Synopsis: Deflating VoIP security hype, SANS and the need for better VoIP security training, India moves to block Skype and other VoIP,  Skype security, tutorials, listener comments and more…

Welcome to Blue Box: The VoIP Security Podcast #47, a 69-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 32MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long!  Special welcome to readers who found us through the new Hacking Exposed: VoIP book that was just recently released.
• 02:20 – Programming notes:
  • sending in ident audio files
  • SanDisk Cruzer disks (with U3 software)
  • Blue Box dinner – photo by Martyn Davies
  • Security Podcast Network
  • SE #14- Interview with Ken Camp
• 09:19 – VoIP News: Voip Security ‘Best Practices’ Project Launches
• 09:41 – Voice of VOIPSA: The Register – Open Season for hackers
• 11:08 – SearchSecurity.com: Better VoIP training needed, SANS director says – see also Eric Chamberlin at Voxilla: VoIP Security: Stop Everything – also launched a VoIP security forum
• 18:30 – Economic Times (India): Illegal Web calls by BPOs face axe – see also 21Talks: India outlaws Skype, Yahoo and others
• 22:13 – British Computer Society: Skype – How safe is it? (sent in by both Martyn Davies and Rhodri Davies)
• 24:01 – Electronic Engineering Times: IP phone providers must focus on security, says report pointing to In-Stat report – VoIP Security: Preparing for the Evolving Threat – it can be yours for only $2,995  – see also In-Stat press release: Business VoIP Users Must Focus on Security
• 27:28 – b5media: Interview with PGP founder Phil Zimmermann: Zfone, secure VoIP media encryption software
• 29:41 – eWeek: Outlook 2007:VoIP
• 31:22 – The Age (Australia): Hackers ‘to target VoIP users’
• 32:39 – Greatreporter.com: VoIP wiretapping widespread, warns Scanit
• 34:16 – TMC.net: SPIT: Bringing Spam to Your Voicemail Box (by Bogdan Materna)
• 37:18 – Image and Data Manager (Australia): IM and VoIP Still Not On Security Radar
• 38:17 – InfoWorld ZeroDaySecurity Blog: Is social engineering always used to commit fraud?
• 45:16 – ZDNet UK: Weigh the pros and cons of VoIP over wireless
• 45:42 – Voice of VOIPSA: Security through Obscurity by Martyn Davies about the conf he attended
• 46:09 – Voice of VOIPSA: Cell phones, GPS location and Amber Alerts by Shawn Merdinger
• 47:28 – Voice of VOIPSA: IronGeek Hacking Tutorial Videos by Shawn Merdinger
• 48:32 – Enterprise VoIPPlanet: The VoIP Peering Puzzle: The IETF SPEERMINT Architecture
• Dialogic Expands IP Media Gateway Product Line (Martyn Davies works there… note the VoIP security mention later in the release)
• 51:24 – comment (audio) from “the man from California” about Click-to-Call
• 54:01 – comment (email) from Shawn Merdinger about Click-to-Call
• 56:20 – comment (email) from Raul Siles (just about BP project)
• 57:06 – comment (email) from Yiannis Miliaresis  about podcast in Greece and iptelephony.gr
• 58:27 – comment (email) from Julien Goodwin about CBR article
• 58:57 – comment (email) from Alan Garwood about mini-poll on Infosecurity Europe web page
• 60:16 – comment (email) from Shlomo Dubrowin about BP project
• 61:19 – comment (blog) from Mark Collier
• 62:29 – comment (email) from Frank Leonhart about BBP dinner
• 63:29 – comment (email) from Mike Bailey asking a question about Skype installation
• 64:20 – comment (email) from Dion Rowney about recorder
• 67:30 – Review of the last week’s traffic on the VOIPSEC public mailing list
• 68:23 – Wrap-up of the show
  • Reminder that you can subscribe to the show via email as well as RSS
  • Mention of our Frappr map
• 69:49 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

P.S. We didn’t mention the "upcoming shows", but here is the list we have been maintaining:

• Jan 23-26, 2007, Ft. Lauderdale, FL, Internet Telephony Conference and Expo – East
• Feb 5-9, 2007, San Francisco, CA, RSA Conference 2007
• Feb 27-Mar 1, 2007, San Francisco, Emerging Telephony 2007
• Mar 1-2, 2007, London, EUSecWest
• Mar 19-21, 2007, San Jose, CA, Spring 2007 VON
• Mar 23-25, Washington, DC, ShmooCon ‘07
• Apr 16-20, Vancouver, BC, Canada CanSecWest 2006

