Listen to Blue Box episodes by phone!

As you will hear in the soon-to-be-released show #41, listener "natas" has now made it possible for you to dial a phone number and listen to any of the Blue Box "main" shows over your phone (special edition shows coming at some point soon). Simply dial:

+1-712-432-5355

and you will be prompted to enter in the number of the show you would like to listen to. You can press the "#" key to fast-forward, the "*" key to rewind, the "0" key to pause/resume and the "1" key to exit the episode and return to the main menu to listen to another episode. Obviously, when you are done you can just hang up.

Given that this is an experiment, any comments people have on the usefulness (or not) of this service would be appreciated. You can leave them here or send them in via email or audio. If you do find the service useful, I would be curious as to why… where are you or what situation are you in where calling in to listen is easier than downloading the MP3 directly and listening? I’d really like to know. (natas indicates he is doing this for some other podcasts and is having people call in.)

Many thanks to natas for setting this up and I look forward to any feedback listeners have.

P.S. For those interested, natas has a phone connection coming from a VoIP service provider into his Asterisk server where he as the IVR set up. He has uploaded (with our permission) the show MP3s onto his Asterisk server and whichever one is requested is then played for the caller.

Security Roundtable podcast on VoIP security

FYI, I was the guest on the recent Security Roundtable podcast #5 focused on VoIP security. I gave an overview of VoIP security issues, discussed some best practices and answered numerous questions from the group of hosts. It was a wide-ranging discussion that covered Skype, recent legislation, enterprise network issues and much more. It was a fun podcast to be part of and I do appreciate the SRT team inviting my participation. If you are new to VoIP security issues in general, do give it a listen.

Blue Box #40: VoIP fraudster a fugitive, VoIP security news, business continuity, Namibians jailed for VoIP, and much more…

Synopsis:VoIP fraudster now a fugitive, Namibians jailed for VoIP, business continuity, Skype security and more.

Welcome to Blue Box: The VoIP Security Podcast #39, a 36-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 15MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners.
02:30 – Notes about changes to show format
06:25 – Dan will be attending the Podcast and Portable Media Expo Sept 29th and 30th out in Ontario, CA.
06:39 – Dan will be part of an upcoming Security Roundtable podcast on VoIP.
07:23 – Accused VoIP Fraudster Sought As Fugitive (tip to Martyn Davies at Voice of VOIPSA ) also link from Craig Bowser on the same subject VoIP Thief on the Run
08:49 – VoIP changing business continuity (from Voice of VOIPSA)
11:55 – VoIPNews AU: Five arrested for selling VoIP (tip to Jan in Malaysia) Also Skype Journal: Sell VoIP, Go to jail
13:24 – CIO: Experts: VoIP Represents Serious Security Risk
14:23 – CSO (Australia): When Voice Becomes Data
15:49 – NetworkWorld: Users want systems for managing VoIP quality
17:29 – NetworkWorld: Interop Reporter’s Notebook: VoIP security still spotty and TMC.Net: At Interop, Network Infrastructure Still Taking Priority over VoIP
18:41 – OSNews: Review: FiWin SS28S WiFi VoIP SIP/Skype Phone
21:17 – ArsTechnica: More universities banning Skype, Jan in Malaysia: The world is flat, even if some block it, SkypeJournal: Proposed SJSU Ban of Skype: Update and Mind if my friends move in?
24:08 – CIO: Skype Preps Enterprise-Friendly VoIP Software
26:00 – PC Magazine: Alarm.com Signs VOIP Deal; Looks Next To ISPs – see also news release – uControl Launches New Home Security Service
27:15 – TMC.Net: Our 100th Issue of IP Communications Thought Leadership (Rich Tehrani)
28:18 – Telrex CallRex is the First VoIP Call Recording Solution Verified to Record Encrypted Cisco Unified CallManager 5.0 Calls
29:34 -Upcoming Shows:
- Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
- Oct 25-26, Rome, Italy, VON Italy
- Nov 6-9, Berlin, Germany, VON Europe Autumn
- Dec 4-6, Atlanta, GA, VON Enterprise
- Jan 23-26, 2007, Ft. Lauderdale, FL, Internet Telephony Conference and Expo – East
- Feb 27-Mar 1, 2007, San Francisco, Emerging Telephony 2007
- Mar 19-21, 2007, San Jose, CA, Spring 2007 VON
30:27 – Comment (audio) from unidentified listener about SIP comment line
31:57 – Comment (audio) from Dean Elwood
33:10 – Review of the last week’s traffic on the VOIPSEC public mailing list
34:08 – Wrap-up of the show
- Note that Telcom Junkies has now made archives available
- Reminder that you can subscribe to the show via email as well as RSS
- Mention of our Frappr map
35:50 – End of show

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-2583 or via SIP to ‘bluebox@voipuser.org‘ to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Blue Box #39: VoIP security news, VON conference update, 802.11 and PKI, listener comments, more

Synopsis:VoIP security news, comments and opinions – Skype security, fugitive CEOs, Phil Zimmermann, Paris Hilton, the IETF and more.

