case and about a 15-minute discussion of the recent FCC decision about CALEA and what that means. There is of course the usual coverage of VoIP security news and comments from listeners

Download the show here (MP3, 61MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

NOTE: I would welcome any comments about the audio quality of this MP3 file as compared to our other shows would be appreciated – I am trying out a new audio encoder. Thanks.

Show Content:

00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners. Mention of our listener survey – PLEASE TAKE A MOMENT TO COMPLETE THE SURVEY! (Thank you!) It looks like Dan will most likely be at the IETF 66th Meeting in Montreal, June 9-14 – Please drop us a note if you are going to be there. Check out VOIPSA’s blog if you have not already done so.
10:28 – Feature discussion of recent VoIP fraud scam that was all over the news:
- DOJ News Release
- DOJ complaint against Pena
- DOJ complaint against Moore
- Business Week: Is Your VoIP Phone Vulnerable? (and my VOIPSA blog response as well as Slashdot: VoIP Security Vulnerabilities)
- New Telephony: VoIP Network Security: How a Hacker Took Advantage of Vulnerabilities
- Networking Pipeline: VoIP’s Real Security Threat
- TMC.net: VoIP Security Hack Highlights the Need for Proactive Solutioins (by Bogdan Materna)
- FOX News / Eweek: Alleged VoIP Scam Highlights Looming Security Threat
20:26 – Feature discussion on CALEA and the recent FCC decision:
- VOIPSA blog
- Computer World: Court upholds VoIP wiretapping
- Jeff Pulver blog: The Week I Wish that Wasn’t—Down and Out in Washington, DC
- InfoWorld: Internet pioneers: VOIP wiretapping complicated
  (and VOIPSA blog )
- IT Assoc of America: CALEA and VoIP: Study Finds Wiretaps in Cyberspace Problematic
36:43 – Core Technologies Uncovers Vulnerabilities
37:41 – VOIPSA Blog: Not Just SPIT but SPOG and SPOM by Martyn Davies
38:19 – Burton Group analyst Irwin Lazar’s report Debunking the Hype About Skype now available with free login
38:53 – Burton Group session on VoIP
39:14 – VON Magazine online: Black Hat tracks VoIP
40:53 – Webtown – Jan in Malaysia: Ipoque PRX Traffic Manager now able to detect, control and block Skype Version 2.5. (trackback to http://www.typepad.com/t/trackback/5124548 )
41:23 – Steve Gibson’s Security Now covered NAT in #42 and Open Ports in #43.
42:02 – Upcoming Shows:
- July 9-14, Montreal, Canada, IETF 66th Meeting
- July 19-21, Tokyo, Japan, VON Japan
- August 2-3, Las Vegas, Black Hat 2006
- August 8-10, Santa Clara, CA, 3rd Annual VoIP Developer Conference
- Sept 11-14, Boston, MA, Fall VON 2006
- Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
42:47 – Email comment from Mark Trifiro about having links launch in new windows
44:44 – Audio comment from Adrian Braun
45:27 – Email comment from Miguel Garcia – will be at IETF
45:51 – Email comment from “verizon user” pointing to ITAA report being on RISKS list
46:24 – Email comment from David Belle-Isle (threat vs vulnerability)
47:40 – Email comment from Chris Serafin about giving a customer case study
49:28 – Review of the last week’s traffic on the VOIPSEC public mailing list, mostly focused on softphone vulnerabilities and a continued heavy discussion of Skype security
51:26 – Shoutout to Sasha, the host of the Skype podcast
51:50 – Wrap-up of the show
- Mention of our Frappr map
53:15 – End of show

Thank you for listening and please do let us know what you think of the show.

Blue Box #30: Voip security in mainstream media, Martyn Davies report on Third Annual VoIP Security Workshop in Berlin, much more…

Synopsis: VoIP security in the mainstream news, Martyn Davies’ report on the 3rd Annual VoIP Security Workshop in Berlin, listener comments and much, much more…

Welcome to Blue Box: The VoIP Security Podcast show #30, a 57-minute podcast from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This show includes a 24-minute report from Martyn Davies on the 3rd Annual VoIP Security Workshop in Berlin. Martyn’s report also includes interviews with workshop participants.

