FYI, we’ve now recorded interviews with people about IMS security and IPv6 security… both of those shows will be posted soon. Also, this week’s podcast will be coming soon – either late tonight or tomorrow. I’m up at IETF in Montreal and a wee bit challeged for production time.
Podcast Awards nominations are open until July 15
The 2006 People’s Choice Podcast Awards have opened up nominations through July 15th and if any listeners would care to nominate our show in the Technology/Science, Business or other categories, we would be deeply honored. I’m not necessarily a huge fan of these type of contests, but in this case I believe Todd Cochrane and his crew do a very solid job with the overall process and it’s one that I definitely support. I’ve gone and nominated several of the shows I believe should be considered – and would encourage you to do the same. (If you want to nominate several shows for the same category, you can vote again each calendar day – so nominate some today, then some more tomorrow, etc. ) Voting in the contest begins later in July, but the first step is to make it through the nomination process. Thank you for your consideration.
Telecom Junkies podcast on Pena/Moore VoIP fraud case
As we mentioned on recent shows, I (Dan) was a guest on a recent Telecom Junkies Podcast called “VoIP Fraud Sets Off New Alarms” where we discussed the Pena/Moore voip fraud case that we’ve been discussing on recent shows. Target audience was for “telecom managers” at large enterprises and is produced by the folks who create “The Telecom Manager’s Voice Report“.
The other guests on the show with me were Gary Meliefsky from NetClarity and consultant Ken Agress. Definitely a fun show to do and I appreciated the Voice Report folks having me on the show.
Blue Box #33 – VoIP Fraud case and CALEA revisited, VoIP security news, listener comments and more
Synopsis: VoIP fraud case and CALEA revisited, VoIP security news, listener comments and much, much more…
Welcome to Blue Box: The VoIP Security Podcast show #33, a 44-minute podcast from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This show covers the usual VoIP security news, but then through some excellent listener comments gets back into a continued discussion of the Pena/Moore VoIP fraud case and also CALEA.
Download the show here (MP3, 40MB) or subscribe to the RSS feed to download the show automatically.
You may also listen to this podcast right now:
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.
Show Content:
- 00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners. Mention of our listener survey – PLEASE TAKE A MOMENT TO COMPLETE THE SURVEY! (Thank you!)
- 02:35 – Mention of upcoming Telecom Junkies podcast where this VoIP fraud case will be discussed.
- 02:56 – Mention of IETF meeting and the audio streaming and the actual IETF agenda (also, if you have no understanding of how the IETF works, you may want to read The Tao of IETF )
- 04:33 – Dan will be at Fall VON in Boston and Internet Telephony in San Diego – we’ll plan dinners there.
- 05:10 – Returning to using the LAME encoder.
- 04:51 – The Register: Say Hello to voice phishing (pointing to Websense security alert ) tip of the hat to Liquidmatrix security blog
- 07:18 -eChannelLine: VoIP hackers present opportunity for channel
- 08:22 – VOIPSA Blog: VoWLAN with Smartphones
- 09:57 – NetworkWorld: AT&T tests disaster response
- 10:41 – More Than Half Of Tech Companies Admit Breaches In Past Year, Not Sufficiently Funding Security, Says Deloitte Report
- 12:50 – BellSouth Chooses Tektronix for Real-Time VoIP Service Monitoring
- 13:29 – Upcoming shows:
- July 19-21, Tokyo, Japan, VON Japan
- August 2-3, Las Vegas, Black Hat 2006
- August 8-10, Santa Clara, CA, 3rd Annual VoIP Developer Conference
- (new) August 21-24, San Francisco, VoiceCon Fall 2006
- Sept 11-14, Boston, MA, Fall VON 2006
- (new) Sept 18-22, New York, Interop
- Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
- Oct 25-26, Rome, Italy, VON Italy
- Nov 6-9, Berlin, Germany, VON Europe Autumn
- Dec 4-6, Atlanta, GA, VON Enterprise
- 14:06 – Comment (audio) from Martyn Davies
- 18:53 – Comment (email) from Aswath Rao on CALEA
- 21:14 – Comment (VOIPSA blog) from Randell Jesup on FCC and CALEA
- 24:21 – Comment (email) from Craig Bowser about VoIP fraud
- 25:55 – Comment (web) from Robert Welbourn
- 29:15 – Comment (audio) from Andy Zmolek about VoIP fraud
- 34:52 – Comment (email) from Julien Goodwin on LAME encoder
- 35:23 – Comment (email) from Matt Gibson about domains
- 37:08 – Comment (email) from magazine editor – Can anyone point to documented SPIT attacks?