Welcome to Blue Box: The VoIP Security Podcast #39, a 42-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions. In this week’s show, we cover recent news, what happened at the VON show, 802.11 wireless security and more…

Download the show here (MP3, 17MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners.
02:40 – SIP comment line at bluebox@voipuser.org and also in the UK +44 844 933 6305
03:44 – Upcoming interviews
04:40 – MRT: Senate passes 911 legislation in port security bill see also TelecomWeb: E911/VoIP Mandate Slips Into Port Security Bill
07:30 – Converge NetworkDigest: Are Hackers Eyeing your VoIP Network? (Newport Networks – who incidentally has a blog The Session Blog )
08:50 – Converge NetworkDigest: Protecting IPTV Infrastructure from Security Risks
12:14 – TMC.Net: Mitel to use BorderWare’s SIPassure VoIP Security Solution in its 3600 Security Gateway also Ottawa Business Journal: Mitel improves IP phone security
14:00 – VOIPSA Blog: Winds of change: ‘University dumps Cisco VoIP for open-source Asterisk’ (by Shawn Merdinger)
15:22 – VOIPSA Blog: Schwarzenegger’s (‘hot’) recording in context of VoIP archive servers (also by Shawn)
18:14 – KoolSpan, Kayote Networks Team To Deliver Carrier-Class, Continuous Security Authentication To VoIP Communications Services
18:46 – Covergence Delivers the CXC-50, Providing Complete VoIP Security and Reliability for Branch Offices and Small Businesses; Eclipse CXC-50 Provides ’’Big Business’’ VoIP at Small Business Prices
19:26 – Bell Labs Innovations Set New Standard in Carrier-Grade VPN/Firewall Functionality
20:07 – i2Telecom
Announces Trusted Computing Integration Plans; Relationship to Enable
Launch of VoIP Services Authenticated by a Security Chip and Wave
Software
21:40 – Mitel’s Dan York Appointed to VOIPSA Board of Directors and discussion of upcoming VOIPSA "Best Practices" project
25:27 – Upcoming Shows:
- Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
- Oct 25-26, Rome, Italy, VON Italy
- Nov 6-9, Berlin, Germany, VON Europe Autumn
- Dec 4-6, Atlanta, GA, VON Enterprise
- Jan 23-26, 2007, Ft. Lauderdale, FL, Internet Telephony Conference and Expo – East
- Feb 27-Mar 1, 2007, San Francisco, Emerging Telephony 2007
- Mar 19-21, 2007, San Jose, CA, Spring 2007 VON
26:25 – Feature segment about VON conference
- ENUM is dead! Long live ENUM!
- FMC convergence and security
- IMS architecture and security
32:06 – Comment (email) from Perry Engle about 802.11 wireless and the use of PKI
37:44 – Comment (email) from Miguel Garcia
38:24 – Comment (audio) from Martyn Davies just testing SIP comment line
39:49 – Review of the last week’s traffic on the VOIPSEC public mailing list
40:33 – Wrap-up of the show
- Reminder that you can subscribe to the show via email as well as RSS
- Mention of our Frappr map
41:35 – End of show

Thank you for listening and please do let us know what you think of the show.

One-year anniversary show coming up Oct 24th… if you have any comments/segments you’d like to contribute…

October 24th will mark one-year of doing this show and we’re planning to talk a bit about that anniversary: some of the things we’ve learned – both about VoIP security and also about podcasting – and see what other announcements we can come out with.

If you would like to contribute a comment or segment to that episode, we will most likely be recording that show on Friday, October 20th, so please send in via email or call in any contributions by the end of Thursday, October 19th. If you want to call in or send in comments in advance but want us to hold them for that show, just say so at the beginning of the audio comment or in an email and we’ll hold them for that show. Many thanks to all of you who have been listening to us over all this time!

