Synopsis: Interview with VOIPSA Chair David Endler, VoIP security news for the week, our listener survey, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast show #28, a 62-minute podcast  from Dan York and Jonathan Zar with news and commentary about the world of VoIP security.  This show includes a 14-minute interview with David Endler, Chair of the VoIP Security Alliance (VOIPSA).

Download the show here (MP3, 56MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

In this show we also mentioned the final week of our promotion – anyone submitting audio comments (either by email or calling the comment line) before the next show will be eligible for a drawing for a free copy of "Practical VoIP Security" from Syngress Press. Many thanks to Bruce Stewart and the folks at O’Reilly & Associates (who distribute Syngress books) for providing this book.
Five people have so far submitted audio comments, so your odds of winning are very good if you submit a comment before the end of the month!

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.  Mention of our listener survey – PLEASE TAKE A MOMENT TO COMPLETE THE SURVEY!  (Thank you!)
• 01:46 – List of podcast topics – give it a look and do send us your comments (or call them in!)
• 02:57 – New book from Alan Johnston and David Piscitello, Understanding Voice over IP Security
• 04:17 – Skype security vulnerability and discussion in Skype Security Blog
• 05:48 – Security Watch: Skype 2.5 changes call setup to evade blocking points to VoIP News Australia article
• 08:01 – Ken Camp – Two more stories describe Skype as a ‘problem’
  – points to two articles and also asks if anyone in the corporate world
  likes Skype?
• 13:34 – NY Times: VoIP Encryption May Draw U.S. Scrutiny about Phil Zimmermann’s release of the Windows beta of Zfone – also check out Phil’s Zfone FAQ
• 17:27 – VOIPSA Blog: What is the Fuzz about?
• 19:48 – Slate: How do you jam a phone?
• 21:50 – Launch of .tel domain (and Marc Robins blog and .mobi and ipwalk blog post)
• 25:50 – VOIPSA Blog: Reliable VoIP
• 29:30 – Covergence Teams with CounterPath Solutions to Deliver Bullet-Proof VoIP Security for SIP Softphone; Companies Can Now Offer Customers Complete VoIP Security
• 30:29 – Mitsubishi
  Corporation Partners With CloudShield Technologies to Deliver VoIP and
  Content Service Control Solutions for Japanese Carriers
• 31:32 – Ingate Secures VoIP Traffic with SRTP in New Software Version 4.4
• 32:00 – Feature interview with David Endler, Chair of the VoIP Security Alliance (VOIPSA)
• background on creation of VOIPSA
• major accomplishments
• what’s next for VOIPSA
• new projects
• how people can help
• Dave’s own background
• 46:34 – Comment from Emmanuel Goitia (discussion included http://www.techtionary.com and http://www.information.aero)
• 51:09 – Comment from Adrian Braun on JITC conference
• 52:00 – Comment from Sergio Meinardi on podcast topics (and Prius)
• 52:58 – Audio comment from Al about avoiding the NSA
• 55:25 – Comment from Dave Roper suggesting a show topic and inquiring about jobs (here is his email address if interested in learning more)
• 56:44 – Review of the last week’s traffic on the VOIPSEC public mailing list, including John Todd’s actual attack and discussion of Phil Zimmermann’s Zfone
• 57:52 – Brief discussion of ISN (a.k.a. www.freenum.org )
• 59:15 – Wrap-up of the show
• 61:42 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis: Eavesdropping tutorial, VoIP security news for the week, our listener survey, US DoD conference report, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast show #26, a 51-minute podcast  from Dan York and Jonathan Zar with news and commentary about the world of VoIP security.  This show includes a 19-minute tutorial on eavesdropping issues, discussion of our our listener survey and a brief report about Dan’s visit to the US Dept of Defense Telecommunications Services Interoperability Conference last week in Arizona.

Download the show here (MP3, 43MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

In this show we also mentioned our new promotion – anyone submitting audio comments (either by email or calling the comment line) before the end of May will be eligible for a drawing for a free copy of "Practical VoIP Security" from Syngress Press. Many thanks to Bruce Stewart and the folks at O’Reilly & Associates (who distribute Syngress books) for providing this book.
Three people have so far submitted audio comments, so your odds of winning are very good if you submit a comment before the end of the month!