- 38:03 – Comment (email) from Mark Trifiro on ENUM and ISN
- 41:52 – Review of the last week’s traffic on the VOIPSEC public mailing list
- 42:30 – Wrap-up of the show
- Mention of our Frappr map
- 44:05 – End of show
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.
Thank you for listening and please do let us know what you think of the show.
Blue Box #32: ENUM Tutorial, VoIP security news, listener comments and more
Synopsis: ENUM tutorial, VoIP security news, listener comments and much, much more…
Welcome to Blue Box: The VoIP Security Podcast show #32, a 49-minute podcast from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This show includes a 14-minute tutorial on ENUM – what it is and what implications it has for security – as well as the usual coverage of VoIP security news and comments from listeners
Download the show here (MP3, 45MB) or subscribe to the RSS feed to download the show automatically.
You may also listen to this podcast right now:
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.
Show Content:
- 00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners. Mention of our listener survey – PLEASE TAKE A MOMENT TO COMPLETE THE SURVEY! (Thank you!)
- 02:38 – Discussion of why the first release of show #31 sounded like a really bad rap mashup
- 06:23 – I will be a guest on the upcoming Telecom Junkies podcast where the recent Pena/Moore VoIP fraud case will be discussed.
- 07:50 – Dan will be at the IETF 66th Meeting in Montreal, June 9-14 – Please drop us a note if you are going to be there.
- 08:11 – Dan will be attending Fall VON 2006 in Boston in September and will also be speaking out at the Internet Telephony conference in San Diego in October… so we’ll definitely have to do something there.
- 08:29 – Anyone have any opinions about WordOfBlog.net – they have contacted us about putting a graphic in there and I’m still not sure what all it is.
- 09:18 – IPCommunications.com(TMC.Net): Verizon Blocks Threats Linked to IP-Based Phone Systems (see also news release: Verizon launches ‘VoIP Security Assessment Service’
- 10:53 – VOIPSA Blog: A Tour Through Zfone by Eric Chen of NTT
- 12:01 – Computer Weekly: Skype to tighten up VoIP security – also CNet: Skype to address user identification concerns and VOIPSA blog
- 13:42 – VOIPSA Blog: Skype security pointing to RECON presentations part one and part two
- 14:51 – eWeek: Unpatched iTunes, Skype, Firefox Inviting Malware Targets
- 15:42 – VOIPSA blog: Black Hats and Evil Twins by Martyn Davies on WiFi
- 16:23 – ITBusiness.ca: VoIP systems bring in new vulnerabilities
- 16:40 – Dave Endler and Mark Collier launch a website and a weblog about their upcoming book “Hacking VoIP Exposed”. They will also be out at Black Hat in August.