Synopsis: Google click-to-call, Bluetooth, Skype secuity, VOIPSA Best Practices project, VoIP security news, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast #46, a 49-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 23MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long!
• 02:09 – Programming notes and discussion of Blue Box Dinner in London on Dec 7th.
• 03:45 – Voice of VOIPSA: Click to Harrass (Dustin Trammell about Google Click-to-call and then my response)
• 12:25 – Voice of VOIPSA: Mobile phone insecurities and snakes on a plane (Shawn Merdinger)
• 14:09 – Voice of VOIPSA: Security meets flexibility  (Martyn Davies)
• 14:32 – Network World: Secure caller ID for VoIP (by Jonathan Rosenberg of IETF fame)
• 15:34 – SearchSMB.com: Secure VoIP in simple steps (From Rodri Davies)  Note that article author has security blog.
• 16:40 – ITwire Australia: Skype bugging your network? Here’s how to squash it
• 17:31 – Ken Camp: Skype on the Thumbdrive? Not When it Violates Company Policy
• 21:39 – Jan in Malaysia: How to log your local Skype  (Jan continues his Skype security explorations)
• 22:28 – Dangerously Irrelevant: Advising, webcams and Skype (about a UMinn prof who runs into uni policy about using Skype)
• 24:30 – SouthBendTribune.com: New bait for ‘phishing’ scams
• 25:21 – ComputerWorld New Zealand: Bank of America rolls out VoIP – with some pain
• 27:14 – ZDNet India: Juniper and NEC announce joined network solutions
• 28:15 -The Register: Computer Misuse Act could ban security tools
• 28:43 –VONaLink ScreenPop – New VoIP Caller ID Software Released
• 29:18 –Irdeto IPTV security solution successfully completes rigorous audit by respected security experts
• 30:21 – Telecoms Korea: VoIP susceptiple to Spam (subscription required)
• 31:08 – Upcoming shows:
  • Dec 4-6, Atlanta, GA, VON Enterprise
  • Dec 5, London, UK, Secure Mobile Computing
  • Jan 23-26, 2007, Ft. Lauderdale, FL, Internet Telephony Conference and Expo – East
  • Feb 5-9, 2007, San Francisco, CA, RSA Conference 2007
  • Feb 27-Mar 1, 2007, San Francisco, Emerging Telephony 2007
  • Mar 1-2, 2007, London, EUSecWest
  • Mar 19-21, 2007, San Jose, CA, Spring 2007 VON
  • Mar 23-25, Washington, DC, ShmooCon ‘07
  • Apr 16-20, Vancouver, BC, Canada CanSecWest 2006
• 32:25 – Feature segment – impending launch of VOIPSA Best Practices project page
  • More on the impending launch
• 37:14 – comment (audio) from Jamie Brody (?) from Truphone
• 39:53 – comment (email) from Richard who writes hi2005.wordpress.com and has excellent acronym lists: Resources, Security Acronyms and Telecom Acronyms
• 40:52 – comment (email) from Ross Chason about two-factor identification in phones
• 42:10 – comment (email) from Simon Wood ho points to list of spoken phrases for speech quality at the Open Speech Repository
• 43:46 – comment (email) from Paul Asadoorian about pen-test email list discussion
• 45:04 – comment (email) from Rhodri Davies
• 46:08 – comment (email) about how to protect a network
• 47:30 – Review of the last week’s traffic on the VOIPSEC public mailing list
• 48:09 – Wrap-up of the show
  • Reminder that you can subscribe to the show via email as well as RSS
  • Mention of our Frappr map
• 49:14 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis: VoIP in SANS Top 20, launch of VOIPSA Best Practices project, VoIP security news, Skype security, IETF, security policies, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast #45, a 49-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 23MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

 Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long!.
• 01:32 – Dan discusses Martyn Davies recent visit to Vermont and the great photo Martyn took of Dan podcasting, upcoming shows and more
• 04:50 – Voice of VOIPSA: VoIP included for first time in SANS Top 20 pointing to SANS Top 20 – thanks to UK listener Rhodri Davies
• 09:06 – IETF 67 was going on last week… no major news yet – but pointer to RTPSEC mailing list, mention of Phil Zimmermann’s presentation (involving ZRTP and patents) and this Tutorial on ICE by Jonathan Rosenberg
• 11:02 – Voice of VOIPSA: Skype releases new Network Administrators Guide pointing to new Network Administrator’s Guide  – note the final 9 pages that deal with enterprise use of VoIP – see also CRN: Skype sets eyes on enterprise customers
• 13:54 – Jan Geiernat in Watching, Testing & Digesting:Skype Software & Hardware Gadgets has been writing more about Skype security lately, including this this this and this
• 14:35 – SearchVoIP.com: VoIP security safeguards – they may be there already – and Voice of VOIPSA reaction – and Voxilla reaction  – and Andy Abramson at VoIPWatch
• 16:29 – Ovum report creates news:
  • silicon.com: Get ready for VoIP attacks
  • CXOToday: Unknown Threat, Real Risk: VoIP Security
  • RedHerring: VoIP Security Gets Noisy
  • NewTelephony: Ovum: Reduce VoIP Security Risks Before Further Deployment
  • Of course, the Ovum report on VoIP security came out in August 2006 and costs $1,728!!!
• 20:02 – IPCommunications.com: Covergence and NewHeights Team to Offer Secure SIP-Enabled Soft-Client Offering
• 20:56 – TechRepublic: Get the skinny on proprietary protocols
• 21:28 – ITPro: Over half of UK businesses have no IM or VoIP policy (note that survey sponsor is Symantec)
• 22:16 – Network World: The New York Times taps Nortel to build secure VoIP net (interesting for the tour through what the NYT is doing)
• 23:05 – Computer Business Review Online: Finding your voice 
• 24:18 – InterGovWorld.com: Putting a PAL to work
• 25:37 – ComputerWeekly.com: How to keep your VoIP net safe
• 25:57 – VoIP Service Blog: New FTC rule to put an end to SPIT pointing to FTC ruling
• 28:00 – VON Magazine: BT swallows Counterpane – see also Bruce Schneier’s blog (including the comment)
• 28:54 – Creamer Media’s Engineering News Online: Power-line-based broadband offers security advantages
• 29:30 – TMC.net: Electrocom Intros VoIP Intercom System for K-12 Schools see also news release: Rauland-Borg Offers VoIP Intercom as Safety and Security Solution for K-12 Schools
• 30:12 – Upcoming shows:
  • Nov 29-30, Tokyo, Japan, PacSec 2006
  • Dec 4-6, Atlanta, GA, VON Enterprise
  • Dec 5, London, UK, Secure Mobile Computing
  • Jan 23-26, 2007, Ft. Lauderdale, FL, Internet Telephony Conference and Expo – East
  • Feb 5-9, 2007, San Francisco, CA, RSA Conference 2007
  • Feb 27-Mar 1, 2007, San Francisco, Emerging Telephony 2007
  • Mar 1-2, 2007, London, EUSecWest
  • Mar 19-21, 2007, San Jose, CA, Spring 2007 VON
  • Mar 23-25, Washington, DC, ShmooCon ‘07
  • Apr 16-20, Vancouver, BC, Canada CanSecWest 2006
• 31:40 – Feature segment – impending launch of VOIPSA Best Practices project page
  • What it is
  • Why the need
  • End goal
  • How people can participate
• 40:43 – comment (email) from Craig Bowser
• 42:37 – comment (email) from Craig Bowser (again) pointing to 50 Most Influential People in VoIP (VoIPSA was on the list, but not us – but Craig added us in the comments!)
• 43:14 – comment (email) from Shawn Merdinger about AT&T security presentation mentioned briefly in this article
• 44:19 – comment (email) from Rhodri Davies
• 45:00 – comment (email) from Da Beave about iWar
• 47:34 – Review of the last week’s traffic on the VOIPSEC public mailing list
• 48:21 – Wrap-up of the show
  • Reminder that you can subscribe to the show via email as well as RSS
  • Mention of our Frappr map
• 49:24 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis: SIP attack tools, VoIP security news, IETF, patents, ZRTP, Skype security, Asterisk war dialling, voice biometrics, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast #44, a 36-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 17MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

 Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long!.
• 01:26 – Dan discusses GSA conference in Boston
• 01:55- Programming notes: looking for "best" episodes for CD, schwag for Cafe Press, and notes about upcoming shows and panels
• 02:55 – Side note that Daylight Savings Time will change in the US in 2007
• 04:18 – Programming notes – More shows are in the queue
• 04:47 – IETF – Dan Wing announces that he and several others have issued a new Internet Draft summarizing media security (primarily key exchange) requirements
• 07:43 – IETF – Alan Johnston announces a new version of the ZRTP Internet-Draft
• 08:10 – IETF – Phil Zimmermann announces an Intellectual Property disclosure related to ZRTP – also point to IETF RTPSEC discussion list (Free to subscribe)
• 09:29 – Free Software Magazine – Secure VoIP calling, free software, and the right to privacy (announcing GNUTelephony implementation of ZRTP )
• 10:09 – eWeek – VoIP: How Secure? (podcast with David Endler)
• 10:35 – Mark Collier – New VoIP hacking tools released on their HackingVoIP.com website – including one that mixes in audio – and also Voice of VOIPSA: Additional VoIP Attack Tools
• 13:19 – Ottawa Citizen: Wireless tech a headache for Canadian agents
• 13:55 – onestopclick: Data breach legislation on the cards for EU firms
• 15:10 – Network World: VoIP, hackers, botnets among challenges cyberprotectors face (tip of the hat to LiquidMatrix Security Digest )
• 16:24 – SearchSecurity.com: How ‘quadplay’ convergence can improve network security
• 17:40 – 21talks: Voice recognition coming to your bank points to other entry about voice customer calling his bank via SkypeOut
• 20:01 – VoipNow: What’s Going On With Skype In Jordan?
• 20:27 – Skype Journal: Who is Threatening Skype?
• 21:03 – International Herald Tribune: Network-monitoring technology provider Narus secures $30 million in new funding
• 21:47 – Sting3r.com: Creating Secure Asterisk Links which points to IAX2 War Dialer (Note that since the time this was recorded, the site has changed its design and the links no longer work. However, the site author contacted me to tell me that a site in Germany was mirroring his original site and the links were available there. I have now changed the links to point to the German site.)
• 22:42 – TMC.net: Mobile Industry Looks to EV-DO to Boost VoIP Quality
• 23:49 – Upcoming shows:
  • Nov 6-9, Berlin, Germany, VON Europe Autumn
  • Nov 29-30, Tokyo, Japan, PacSec 2006
  • Dec 4-6, Atlanta, GA, VON Enterprise
  • Dec 5, London, UK, Secure Mobile Computing
  • Jan 23-26, 2007, Ft. Lauderdale, FL, Internet Telephony Conference and Expo – East
  • Feb 5-9, 2007, San Francisco, CA, RSA Conference 2007
  • Feb 27-Mar 1, 2007, San Francisco, Emerging Telephony 2007
  • Mar 1-2, 2007, London, EUSecWest
  • Mar 19-21, 2007, San Jose, CA, Spring 2007 VON
  • Mar 23-25, Washington, DC, ShmooCon ‘07
  • Apr 16-20, Vancouver, BC, Canada CanSecWest 2006
• 25:00 – comment (audio) from Dave Roper
• 26:39 – comment (email) from Shlomo Dubrowin
• 27:45 – comment (email) from Ross Snowden
• 29:47 – comment (email) from Julien Goodwin (with offer of show segment)
•  30:28 – comment (weblog) from Kand Palanismy
• 31:33 – comment (weblog) from Martyn Davies
• 31:52 – comment (email) from Peter Kowalsky about Audacity notch filters
• 34:09 – Review of the last week’s traffic on the VOIPSEC public mailing list
• 34:44 – Wrap-up of the show
  • Reminder that you can subscribe to the show via email as well as RSS
  • Mention of our Frappr map
• 37:24 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis: One-year anniversary of the show – VoIP security news, Skype security, phishing, video cameras on the Eiffel Tower, service providers and security, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast #43, a 37-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 17MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

 Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long!.
• 01:55- Programming notes: looking for "best" episodes for CD, schwag for Cafe Press, and notes about upcoming shows and panels
• 02:34 – Dan will be speaking about VoIP security at a GSA Conference in Boxborough, Mass., on Thursday, October 26th.
• 03:19 – LinuxWorld.au: Business VoIP: Golden Egg Hidden in Services, Says IDC
• 04:45 – Sydney Morning Herald: Something’s phishy
• 05:27 – CommsDesign: Ensure successful VoWLAN: Understand security in VoIP networks
• 06:21 – xchange online: VoIP Security Threats: It’s not If, It’s When
• 07:48 – Ars Technica: Jordan bans, then unbans Skype
• 09:28 – Jan in Malaysia: The
  total madness and insecurity issues of the current public Skype.exe and
  why no corporation should implement it just like that.
• 11:32 – Jan also has: Security, privacy, Trust and Safety where he points to the Skype Forum where the issues are discussed
• 12:21 – TMC.Net: Telstra Goes Global
• 13:27 – TMC.Net: Japanese Insurance Provider Implements NICE’s VoIP Solutions
• 15:45 – Foundry Networks Converged Voice and Data Switches Receive Department of Defense VoIP Certification
• 16:42 – 3Com Advances Secure Enterprise Mobility with New Wireless Voice over IP Telephone  (see also CIO blog )
• 17:22 –VOIP Calling: Crucial Issues Regarding Security
• 18:08 – Feature segment talking about 1 year in the life of a podcast
  • Thoughts about the community, shoutouts to those who have been a part, statistics
  • Thoughts on what we’d like to do in the next year of the show
  • What would you like us to do in our second year of the show?
• 16:51 – comment (email) from Natas about dial in to BBP stats
• 29:09 – comment (email) from Martyn Davies with shoutouts to people he met at IP’06
• 30:23 – comment (email) from Leslie Asamoa-Krodua about Jajah and asking about the security of it
• 32:58 – comment (email) from whitehat about High-tech school security
• 33:57 – Review of the last week’s traffic on the VOIPSEC public mailing list
• 35:45 – Wrap-up of the show
  • Reminder that you can subscribe to the show via email as well as RSS
  • Mention of our Frappr map
• 37:24 – End of show

• FYI, we seem to have skipped the "Upcoming Shows" part of the show that we regularly do, but here is the list of upcoming shows as we currently have it:
  • Call for papers for:
  • ETel 2007 CFP now open – CFP winding down
  • EUSecWest CFP – Mar 1-2, 2007, London
  • ShmooCon 07 CFP open to Dec 1

   

  • Oct 25-26, Rome, Italy, VON Italy
  • Nov 6-9, Berlin, Germany, VON Europe Autumn
  • Nov 29-30, Tokyo, Japan, PacSec 2006
  • Dec 4-6, Atlanta, GA, VON Enterprise
  • Jan 23-26, 2007, Ft. Lauderdale, FL, Internet Telephony Conference and Expo – East
  • Feb 5-9, 2007, San Francisco, CA, RSA Conference 2007
  • Feb 27-Mar 1, 2007, San Francisco, Emerging Telephony 2007
  • Mar 1-2, 2007, London, EUSecWest
  • Mar 19-21, 2007, San Jose, CA, Spring 2007 VON
  • Mar 23-25, Washington, DC, ShmooCon ‘07
  • Apr 16-20, Vancouver, BC, Canada CanSecWest 2006

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis: Dan’s caffeine-fed rants on the insecurity of VoIP service providers, Middle East governments are no longer blocking Skype, the Swiss government is considering using spyware to eavesdrop on VoIP, TOR is a good thing, listener comments and much, MUCH more

Welcome to Blue Box: The VoIP Security Podcast #42, a 37-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

NOTE: This episode’s severe laughter can only be attributed to the very strong cup of tea Dan purchased somewhere near the VT border while driving to Ottawa in the dark and heavy rain. It is very different from any other show we’ve done before – and probably will do in the future.

Download the show here (MP3, 17MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

 Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners – and to all those listeners who have been here for so long!.
• 01:50- Programming notes: looking for "best" episodes for CD and mention of Martin McKeay’s Network Security Podcast #47, where he has a fascinating interview with the executive director of the Tor Project
• 04:28 – Internet Telephony conference review – mention of upcoming interviews and also the photo album from the show
• 05:55 – Rant about lack of security from VoIP service providers as demonstrated at the Internet Telephony "Service Provider Face-Off"  (We would dearly like to hear from some VoIP service providers who are including security!)
• 15:18 – Rant about Secunia alert about Avaya vulnerability
• 18:26 – TMC.Net: A ‘Bullet-Proof’ VoIP System
• 19:19 – Swiss government considers spyware to track VoIP (Register , TechWorld UK ) – sent in by Craig Bowser
• 20:48 – AMCE Packet goes IPO – Bloggingstocks – MarketWatch – Yahoo!Finance
• 22:15 – VNUNet – Technology multiplies business risk
• 22:53 – The London Times – TruePhone announces VoIP calling on Nokia N80, free until end of year
• 23:38 – Kaleej Times Dubai may relax prohibition on PC – to phone VoIP

• 24:11 – Skype Journal: Skype Restored in Jordan
• 24:50 – Covergence Teams up with BroadSoft to Help Service Providers
• 25:15 – TMC – SixApart LiveJournal service adds web based SIP dialing using Gizmo
• 26:02 – Upcoming shows:
• Call for papers for:
  • ETel 2007 CFP now open – CFP winding down
  • EUSecWest CFP – Mar 1-2, 2007, London
  • ShmooCon 07 CFP open to Dec 1