Download the show here (MP3, 65MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

NOTE: I would welcome any comments about the audio quality of this MP3 file as compared to our other shows would be appreciated – I am trying out a new audio encoder. Thanks.

Show Content:

00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners. Mention of our listener survey – PLEASE TAKE A MOMENT TO COMPLETE THE SURVEY! (Thank you!) It looks like Dan will most likely be at the IETF 66th Meeting in Montreal, June 9-14 – Please drop us a note if you are going to be there. Check out VOIPSA’s blog if you have not already done so.
01:43 – Asterisk vulnerability with IAX2
02:50 – Discussion of recent VoIP fraud scam that was all over the news:
- NY Times: Hacker said to resell Internet Phone Service (sent in by Mark Trifiro )
- DOJ News Release
- DOJ complaint against Pena
- DOJ complaint against Moore
- CNET: Hacker cracked Net phone networks for gain, feds say (sent in by Craig Bowser)
- VOIPSA Blog posting
- ABC News: Miami Man Arrested for Theft of VoIP Calls
- TMC.net: Hacking Scheme, Arrests Highlight Embryonic State of VoIP Security
- Information Week: VoIP Security Alert: Hackers Start Attacking For Cash
10:07 – Red Herring: VoIP Security Attracts Funding (also TMC.net: SIP Expert Covergence Secures $15 Million in Series C Funding )
11:00 – NetworkWorld: Cisco, Juniper, Nortel airing telecom gear at Globalcomm and Red Orbit: Prepare for the coming VoIP Revolution
11:39 – New Zealand Reseller Online: Border patrol on worldwide scale
12:02 – ComputerWorld Malaysia: Wireless and VoIP security
12:15 –NIST releases two publications:
- Information Security Guide for Managers
- Guide to 802.11i
12:59 – CE-Infosys today
announced the release of secure VoIP solution [ClosedTalk]® which
include enhanced features and maintain the highest standard of security
for free Internet-based phone calls.
13:38 – Ranch Networks Announces Availability of its Asterisk Security Code in Digium’s New Version of the Asterisk Business Edition
13:57 – Info Security Products Guide Names Covergence’s Eclipse Winner of the 2006 Global Excellence in VoIP Award; Eclipse Gains the Highest Trust of Customers Worldwide as Chosen by Info Security’s Readers
14:28 – June 21, CheckPoint: Cut Costs and Increase Flexibility With A Secure VoIP Solution (from Craig Bowser)
15:12 – Burton Group analyst Irwin Lazar’s report Debunking the Hype About Skype now available with free login
15:41 – Upcoming Shows:
- June 20-21, Tel Aviv, Israel, VON Israel
- July 9-14, Montreal, Canada, IETF 66th Meeting
- July 19-21, Tokyo, Japan, VON Japan
- August 2-3, Las Vegas, Black Hat 2006
- August 8-10, Santa Clara, CA, 3rd Annual VoIP Developer Conference
- Sept 11-14, Boston, MA, Fall VON 2006
- Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
16:34 – Feature report from Martyn Davies on the 3rd Annual VoIP Security Workshop in Berlin. Note that the presentations now online (or as one file ).
41:58 – Comment from Hank Cohen
42:48 – Audio comment from Patrick
43:50 – Comment from Sergio Meinardi
45:04 – Comment from Trent Williams
45:51 – Comment from Perry Engle
50:39 – Review of the last week’s traffic on the VOIPSEC public mailing list, mostly focused on softphone vulnerabilities and a spirited discussion of Skype security!
53:16 – VOIPSA blog
54:00 – www.vloggercon.com and the upcoming Podcast Academy
55:14 – Podcast and Portable Media Expo, Sept 29-30, Ontario, California
55:27 – Wrap-up of the show
- Mention of our Frappr map
56:56 – End of show

Thank you for listening and please do let us know what you think of the show.

Blue Box Podcast #29: VoIP security news, Skype security, VOIPSA blog, comments and more

Synopsis: VoIP security news for the week, Skype security issues, VOIPSA weblog, our listener survey, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast show #29, a 32-minute podcast from Dan York and Jonathan Zar with news and commentary about the world of VoIP security.