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.  Mention of our listener survey – PLEASE TAKE A MOMENT TO COMPLETE THE SURVEY!  (Thank you!)
• 03:53 – Skype gives away NA PSTN calls (also Skype blog and Skype Journal view )
• 06:02 – VoIP News Australia: Another way to ban Skype
• 07:07 – SearchSecurity.com: Skype: Its dangers and how to protect against them
• 07:28 – Network World: How to protect your VoIP Network (tip of the hat to Ken Camp )
• 08:07 – IT Observer: Tackling the VoIP Security Threat
• 08:33 – IT Observer: VoIP Security: Q&A with Matthew Rosen, CEO Fusion
• 09:06 – CIO: VoIP Security: It’s all about the implementation
• 09:45 – Avaya  “VoIP Security for Dummies” short book – available from Avaya Developer Connection or Webtorials.com
• 10:33 – Thanks to Ken Camp for raving about the show
• 10:49 – DSL Forum announces release of TR-122 (see also Last Mile News and LightReading )
• 11:27 – Discussion of some of the data so far from our listener survey (please do take a few minutes to complete it if you have not already done so – thanks!)
• 16:12 – Feature tutorial section on eavesdropping
  • what are the issues?
  • what is involved?
  • how is it different from the TDM world?
  • how do you protect against it?
• 34:57 – Comment (email) from Bobby Fentress
• 36:35 – Comment (blog) from Choonghun Lee
• 37:37 – Comment (audio) from Bobby Fentress
• 39:45 – Brief report from Dan on his attendance at the US Dept of Defense Telecommunications Services Interoperability Conference hosted by the Joint Interoperability Test Command at Fort Huachuca in Arizona, USA.  Mention of the IASE and their Security Technical Implementation Guides (STIGs) which includes one on VoIP, as well as their Security Checklists.
• 47:10 – Review of the last week’s traffic on the VOIPSEC public mailing list.
• 48:31 – Wrap-up of the show – should we do something with video?  What about a "Skypecast"?
• 51:42 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis: VoIP security news for the week, our listener survey, many listener comments and more

Welcome to Blue Box: The VoIP Security Podcast show #26, a 41-minute podcast  from Dan York and Jonathan Zar with news and commentary about the world of VoIP security.  This show also introduces our listener survey.

Download the show here (MP3, 38MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

In this show we also mentioned our new promotion – anyone submitting audio comments (either by email or calling the comment line) during April or May will be eligible for a drawing for a free copy of "Practical VoIP Security" from Syngress Press. Many thanks to Bruce Stewart and the folks at O’Reilly & Associates (who distribute Syngress books) for providing this book.

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.  Mention of our listener survey – PLEASE TAKE A MOMENT TO COMPLETE THE SURVEY!  (Thank you!)
• Show notes will be posted tomorrow.
• 41:25 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis: Special edition with a presentation on VoIP Security given by Dan York at the IP Telephony for Government conference on April 18, 2006, in Arlington, VA.

Welcome to a special edition of Blue Box: The VoIP Security Podcast where we present a recording of a presentation that Dan York gave on April 18, 2006, in Arlington, Virginia, at the IP Telephony Solutions for Government conference sponsored by the Homeland Defense Journal and IT*Security Magazine.  In this presentation, Dan provides an introduction to VoIP security issues, discusses threats and briefly touches on best practices to protect against those threats.

Download the show here (MP3, 38MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

You may also download the presentation slides to follow along during the recording.  The total show runs about 41 minutes.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis: A brief show with VoIP security news, our listener survey and more

Welcome to Blue Box: The VoIP Security Podcast show #25, a 20-minute podcast  from Dan York and Jonathan Zar with news and commentary about the world of VoIP security.  This show also introduces our listener survey.

Reminder: There will not be a show next week as Dan will be away.

Download the show here (MP3, 18MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

In this show we also mentioned our new promotion – anyone submitting audio comments (either by email or calling the comment line) during April will be eligible for a drawing for a free copy of "Practical VoIP Security" from Syngress Press. Many thanks to Bruce Stewart and the folks at O’Reilly & Associates (who distribute Syngress books) for providing this book.

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.  Mention of Frappr map for the show.  Please join the map!
• 02:45 – Discussion of language in comments and desire to keep the show "work- and family-safe"
• 03:57 – Mention of Dan’s impending visit to the Podcast Academy at Boston University
• 04:24 – Tutorials in May – would you be interested in participating?
• 04:37 – VOIPSA has launched a new VoIP security-related weblog
• 05:26 – CNET (published by Znet): VoIP products could face export crackdown
• 07:40 – The Register: Security pros give VoIP the brush-off
• 08:33 – Sci-Tech Today: Symantec tunes up IM Monitoring
• 09:14 – Daily Tech: Intel Details Hardware Acellerated VoIP  (also IT Week UK )
• 09:54 – Aswath: How COULD Skype support CALEA? (tip of the hat to Ken Camp’s blog )
• 11:45 – TMC.Net: Cloudmark Detects – and Thwarts – New VoIP Phishing Threat Discovered on its Network – See also:
  • InformationWeek: Phishers Snare Victims with VoIP
  • Techweb wire )
  • TechWorld UK (via IDG): VoIP technology aids phishers
  • Dan’s blog rant about all of this
• 15:09 – Comment from Mike Thompson with feedback about the show
• 16:26 – Introduction of our our listener survey
• 17:56 – Review of the last week’s traffic on the VOIPSEC public mailing list. Discussion around identity management and VoIP, IPSec and VoIP security, and the "phishers snare victims with VoIP" article
• 18:35 – Wrap-up, info about how to leave comments, upcoming shows, etc.
• 19:42 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis: Super-sized edition – Two interviews, one with David Schwartz, CTO of Kayote networks and one with Rodolfo Rosini, CEO of Cellfire Security.  VoIP security news, opinions and many comments from listeners, along with a way to potentially win a copy of a new book on VoIP security.