Shows:

• Oct 25-26, Rome, Italy, VON Italy
• Nov 6-9, Berlin, Germany, VON Europe Autumn
• Nov 29-30, Tokyo, Japan, PacSec 2006
• Dec 4-6, Atlanta, GA, VON Enterprise
• Jan 23-26, 2007, Ft. Lauderdale, FL, Internet Telephony Conference and Expo – East
• Feb 5-9, 2007, San Francisco, CA, RSA Conference 2007
• Feb 27-Mar 1, 2007, San Francisco, Emerging Telephony 2007
• Mar 1-2, 2007, London, EUSecWest
• Mar 19-21, 2007, San Jose, CA, Spring 2007 VON
• Mar 23-25, Washington, DC, ShmooCon ‘07
• Apr 16-20, Vancouver, BC, Canada CanSecWest 2006
• 27:38 – comment (email) from Martyn Davies about sound quality
• 32:46 – comment (email) from Shlomo Dubrowin
• 32:20 – comment (email) from Craig Bowser
• 32:39 – comment (email) from Shawn Merdinger
• 33:35 – Review of the last week’s traffic on the VOIPSEC public mailing list
• 35:04 – Wrap-up of the show
  • Reminder that you can subscribe to the show via email as well as RSS
  • Mention of our Frappr map
• 37:01 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis: Skype security advisory, vulnerabilities in multiple vendor’s VoIP phones, more Skype security news, VoIP security, listener comments and much more

Welcome to Blue Box: The VoIP Security Podcast #41, a 42-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 17MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

 Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.
• 02:08 – A brief bit about the audio path Dan uses to record the show.
• 04:12 – Discussion of the Podcast and Portable Media Expo. Mention of Michael Santarcangelo of Security Catalyst and Martin McKeay of Network Security Podcast.
• 08:15 – Dan was part of a Security Roundtable podcast on VoIP security.
• 09:29 – Ken Camp posted a list of IT security podcasts that a friend of his put together.
• 10:00 – Programming notes – 1-year anniversary show coming up October 24th – probably recorded on
  20th, so if you have a segment or comments you would like to give us,
  please get them to us by evening of Oct 19th
• 11:05 – Three vulnerabilities reported by Shawn Merdinger:
• PolyCom IP-301 VoIP Desktop Phone HTTP server DoS and undocumented TCP port 42
• Linksys SPA-921 VoIP Desktop Phone HTTP Server DoS
• GrandStream GXP-2000 VoIP Desktop Phone multiple undocumented UDP ports and DoS
• 12:14 – Skype vulnerability for Mac OS X
• 13:04 – Skype Journal: SJSU: Campus OK’s Skype, for now
• 13:30 – Network World: Akonix appliance aims to give IT Skype controls  (see also Jan in Malaysia on the same subject)
• 13:49 – Skype Journal: Jordon regulator blocks skype.com
• 14:09 – TechWorld UK: Sophos offers free application killer
• 14:40 – Slashdot: SIP vs. Skype, Making the ‘Open’ Choice
• 15:09 – Slashdot: Comcast Lying About Vonage
• 16:29 – IT Week: VoIP vendors slam Cisco
• 18:17 – TelecomWeb: BellSouth, ISS Back VoIP Security Effort – see also Ga. Tech, BellSouth, Internet Security Systems initiate VoIP security research partnership – all the more interesting because ISS recently announced it will be acquired by IBM!
• 20:02 – Wired News: Beguiling but Beware: AJAX, VoIP
• 22:24 – BBC: Security fears raised at conference
• 23:14 – CIO Today: Video over IP: The Next Battleground
• 23:57 – NY Times: Clear as a Bell One Day, Fuzzy and Garbled the Next (actual article requires subscription)
• 24:24 –NIST announced updated security docs (looks like a nice one on WinXP)
• 25:35 – Voice of VOIPSA: Hello Mom, I’m a Fake
• 26:54 – TippingPoint Research Director Recognized for Leadership in Voice and Security (about David Endler)
• 29:34 -Upcoming Shows:
  • Call for papers for:
  • ETel 2007 CFP now open – CFP winding down
  • EUSecWest CFP – Mar 1-2, 2007, London
  • ShmooCon 07 CFP open to Dec 1
  • Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
  • Oct 25-26, Rome, Italy, VON Italy
  • Nov 6-9, Berlin, Germany, VON Europe Autumn
  • (new), Nov 29-30, Tokyo, Japan, PacSec 2006
  • Dec 4-6, Atlanta, GA, VON Enterprise
  • Jan 23-26, 2007, Ft. Lauderdale, FL, Internet Telephony Conference and Expo – East
  • Feb 27-Mar 1, 2007, San Francisco, Emerging Telephony 2007
  • (new) Mar 1-2, 2007, London, EUSecWest
  • Mar 19-21, 2007, San Jose, CA, Spring 2007 VON
  • (new) Mar 23-25, Washington, DC, ShmooCon ‘07
  • (new) Apr 16-20, Vancouver, BC, Canada CanSecWest 2006
• 29:46 – comment (email) from Dan Wing about blueboxpodcast.com vs bluebox.dreamhosters.com/
• 30:17 – comments (email) from Jake Neumann and Miguel Garcia about audio software
• 31:46 – comment (email) from Miguel Garcia about RTPSEC BOF
  • Audio recording, part 1 (BOF session starts at 9 minutes 45 seconds)
  • Audio recording, part 2
  • RTPSEC session minutes and slides
• 33:20 – comment (email) from Natas about dial in to BBP
• 34:43 – comment (email) from Ross Snowden about topics he is interested in (including fax)
• 37:03 – Review of the last week’s traffic on the VOIPSEC public mailing list
• 39:34 – Wrap-up of the show
  • Reminder that you can subscribe to the show via email as well as RSS
  • Mention of our Frappr map
• 41:57 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis:VoIP fraudster now a fugitive, Namibians jailed for VoIP, business continuity, Skype security and more.