Download the show here (MP3, 37MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

NOTE: I would welcome any comments about the audio quality of this MP3 file as compared to our other shows would be appreciated – I am trying out a new audio encoder. Thanks.

Show Content:

00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners. Mention of our listener survey – PLEASE TAKE A MOMENT TO COMPLETE THE SURVEY! (Thank you!)
01:39 – We have turned off moderation on the weblog comments because TypePad has introduced a form of CAPTCHA to combat automated spam
02:22 – List of podcast topics – please give it a look and do send us your comments (or call them in!)
02:40 – It looks like Dan will most likely be at the IETF 66th Meeting in Montreal, June 9-14 – Drop us a note if you are going to be there.
03:26 – Check out VOIPSA’s blog if you have not already done so
04:28 – Alcatel NON-vulnerability – post to pen-test and 2002 posting
07:00 – Network World: Better security: New VoIP system adds authentication, improved tracking
07:42 – Security Pro News: VoIP Security Guide which also pointed to voiplowdown.com
08:29 -Communications Technology: The Internet’s a Scary Place for Voice
08:50 – DQ Channels: ZyXEL unveils ZyWALL 1050 Internet security appliance
09:05 –RADVISION Whitepaper on IMS, SIP and security
09:26 –Saverio Niccolini whitepaper on SIP and DoS
09:54 – Webtorials.com: AT&T Voice Over IP Security- What are the Risks and Solutions?
10:34 – TMC.Net: Bulletproof VoIP Security for SIP Softphone Users
11:09 – Network World: Aussie firm finds Skype flaw (also sent to us by Craig Bowser)
12:50 – Silicon.com: Skype – is your version secure?, Ken Camp: Gartner: Firms must act now to fight Skype security threat and InformationWeek: Enterprises should ditch Skype: Gartner
and VoIP News: Gartner Slams Skype – Again
14:44 – Jan in Malaysia: New tool for controlling Skype
15:21 – Skypecasting – and the Skypecast Dan participated in: "For Immediate Release #142: Skypecast edition"
18:43 – Upcoming Shows:
- June 20-21, Tel Aviv, Israel, VON Israel
- July 9-14, Montreal, Canada, IETF 66th Meeting
- July 19-21, Tokyo, Japan, VON Japan
- August 2-3, Las Vegas, Black Hat 2006
- August 8-10, Santa Clara, CA, 3rd Annual VoIP Developer Conference
- Sept 11-14, Boston, MA, Fall VON 2006
- Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
20:15 – Comment (email) from Dave Roper
22:06 – Comment (email) from Craig Bowser
23:06 – Comment (audio) from Reginal Cross
26:04 – Comment (email) from David Belle-Isle on threat vs vulnerability (See here and here )
28:32 – Review of the last week’s traffic on the VOIPSEC public mailing list, including continued discussion of John Todd’s actual attack, H.235 and Asterisk security
29:29 – Wrap-up of the show
- Mention of our Frappr map
- "For Immediate Release Show #140" that Dan guest co-hosted
32:08 – End of show

Thank you for listening and please do let us know what you think of the show.

Blue Box Podcast #28: David Endler Interview, VoIP security news, comments and more

Synopsis: Interview with VOIPSA Chair David Endler, VoIP security news for the week, our listener survey, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast show #28, a 62-minute podcast from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This show includes a 14-minute interview with David Endler, Chair of the VoIP Security Alliance (VOIPSA).

Download the show here (MP3, 56MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

In this show we also mentioned the final week of our promotion – anyone submitting audio comments (either by email or calling the comment line) before the next show will be eligible for a drawing for a free copy of "Practical VoIP Security" from Syngress Press. Many thanks to Bruce Stewart and the folks at O’Reilly & Associates (who distribute Syngress books) for providing this book.
Five people have so far submitted audio comments, so your odds of winning are very good if you submit a comment before the end of the month!