Welcome to Blue Box: The VoIP Security Podcast show #24, a 109-minute podcast  from Dan York and Jonathan Zar with news and commentary about the world of VoIP security.  This show also features a 38-minute interview with David Schwartz, CTO of Kayote Networks about his perspective on the IETF meeting in Dallas in March and SIP Identity and SPIT as well as another 18-minute interview with Rodolfo Rosini, CEO of Cellfire Security about his new startup.

This show is extra-large this week because there will be no show next week due to vacation travel and we wanted to make these interviews available.

Download the show here (MP3, 100MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

In this show we also mentioned our new promotion – anyone submitting audio comments (either by email or calling the comment line) during April will be eligible for a drawing for a free copy of "Practical VoIP Security" from Syngress Press. Many thanks to Bruce Stewart and the folks at O’Reilly & Associates (who distribute Syngress books) for providing this book.

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.  Mention of Frappr map for the show.  Please join the map!
• 04:04 – Discussion of the "IP Telephony Solutions for Government" show where Dan spoke last week in DC and where he was able to spend some time with listener Craig Bowser.
• 07:28 – Mention of the book promotion, audio comments via  Waxmail, vacation plans and an impending visit to the Podcast Academy at Boston University
• 09:40 – Tutorials in May – would you be interested in participating?
• 12:16 – General Dynamics Sectera vIPer secure phone
• 12:56 – Federal Computer Week: Army using VoIP in the battlefield
• 15:14 – ITWales: Keeping the VoIP house in order  (Jonathan Zar article again! Not in Welsh, though…)
• 16:46 – EFY News: Juniper Introduces Solution to Enhance VoIP Security
• 17:34 – ZDNet UK: Security report sponsorship defended  (should report on security be sponsored by security companies?)
• 21:17 – TMC.Net: Deploying Secure VoIP in the Small Enterprise (by Bogdan Materna)
• 21:42 – VoIPLoop: Does VoIP Need Encryption? (by Irwin Lazar)
• 25:02 – Realtime VoIP: Ken Camp wrote a VoIP and Firewall paper
• 25:38 – VoIP News: Tom Cross on VoIP Security Series: Part One – The Server
• 26:16 – Skype Journal: FT: Zennström confirms Skype filters text; questions he would not answer points to Financial Times article
• 28:18 – Gary Audin at VoIPLoop on Sox Compliance  (tip of the hat to Irwin Lazar)
• 30:45 – beta-dot: Narus Helps Countries to Block VoIP
• 32:14 – New blogs:
  • Telecom, Security and P2P
  • VoIPLoop
• 33:36 – Westcon Group and Sipera announce global distribution agreement=
• 33:58 –UHS Broadens Availability of IP-Based Alarm Monitoring in the U.S.
• 34:43 – Upcoming shows:
  • April 18, DC (Arlington, VA) Homeland Defense & IT Security Training Conference  (I’ll be speaking)
  • Interop, April 30-May 5, Las Vegas (anyone going?)
  • June 1-2, DC, Workshop on VoIP security by Cybersecurity Industry Alliance and tekVizion – free to US gov, $195 for others
  • June 1-2, Berlin, Third Annual VoIP Security Workshop
• 37:08 – Feature interview with David Schwartz of Kayote Networks. In this 38-minute interview, David discusses:
  • The background and products of Kayote Networks
  • Why he believes SPIT is more of a concern than many others view it as
  • SIP peering, business models and security issues
  • His perspective on attending the IETF meeting in Dallas last month, and specifically issues discussed there around SPIT and SIP Identity
  • An explanation of the proposed SIP Identity mechanism
  • His views on why "policy" is incredibly important
  • The dangers lurking in SIP routing and how unprotected it is

  This is the second part of our IETF-related interviews (the first was in show #22) and we hope this has given you a good perspective on what occurred at that meeting.

• 74:48 – Comment section and review of quick comments from Shawn Merdinger, Martyn Davies, Mark Collier and Craig Bowser
• 75:10 – Albert Maruggi on how the medium has impacted our business
• 80:02 – Leslie Asamoa-Krodua on identity management
• 81:49 – Martyn Davies on show format
• 83:11 – Kand Palanisamy on show format
• 84:20 – Dan Wing with a slight correction to his slides  (also note that IETF changed the URL after I uploaded the show notes – thanks to Irwin Lazar for catching that)
• 85:26 – J.Stein on episode 22
• 86:18 – Feature interview with Rodolfo Rosini, CEO of Cellfire Security, a startup focused on VoIP security with a particular focus on cell phones.  He provided a background on the company, its product that is now entering beta, the survey they recently concluded and the fact that they are hiring in London and San Francisco.
• 104:39 – Review of the last week’s traffic on the VOIPSEC public mailing list. Discussion around client authentication, Cisco-specific tools, reviews of the Practical VoIP Security book, SOX compliance, managed security service providers and much more
• 106:49 – Wrap-up, info about how to leave comments, upcoming shows, etc.
• 109:00 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.