Welcome to Blue Box: The VoIP Security Podcast #39, a 36-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 15MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

 Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.
• 02:30 – Notes about changes to show format
• 06:25 – Dan will be attending the Podcast and Portable Media Expo Sept 29th and 30th out in Ontario, CA.
• 06:39 – Dan will be part of an upcoming Security Roundtable podcast on VoIP.
• 07:23 – Accused VoIP Fraudster Sought As Fugitive  (tip to Martyn Davies at Voice of VOIPSA ) also link from Craig Bowser on the same subject VoIP Thief on the Run
• 08:49 – VoIP changing business continuity (from Voice of VOIPSA)
• 11:55 – VoIPNews AU: Five arrested for selling VoIP (tip to Jan in Malaysia) Also Skype Journal: Sell VoIP, Go to jail
• 13:24 – CIO: Experts: VoIP Represents Serious Security Risk
• 14:23 – CSO (Australia): When Voice Becomes Data
• 15:49 – NetworkWorld: Users want systems for managing VoIP quality
• 17:29 – NetworkWorld: Interop Reporter’s Notebook: VoIP security still spotty and TMC.Net: At Interop, Network Infrastructure Still Taking Priority over VoIP
• 18:41 – OSNews: Review: FiWin SS28S WiFi VoIP SIP/Skype Phone
• 21:17 – ArsTechnica: More universities banning Skype, Jan in Malaysia: The world is flat, even if some block it, SkypeJournal: Proposed SJSU Ban of Skype: Update and Mind if my friends move in?
• 24:08 – CIO: Skype Preps Enterprise-Friendly VoIP Software
• 26:00 – PC Magazine: Alarm.com Signs VOIP Deal; Looks Next To ISPs – see also news release – uControl Launches New Home Security Service
• 27:15 – TMC.Net: Our 100th Issue of IP Communications Thought Leadership (Rich Tehrani)
• 28:18 – Telrex CallRex is the First VoIP Call Recording Solution Verified to Record Encrypted Cisco Unified CallManager 5.0 Calls
• 29:34 -Upcoming Shows:
  • Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
  • Oct 25-26, Rome, Italy, VON Italy
  • Nov 6-9, Berlin, Germany, VON Europe Autumn
  • Dec 4-6, Atlanta, GA, VON Enterprise
  • Jan 23-26, 2007, Ft. Lauderdale, FL, Internet Telephony Conference and Expo – East
  • Feb 27-Mar 1, 2007, San Francisco, Emerging Telephony 2007
  • Mar 19-21, 2007, San Jose, CA, Spring 2007 VON
• 30:27 – Comment (audio) from unidentified listener about SIP comment line
• 31:57 – Comment (audio) from Dean Elwood
• 33:10 – Review of the last week’s traffic on the VOIPSEC public mailing list
• 34:08 – Wrap-up of the show
  • Note that  Telcom Junkies has now made archives available
  • Reminder that you can subscribe to the show via email as well as RSS
  • Mention of our Frappr map
    
• 35:50 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis:VoIP security news, comments and opinions – Skype security, fugitive CEOs, Phil Zimmermann, Paris Hilton, the IETF and more.