Blue Box #38: VoIP security news, Skype security, fugitive CEOs, Phil Zimmermann, Paris Hilton, the IETF and more…

Synopsis:VoIP security news, comments and opinions – Skype security, fugitive CEOs, Phil Zimmermann, Paris Hilton, the IETF and more.

Welcome to Blue Box: The VoIP Security Podcast #38, a 49-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions. In this week’s show, we cover fugitive CEOs, Phil Zimmermann, Paris Hilton, the IETF, Skype and more…

Download the show here (MP3, 20MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

NOTE: This show was originally recorded on September 6th and was delayed due to some of the audio quality issues that you will note in the show itself.

Show Content:

00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners.
01:18 – Jonathan’s conference in Asia and travel there
09:10 – Fall VON 2006 and Dan’s rant about PR
10:55 – Request for ideas about products to sell through CafePress
12:15 – Martyn Davies will be attending, Dec 5, London, UK, The 4th IET Secure Mobile Communication Forum
12:39 – Shoutout to Bret Padres and Ovie Carroll over at CyberSpeak
– an excellent podcast on computer forensics and security
14:07 – Upcoming Shows:
- Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
- Oct 25-26, Rome, Italy, VON Italy
- Nov 6-9, Berlin, Germany, VON Europe Autumn
- Dec 4-6, Atlanta, GA, VON Enterprise
- Jan 23-26, 2007, Ft. Lauderdale, FL, Internet Telephony Conference and Expo – East
- Feb 27-Mar 1, 2007, San Francisco, Emerging Telephony 2007
- Mar 19-21, 2007, San Jose, CA, Spring 2007 VON
14:29 – Black Hat presentation available: VoIP Security Essentials (Jeff Waldron talk at Black Hat 2006)
14:41 – Register: Fugitive CEO tracked down to Sri Lanka after Skype call and Ars Technica: Fugitive exec nabbed after Skype call – also Bruce Shneier: Skype call traced – also points to this PDF – also blogged in Jan in Webtown
17:01 – Webtown – Jan in Malaysia: Market for blocking Skype is probably as big (if not bigger) to enable Skype – pointing to this news release Lynanda Finds a Way to Block Skype
19:17 – CRN: VoIP Systems Vulnerable To Attack
19:33 – TechWorld: Taking a SIP of secure mobile telephony
19:57 – ZDNet: E-mail security hero takes on VoIP also IPCommunications.com: Pretty Good Security for SIP Communications and Dark Reading: Zimmermann, Borderware Join (sent in by Craig Bowser)
20:40 – VoIP-Sol.com: 15 Apps for Recording Skype Conversations (found through Ken Camp)
22:44 -VoIPSA Blog: Paris Hilton, hacker extraordinaire? also Asterisk VoIP News
26:41 – Internet Draft on VoIP security threats
28:27 – Internet Draft on IPv6 security overview
28:48 – Rohan Pinto: Instant Voicemails points to pinger
30:15 – WhatPC? Network configuration systems pay off
30:53 – Sipera IPCS 310 Supports More VoIP Environments (also eChannelOnline )
31:11 – MobiKEY Ensures Secure Remote Access to Network Resources
31:20 –IBM to acquire Internet Security Systems
31:34 –All Broadvoice VoIP Customers have 911 Service and Over 85% of Vonage U.S. Subscriber Lines Now Have E911
31:40 –NetIQ VoIP Security Solution From Attachmate Named 2006 Readers’ Choice Award Winner by Windows IT Pro
32:10 – Shoutout from Brenno DeWinter
33:39 – Upcoming events:
35:20 – Comment (blog) from tonderai
36:09 – Comment (blog) from Kand Palanisamy
38:37 – Comment (blog) from Ellie drey
39:38 – Comment (email) from Julien Goodwin about SIP comments and offering an Asterisk config file to do the trick
41:13 – Comment (email) from Leslie Asamoa (SIP connections)
41:48 – Comment (email) from Leslie Asamoa (comments and recommendations)
45:12 – Review of the last week’s traffic on the VOIPSEC public mailing list
48:00 – Wrap-up of the show
- Reminder that you can subscribe to the show via email as well as RSS
- Mention of our Frappr map
49:19 – End of show

Thank you for listening and please do let us know what you think of the show.

Asterisk configuration for SIP voicemail-to-email

As you will hear shortly on show #38, there were two main responses regarding my query about having a SIP address for a comment line that would record a voicemail message and send it to my email address. One response led to the hosted SIP comment line that we recently announced. The other response, from Julien Goodwin, was an explanation of how to do this in Asterisk. While I personally don’t have the time to administer systems and run my own Asterisk server, I thought I would post it here for others to see and experiment with.