- 18:09 – CNet: FCC approves new Internet phone taxes
- 20:02 – Mitel: Two out of three UK business unprepared for disasters
- 21:33 – XConnect Announces Availability of Local Directory Server™; Telio and VozTelecom First Alliance Members to Deploy
- 22:00 – Feature discussion/tutorial about ENUM:
- Wikipedia entry on ENUM
- IETF ENUM WG charter
- RFC 3761: The E.164 to Uniform Resource Identifiers (URI) Dynamic Delegation Discovery System (DDDS) Application
- IETF ENUM Working Group Internet drafts
- ITU page on ENUM
- Richard Stastny’s VoIP and ENUM blog
- Voiponder: ENUM: Mapping the E.164 Number Space into the DNS
- Eurescom mess@ge: ENUM – The bridge between telephony and the Internet
- Internet Telephony: ENUM—It’s All In The Numbers
- Powerpoint presentations: Overview of ENUM and Richard Stastny’s overview of current status
- ENUM Forum
- Voice Peering Forum
- CC1 ENUM LLC
- Austrian ENUM Trial Site (all in German)
- e164.org
- e164.info (private peering network)
- Expired Internet draft on Privacy and Security Considerations in ENUM
- ENUM / E.164 Validation Architecture
- Electronic Privacy Information Center (EPIC) page on ENUM
- Roger Clarke: ENUM – A Case Study in Social Irresponsibility
- 2nd Annual ENUM Sumit 2006 on April 19-20, 2006, in Boston
- ENUM and VoIP Peering Forum on June 19-20 in London
- CircleID website
- Nominum: Paul Mockapetris on Harmonizing the World of IP Communications with ENUM Technologies (co-inventor of DNS)
- 36:00 – Upcoming Shows:
- July 9-14, Montreal, Canada, IETF 66th Meeting
- July 19-21, Tokyo, Japan, VON Japan
- August 2-3, Las Vegas, Black Hat 2006
- August 8-10, Santa Clara, CA, 3rd Annual VoIP Developer Conference
- Sept 11-14, Boston, MA, Fall VON 2006
- Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
- 37:09 – Email comment from Simon Wood
- 39:18 – Audio and email comment from Miguel Castillo Holgado
- 42:27 – Email comment from Reid Palmeira
- 43:18 – Audio comment from Andy Zmolek and mention of audio comment from Perry Engle
- 44:11 – Email comment from Miguel Castillo Holgado asking about Juniper’s white papers
- 46:15 – Review of the last week’s traffic on the VOIPSEC public mailing list, mostly focused on softphone vulnerabilities and a continued heavy discussion of Skype security
- 47:22 – Wrap-up of the show
- Mention of our Frappr map
- 48:45 – End of show
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.
Thank you for listening and please do let us know what you think of the show.
Blue Box #31: VoIP Fraud case, CALEA tutorial/commentary, VoIP security news, comments and more
Synopsis: VoIP fraud case, CALEA tutorial/commentary, VoIP security news, listener comments and much, much more…
Welcome to Blue Box: The VoIP Security Podcast show #31, a 53-minute podcast from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This show includes a 10-minute segment on the recent Pena/Moore VoIP fraud case and about a 15-minute discussion of the recent FCC decision about CALEA and what that means. There is of course the usual coverage of VoIP security news and comments from listeners
Download the show here (MP3, 61MB) or subscribe to the RSS feed to download the show automatically.
You may also listen to this podcast right now:
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.
NOTE: I would welcome any comments about the audio quality of this MP3 file as compared to our other shows would be appreciated – I am trying out a new audio encoder. Thanks.
Show Content:
- 00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners. Mention of our listener survey – PLEASE TAKE A MOMENT TO COMPLETE THE SURVEY! (Thank you!) It looks like Dan will most likely be at the IETF 66th Meeting in Montreal, June 9-14 – Please drop us a note if you are going to be there. Check out VOIPSA’s blog if you have not already done so.
- 10:28 – Feature discussion of recent VoIP fraud scam that was all over the news:
- DOJ News Release
- DOJ complaint against Pena
- DOJ complaint against Moore
- Business Week: Is Your VoIP Phone Vulnerable? (and my VOIPSA blog response as well as Slashdot: VoIP Security Vulnerabilities)
- New Telephony: VoIP Network Security: How a Hacker Took Advantage of Vulnerabilities
- Networking Pipeline: VoIP’s Real Security Threat
- TMC.net: VoIP Security Hack Highlights the Need for Proactive Solutioins (by Bogdan Materna)
- FOX News / Eweek: Alleged VoIP Scam Highlights Looming Security Threat
- 20:26 – Feature discussion on CALEA and the recent FCC decision:
- VOIPSA blog
- Computer World: Court upholds VoIP wiretapping
- Jeff Pulver blog: The Week I Wish that Wasn’t—Down and Out in Washington, DC
- InfoWorld: Internet pioneers: VOIP wiretapping complicated
(and VOIPSA blog )
- IT Assoc of America: CALEA and VoIP: Study Finds Wiretaps in Cyberspace Problematic
- VOIPSA blog
- 36:43 – Core Technologies Uncovers Vulnerabilities
- 37:41 – VOIPSA Blog: Not Just SPIT but SPOG and SPOM by Martyn Davies
- 38:19 – Burton Group analyst Irwin Lazar’s report Debunking the Hype About Skype now available with free login
- 38:53 – Burton Group session on VoIP
- 39:14 – VON Magazine online: Black Hat tracks VoIP
- 40:53 – Webtown – Jan in Malaysia: Ipoque PRX Traffic Manager now able to detect, control and block Skype Version 2.5. (trackback to http://www.typepad.com/t/trackback/5124548 )
- 41:23 – Steve Gibson’s Security Now covered NAT in #42 and Open Ports in #43.