Welcome to Blue Box: The VoIP Security Podcast #38, a 49-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions. In this week’s show, we cover fugitive CEOs, Phil Zimmermann, Paris Hilton, the IETF, Skype and more…

Download the show here (MP3, 20MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

NOTE: This show was originally recorded on September 6th and was delayed due to some of the audio quality issues that you will note in the show itself.

 Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.
• 01:18 – Jonathan’s conference in Asia and travel there
• 09:10 – Fall VON 2006 and Dan’s rant about PR
• 10:55 – Request for ideas about products to sell through CafePress
• 12:15 – Martyn Davies will be attending, Dec 5, London, UK, The 4th IET Secure Mobile Communication Forum
• 12:39 – Shoutout to Bret Padres and Ovie Carroll over at CyberSpeak
  – an excellent podcast on computer forensics and security
• 14:07 – Upcoming Shows:
  • Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
  • Oct 25-26, Rome, Italy, VON Italy
  • Nov 6-9, Berlin, Germany, VON Europe Autumn
  • Dec 4-6, Atlanta, GA, VON Enterprise
  • Jan 23-26, 2007, Ft. Lauderdale, FL, Internet Telephony Conference and Expo – East
  • Feb 27-Mar 1, 2007, San Francisco, Emerging Telephony 2007
  • Mar 19-21, 2007, San Jose, CA, Spring 2007 VON
• 14:29 – Black Hat presentation available: VoIP Security Essentials (Jeff Waldron talk at Black Hat 2006)
• 14:41 – Register: Fugitive CEO tracked down to Sri Lanka after Skype call and Ars Technica: Fugitive exec nabbed after Skype call – also Bruce Shneier: Skype call traced – also points to this PDF – also blogged in Jan in Webtown
• 17:01 – Webtown – Jan in Malaysia: Market for blocking Skype is probably as big (if not bigger) to enable Skype – pointing to this news release Lynanda Finds a Way to Block Skype
• 19:17 – CRN: VoIP Systems Vulnerable To Attack
• 19:33 – TechWorld: Taking a SIP of secure mobile telephony
• 19:57 – ZDNet: E-mail security hero takes on VoIP also IPCommunications.com: Pretty Good Security for SIP Communications and Dark Reading: Zimmermann, Borderware Join (sent in by Craig Bowser)
• 20:40 – VoIP-Sol.com: 15 Apps for Recording Skype Conversations  (found through Ken Camp)
• 22:44 -VoIPSA Blog: Paris Hilton, hacker extraordinaire? also Asterisk VoIP News
• 26:41 – Internet Draft on VoIP security threats
• 28:27 – Internet Draft on IPv6 security overview
• 28:48 – Rohan Pinto: Instant Voicemails points to pinger
• 30:15 – WhatPC? Network configuration systems pay off
• 30:53 –  Sipera IPCS 310 Supports More VoIP Environments (also eChannelOnline )
• 31:11 – MobiKEY Ensures Secure Remote Access to Network Resources
• 31:20 –IBM to acquire Internet Security Systems
• 31:34 –All Broadvoice VoIP Customers have 911 Service and Over 85% of Vonage U.S. Subscriber Lines Now Have E911
•  31:40 –NetIQ VoIP Security Solution From Attachmate Named 2006 Readers’ Choice Award Winner by Windows IT Pro
• 32:10 – Shoutout from Brenno DeWinter
• 33:39 – Upcoming events:
• 35:20 – Comment (blog) from tonderai
• 36:09 – Comment (blog) from Kand Palanisamy
• 38:37 – Comment (blog) from Ellie drey
• 39:38 – Comment (email) from Julien Goodwin about SIP comments and offering an Asterisk config file to do the trick
• 41:13 – Comment (email) from Leslie Asamoa (SIP connections)
• 41:48 – Comment (email) from Leslie Asamoa (comments and recommendations)
• 45:12 – Review of the last week’s traffic on the VOIPSEC public mailing list
• 48:00 – Wrap-up of the show
  • Reminder that you can subscribe to the show via email as well as RSS
  • Mention of our Frappr map
    
• 49:19 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.

Thank you for listening and please do let us know what you think of the show.