Julien provided the following configuration, noting that he had not tested this, but it was based off of his working configuration:

extensions.conf:

[sip-guest]
s,1,goto(bluebox,1)
i,1,goto(bluebox,1)

bluebox,1,answer
bluebox,n,Voicemail(u1)
bluebox,n,hangup

[some-private-context]
bluebox-admin,1,Voicemailmain(1) ; User side of VM, to set message

sip.conf:
[general]
context = sip-guest
disallow=all                    ; Disallow all codecs
allow=ulaw                      ; Allow codecs in order of preference
allow=alaw
allow=gsm
allow=ilbc
; G729 could also be allowed if your system has a license

voicemail.conf: 
[default]
1 => 12345,Bluebox Comments 
Box,blueboxpodcast@gmail.com,,attach=yes|delete=1|format=wav

(NOTE: These last two lines were split for formatting but should
be merged onto a single line.)

Thank you, Julien, for providing this and if people find it useful and/or make suggestions/comments, please do leave those as comments to this post.

If any of you are going to the Podcast & Portable Media Expo this coming weekend…

If any of you will be attending the Podcast and Portable Media Expo coming up this Friday and Saturday, September 29th and 30th, in Ontario, California (near L.A.), please do drop an email and it would be great to connect. If you aren’t going but are interested in podcasting, there’s still time… 🙂

Blue Box SE #11: IMS Security interview with Morgan Stern

Synopsis:Interview about IP Multimedia Subsystem (IMS) security with Morgan Stern.

Welcome to Blue Box: The VoIP Security Podcast special edition #11, a 17-minute podcast from Dan York and Jonathan Zar containing an interview with Morgan Stern, Principal Consultant at Lucent Worldwide Services about the security of IMS systems.

Download the show here (MP3, 7MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

In this interview, I spoke with Morgan Stern, Principal Consultant, Global Convergence Center of Excellence, Lucent Worldwide Services, about the security of the IP Multimedia Subsystem (IMS) architecture. Morgan has just been part of a panel session at Fall VON 2006 in Boston entitled "Securing Communication for IMS" and we covered a range of security topics, including:

The differences between centralized and distributed architectures
The various standards bodies involved with IMS
The emergence of "A-IMS"
How do we do distributed security?
How do we verify the authenticity of end devices?
Is IMS hype or reality?
Are there really new and innovative services coming out for IMS?
What are the major security issues for IMS?
Lawful intercept and its issues
His role at Lucent and what his work there is about

Morgan also provided a copy of his IMS security presentation that you may download and also mentioned a Light Reading webinar he did on IMS in general that listeners may find of interest.

If you are interested in IMS security, you may also want to listen to Blue Box podcast #35, where we interviewed author Miguel Garcia for his perspective on IMS security.

Thank you for listening and please do let us know what you think of the show.

New SIP comment line – bluebox@voipuser.org

Thanks to Dean over at voipuser.org, along with Martyn Davies who did some great testing, we now have a comment line to which you can connect via SIP. All you need to do is use your SIP phone to call the address:

bluebox@voipuser.org

(Please note that this is NOT an email address, but rather a SIP address.) Martyn and Dean have both left messages and it seems to work well.

If you have a SIP phone with the ability to call across the Internet, please do give it a try and leave us a message. Feedback is definitely welcome. Again, many thanks to Dean for setting this up and to Martyn for helping with testing.

P.S. As a bonus, we also now have a PSTN comment line in the UK: +44 844 933 6305. If you want to give that number a try, please do!

Blue Box: The Voice-over-IP Security Podcast

A podcast offering news, views and commentary on security issues for Voice Over IP(VoIP), Unified Communications (UC) and IP Telephony

Listen to Blue Box episodes by phone!

Security Roundtable podcast on VoIP security

Blue Box #40: VoIP fraudster a fugitive, VoIP security news, business continuity, Namibians jailed for VoIP, and much more…

Blue Box #39: VoIP security news, VON conference update, 802.11 and PKI, listener comments, more

One-year anniversary show coming up Oct 24th… if you have any comments/segments you’d like to contribute…

Blue Box #38: VoIP security news, Skype security, fugitive CEOs, Phil Zimmermann, Paris Hilton, the IETF and more…

Asterisk configuration for SIP voicemail-to-email

If any of you are going to the Podcast & Portable Media Expo this coming weekend…

Blue Box SE #11: IMS Security interview with Morgan Stern

New SIP comment line – bluebox@voipuser.org