Show Content:

00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners. Mention of our listener survey – PLEASE TAKE A MOMENT TO COMPLETE THE SURVEY! (Thank you!)
01:46 – List of podcast topics – give it a look and do send us your comments (or call them in!)
02:57 – New book from Alan Johnston and David Piscitello, Understanding Voice over IP Security
04:17 – Skype security vulnerability and discussion in Skype Security Blog
05:48 – Security Watch: Skype 2.5 changes call setup to evade blocking points to VoIP News Australia article
08:01 – Ken Camp – Two more stories describe Skype as a ‘problem’
– points to two articles and also asks if anyone in the corporate world
likes Skype?
13:34 – NY Times: VoIP Encryption May Draw U.S. Scrutiny about Phil Zimmermann’s release of the Windows beta of Zfone – also check out Phil’s Zfone FAQ
17:27 – VOIPSA Blog: What is the Fuzz about?
19:48 – Slate: How do you jam a phone?
21:50 – Launch of .tel domain (and Marc Robins blog and .mobi and ipwalk blog post)
25:50 – VOIPSA Blog: Reliable VoIP
29:30 – Covergence Teams with CounterPath Solutions to Deliver Bullet-Proof VoIP Security for SIP Softphone; Companies Can Now Offer Customers Complete VoIP Security
30:29 – Mitsubishi
Corporation Partners With CloudShield Technologies to Deliver VoIP and
Content Service Control Solutions for Japanese Carriers
31:32 – Ingate Secures VoIP Traffic with SRTP in New Software Version 4.4
32:00 – Feature interview with David Endler, Chair of the VoIP Security Alliance (VOIPSA)

background on creation of VOIPSA
major accomplishments
what’s next for VOIPSA
new projects
how people can help
Dave’s own background

46:34 – Comment from Emmanuel Goitia (discussion included http://www.techtionary.com and http://www.information.aero)
51:09 – Comment from Adrian Braun on JITC conference
52:00 – Comment from Sergio Meinardi on podcast topics (and Prius)
52:58 – Audio comment from Al about avoiding the NSA
55:25 – Comment from Dave Roper suggesting a show topic and inquiring about jobs (here is his email address if interested in learning more)
56:44 – Review of the last week’s traffic on the VOIPSEC public mailing list, including John Todd’s actual attack and discussion of Phil Zimmermann’s Zfone
57:52 – Brief discussion of ISN (a.k.a. www.freenum.org )
59:15 – Wrap-up of the show
61:42 – End of show

Thank you for listening and please do let us know what you think of the show.

Blue Box Podcast #27: Eavesdropping tutorial, VoIP security news, comments and more

Synopsis: Eavesdropping tutorial, VoIP security news for the week, our listener survey, US DoD conference report, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast show #26, a 51-minute podcast from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This show includes a 19-minute tutorial on eavesdropping issues, discussion of our our listener survey and a brief report about Dan’s visit to the US Dept of Defense Telecommunications Services Interoperability Conference last week in Arizona.

Download the show here (MP3, 43MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

In this show we also mentioned our new promotion – anyone submitting audio comments (either by email or calling the comment line) before the end of May will be eligible for a drawing for a free copy of "Practical VoIP Security" from Syngress Press. Many thanks to Bruce Stewart and the folks at O’Reilly & Associates (who distribute Syngress books) for providing this book.
Three people have so far submitted audio comments, so your odds of winning are very good if you submit a comment before the end of the month!

Show Content:

00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners. Mention of our listener survey – PLEASE TAKE A MOMENT TO COMPLETE THE SURVEY! (Thank you!)
03:53 – Skype gives away NA PSTN calls (also Skype blog and Skype Journal view )
06:02 – VoIP News Australia: Another way to ban Skype
07:07 – SearchSecurity.com: Skype: Its dangers and how to protect against them
07:28 – Network World: How to protect your VoIP Network (tip of the hat to Ken Camp )
08:07 – IT Observer: Tackling the VoIP Security Threat
08:33 – IT Observer: VoIP Security: Q&A with Matthew Rosen, CEO Fusion
09:06 – CIO: VoIP Security: It’s all about the implementation
09:45 – Avaya “VoIP Security for Dummies” short book – available from Avaya Developer Connection or Webtorials.com
10:33 – Thanks to Ken Camp for raving about the show
10:49 – DSL Forum announces release of TR-122 (see also Last Mile News and LightReading )
11:27 – Discussion of some of the data so far from our listener survey (please do take a few minutes to complete it if you have not already done so – thanks!)
16:12 – Feature tutorial section on eavesdropping
- what are the issues?
- what is involved?
- how is it different from the TDM world?
- how do you protect against it?
34:57 – Comment (email) from Bobby Fentress
36:35 – Comment (blog) from Choonghun Lee
37:37 – Comment (audio) from Bobby Fentress
39:45 – Brief report from Dan on his attendance at the US Dept of Defense Telecommunications Services Interoperability Conference hosted by the Joint Interoperability Test Command at Fort Huachuca in Arizona, USA. Mention of the IASE and their Security Technical Implementation Guides (STIGs) which includes one on VoIP, as well as their Security Checklists.
47:10 – Review of the last week’s traffic on the VOIPSEC public mailing list.
48:31 – Wrap-up of the show – should we do something with video? What about a "Skypecast"?
51:42 – End of show