- 42:02 – Upcoming Shows:
- July 9-14, Montreal, Canada, IETF 66th Meeting
- July 19-21, Tokyo, Japan, VON Japan
- August 2-3, Las Vegas, Black Hat 2006
- August 8-10, Santa Clara, CA, 3rd Annual VoIP Developer Conference
- Sept 11-14, Boston, MA, Fall VON 2006
- Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
- 42:47 – Email comment from Mark Trifiro about having links launch in new windows
- 44:44 – Audio comment from Adrian Braun
- 45:27 – Email comment from Miguel Garcia – will be at IETF
- 45:51 – Email comment from “verizon user” pointing to ITAA report being on RISKS list
- 46:24 – Email comment from David Belle-Isle (threat vs vulnerability)
- 47:40 – Email comment from Chris Serafin about giving a customer case study
- 49:28 – Review of the last week’s traffic on the VOIPSEC public mailing list, mostly focused on softphone vulnerabilities and a continued heavy discussion of Skype security
- 51:26 – Shoutout to Sasha, the host of the Skype podcast
- 51:50 – Wrap-up of the show
- Mention of our Frappr map
- 53:15 – End of show
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.
Thank you for listening and please do let us know what you think of the show.
Show #31 will be delayed until Monday
Unfortunately, it appears that some issue with low disk space on my laptop (I’m currently travelling) caused my edited audio file to become corrupted. Luckily (because it was a great show) I have a copy of the unedited show, but I now have to re-do the post-production, which with current travel is not something I will probably be able to do until Sunday evening or Monday morning. So look for the show then. (And in the meantime I’ve freed up a large amount of diskspace to prevent the recurrence.)
I’ll briefly explain a bit more of what happened in show #32, which we are recording on Monday with the goal to have it out next Wednesday. So you’ll probably wind up with two shows next week.
Thanks, again, to all of you who contacted me to let me know what happened.
Problem with file for show #31 – stay tuned
Thanks to the several listeners who called/emailed to tell me that there was a problem with the MP3 file for show #31. I have no idea what happened, but I’ve pulled down the file and weblog entry until I can figure it out.
UPDATE: It appears that my edited file was corrupted (potentially due to low disk space), so it looks like I need to re-edit at least some portion of the file (good news is that I have the original recording)… so it will be a longer project that I’ll have to do tonight.
FYI – shortened ID3 “name” field may affect sorting in your MP3 player
With show #30, I made a subtle change to the "Name" field of the ID3 tags associated with the show MP3 file. Instead of "Blue Box Podcast #30: …", it is now "Blue Box #30: …". I made the change after looking at a list of shows on my iPod and realizing that you couldn’t see the number in the limited number of characters on the screen. There is no easy way to know which show was listed. I figured having "Podcast" in the ID3 name was rather redundant, so I dropped it.
The only impact this may have on you is that if you use iTunes or another MP3 player that lets you sort by track name (or defaults to doing this), "Blue Box #30:…" will now be listed before the previous episodes whose names began "Blue Box Podcast #xx:…". Note that there was no change to the file name – this was purely in the ID3 tags associated with the file.
Blue Box #30: Voip security in mainstream media, Martyn Davies report on Third Annual VoIP Security Workshop in Berlin, much more…
Synopsis: VoIP security in the mainstream news, Martyn Davies’ report on the 3rd Annual VoIP Security Workshop in Berlin, listener comments and much, much more…
Welcome to Blue Box: The VoIP Security Podcast show #30, a 57-minute podcast from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This show includes a 24-minute report from Martyn Davies on the 3rd Annual VoIP Security Workshop in Berlin. Martyn’s report also includes interviews with workshop participants.