Thank you for listening and please do let us know what you think of the show.

Topics for future podcasts? (VOIPSA survey provides some ideas)

Recently VOIPSA surveyed the members of its Technical Advisory Board and one of the questions asked was what topics TAB members would like to hear about in a future podcast. The list of responses is below. Are there any that you would specifically be interested in? If so, please do leave a comment to this blog entry or send us an email. Thanks.

IMS/3GPP
security model
IMS convergence, UMA phones
How to 0wn a VOIP call manager, and how to defend against such
0wnage.
VoIP IDS
Softphone vunerabilities
Wireless voip security
A roadmap of issues, i.e. how & when the VoIPsa believes
the issues will happen
Best Practices and testing
Service provider/carrier opinions, implementation discussions, etc…
VoIP over MPLS networks
VoIP threats and countermeasures
I like the sessions that take a specific VoIP Security topic
and try to educate the listeners on that topic.
Real World VoIP Threats
VoIP Security Best Practices
PacketCable Security
More related to peer to peer voice, and its growth, and what
impediments need to be addressed.
Privacy and security

(Note that this was a completely separate survey from the ongoing Blue Box listener survey. Folks have been suggesting ideas there, too, and we’ll discuss that in an upcoming show.)

Blue Box Podcast #26: VoIP security news, comments and opinions

Synopsis: VoIP security news for the week, our listener survey, many listener comments and more

Welcome to Blue Box: The VoIP Security Podcast show #26, a 41-minute podcast from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This show also introduces our listener survey.

Download the show here (MP3, 38MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

In this show we also mentioned our new promotion – anyone submitting audio comments (either by email or calling the comment line) during April or May will be eligible for a drawing for a free copy of "Practical VoIP Security" from Syngress Press. Many thanks to Bruce Stewart and the folks at O’Reilly & Associates (who distribute Syngress books) for providing this book.

Show Content:

00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners. Mention of our listener survey – PLEASE TAKE A MOMENT TO COMPLETE THE SURVEY! (Thank you!)
Show notes will be posted tomorrow.
41:25 – End of show

Thank you for listening and please do let us know what you think of the show.

Blue Box: The Voice-over-IP Security Podcast

A podcast offering news, views and commentary on security issues for Voice Over IP(VoIP), Unified Communications (UC) and IP Telephony

Category Archives: VoIP Security

Telecom Junkies podcast on Pena/Moore VoIP fraud case

Blue Box #33 – VoIP Fraud case and CALEA revisited, VoIP security news, listener comments and more

Blue Box #32: ENUM Tutorial, VoIP security news, listener comments and more

Blue Box #31: VoIP Fraud case, CALEA tutorial/commentary, VoIP security news, comments and more

Blue Box #30: Voip security in mainstream media, Martyn Davies report on Third Annual VoIP Security Workshop in Berlin, much more…

Blue Box Podcast #29: VoIP security news, Skype security, VOIPSA blog, comments and more

Blue Box Podcast #28: David Endler Interview, VoIP security news, comments and more

Blue Box Podcast #27: Eavesdropping tutorial, VoIP security news, comments and more

Topics for future podcasts? (VOIPSA survey provides some ideas)

Blue Box Podcast #26: VoIP security news, comments and opinions