Download the show here (MP3, 65MB) or subscribe to the RSS feed to download the show automatically.
You may also listen to this podcast right now:
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.
NOTE: I would welcome any comments about the audio quality of this MP3 file as compared to our other shows would be appreciated – I am trying out a new audio encoder. Thanks.
Show Content:
- 00:20 – Intro to the show, contact information and how to provide comments. Welcome to all the new listeners. Mention of our listener survey – PLEASE TAKE A MOMENT TO COMPLETE THE SURVEY! (Thank you!) It looks like Dan will most likely be at the IETF 66th Meeting in Montreal, June 9-14 – Please drop us a note if you are going to be there. Check out VOIPSA’s blog if you have not already done so.
- 01:43 – Asterisk vulnerability with IAX2
- 02:50 – Discussion of recent VoIP fraud scam that was all over the news:
- NY Times: Hacker said to resell Internet Phone Service (sent in by Mark Trifiro )
- DOJ News Release
- DOJ complaint against Pena
- DOJ complaint against Moore
- CNET: Hacker cracked Net phone networks for gain, feds say (sent in by Craig Bowser)
- VOIPSA Blog posting
- ABC News: Miami Man Arrested for Theft of VoIP Calls
- TMC.net: Hacking Scheme, Arrests Highlight Embryonic State of VoIP Security
- Information Week: VoIP Security Alert: Hackers Start Attacking For Cash
- 10:07 – Red Herring: VoIP Security Attracts Funding (also TMC.net: SIP Expert Covergence Secures $15 Million in Series C Funding )
- 11:00 – NetworkWorld: Cisco, Juniper, Nortel airing telecom gear at Globalcomm and Red Orbit: Prepare for the coming VoIP Revolution
- 11:39 – New Zealand Reseller Online: Border patrol on worldwide scale
- 12:02 – ComputerWorld Malaysia: Wireless and VoIP security
- 12:15 –NIST releases two publications:
- 12:59 – CE-Infosys today
announced the release of secure VoIP solution [ClosedTalk]® which
include enhanced features and maintain the highest standard of security
for free Internet-based phone calls. - 13:38 – Ranch Networks Announces Availability of its Asterisk Security Code in Digium’s New Version of the Asterisk Business Edition
- 13:57 – Info Security Products Guide Names Covergence’s Eclipse Winner of the 2006 Global Excellence in VoIP Award; Eclipse Gains the Highest Trust of Customers Worldwide as Chosen by Info Security’s Readers
- 14:28 – June 21, CheckPoint: Cut Costs and Increase Flexibility With A Secure VoIP Solution (from Craig Bowser)
- 15:12 – Burton Group analyst Irwin Lazar’s report Debunking the Hype About Skype now available with free login
- 15:41 – Upcoming Shows:
- June 20-21, Tel Aviv, Israel, VON Israel
- July 9-14, Montreal, Canada, IETF 66th Meeting
- July 19-21, Tokyo, Japan, VON Japan
- August 2-3, Las Vegas, Black Hat 2006
- August 8-10, Santa Clara, CA, 3rd Annual VoIP Developer Conference
- Sept 11-14, Boston, MA, Fall VON 2006
- Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
- 16:34 – Feature report from Martyn Davies on the 3rd Annual VoIP Security Workshop in Berlin. Note that the presentations now online (or as one file ).
- 41:58 – Comment from Hank Cohen
- 42:48 – Audio comment from Patrick
- 43:50 – Comment from Sergio Meinardi
- 45:04 – Comment from Trent Williams
- 45:51 – Comment from Perry Engle
- 50:39 – Review of the last week’s traffic on the VOIPSEC public mailing list, mostly focused on softphone vulnerabilities and a spirited discussion of Skype security!
- 53:16 – VOIPSA blog
- 54:00 – www.vloggercon.com and the upcoming Podcast Academy
- 55:14 – Podcast and Portable Media Expo, Sept 29-30, Ontario, California
- 55:27 – Wrap-up of the show
- Mention of our Frappr map
- 56:56 – End of show
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.
Thank you for listening and please do let us know what you think of the show.