Synopsis: VoIP security news, WiFi phone vulnerabilities, comments, news, VOIPSEC review

Welcome to Blue Box: The VoIP Security Podcast show #10, a 41-minute podcast  from Dan York and Jonathan Zar around news and commentary in the world of VoIP security.

Download the show here (MP3, 39MB) or subscribe to the RSS feed to download the show automatically.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners. , especially those who joined as a result of Andy Abramson’s mention of the show in VoIPWatch. Mention of Frappr map for the show.  Please join the map!
• 02:17 – Mention that we are open to considering other contributors, either as "correspondents" or potentially as another co-host. Drop us an e-mail if you are interested in being considered!
• 02:33 – Note that comments and trackbacks to the show blog are now unfortunately moderated due to spam
• 03:40 – Upcoming events – Dan will be attending O’Reilly’s Emerging Telephony Conference in San Francisco January 24-26. If you are also planning to be there, please drop us an e-mail.
• 05:22 – If anyone will be attending Internet Telephony happening at the same time in Florida, we would love some reports coming out of the show.
• 06:12 – Comment section – comment from "natas" on the show and being in Vermont
• 06:56 – Comment from Al Samuelson asking about info for small companies without IT staff
• 10:03 – Lengthy comment (and discussion) from Shawn Merdinger on testing of wireless (WiFi) phones
  • Mention that his next round of disclosures will be out January 15th at Shmoocon in Washington, DC
• 20:51 – News section – Call for papers for NOMS2006 extended to Jan 10th
• 21:29 – ABC News / PC Magazine: Skype Security Questioned
• 23:15 – Network World: SPIT Happens
• 25:20 – Red Herring: Top Security Trends for 2006
• 26:13 – Government Technology: GT Spectrum
• 27:32 – VON Magazine now sending out twice-monthly "Focus on Security". Latest issue included:
  • Cloudshield introduces VoIP traffic analysis tool
  • m5t releases study "SIP Stack Evaluation with Integrated Security"
• 29:18 – GNUTelephony.org
• 31:09 – News releases:
  • Managed Service Providers Deploy NetIQ for VoIP Management
  • Ingate Remote SIP Connectivity for Ingate Siparator® 45 Named Product of the Year
• 32:05 – Review of the last week’s traffic on the VOIPSEC public mailing list. Major topics this week included a poll results from Chris Martin discussion of a SIP vulnerabilities, carrier versus peer-to-peer, Skype security. The security discussion included Rodney Thayer who has written for Network World about Skype and has his own security presentation on Skype
• 39:20 – Wrapup of the show:  upcoming shows, notes about contributing, information about how to provide comments.
• 41:28 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Download the show here (MP3, 39MB) or subscribe to the RSS feed to download the show automatically.

Thank you for listening and please do let us know what you think of the show.

Synopsis: VoIP security news, year in review, VOIPSEC review

Welcome to Blue Box: The VoIP Security Podcast show #9, a 29-minute podcast (with 4 bonus minutes… read on) from Dan York and Jonathan Zar around news and commentary in the world of VoIP security.

Download the show here (MP3, 32MB) or subscribe to the RSS feed to download the show automatically.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.  Mention of Frappr map for the show.  Please join the map!
• 02:40 – Mention that we are open to considering other contributors, either as "correspondents" or potentially as another co-host. Drop us an e-mail if you are interested in being considered!
• 05:25 – Comment section – Mark Collier comments on podcast #7
• 07:24 – Mark Gerschefske asks about IETF and show notes  (anyone interested in helping with show notes?)
• 11:00 –  News section – VoIP Magazine IP Security in a Hosted Environment – written by our guest of last week, Mark Collier
• 12:00 – Developing Carrier-Grade Security for Service Providers – written by Bogdan Materna of VoiPShield, who will be our interview guest on the week of January 16th
• 13:05 – Network World: LAN switches to get smarter about VoIP security about Avaya, Extreme and LLDP-MED.  (Also mention of Mitel news release)
• 15:21 – New Mexico Business Weekly: Oh, SPIT! Security woes hit voice over Internet too
• 16:24 – CSO: INTEROP: Security Experts Urge a ‘Say Yes’ Mindset
• 17:16 – ComputerWorld Singapore: VoIP beyond the enterprise LAN
• 17:53 – O’Reilly.com: Andy Oram provides a recap of Fall 2005 VON in an article entitled VoIP is All Business At VON
• 18:20 – Lockergnome: Need VoIP Security: Get a Tunnel of Tom Cross’ Techtionary.com website.
• 19:01 – Discussion of what lies ahead in 2006 for VoIP security.  Also included mention of two Skype-related postings:
  • Tom Keating: Block Skype – discussion of blocking Skype including directions of how to configure SonicWALL firewalls to do so
  • Rich Tehrani: Skype fear – speaks to the fact that Skype is a development platform and could allow apps using the Skype APIs to ride the Skype connections into your network
• 25:16 – Review of the last week’s traffic on the VOIPSEC public mailing list. Major topics this week included a continued discussion of a list of VoIP vulnerabilities, assessing Skype’s network impact, questions from graduate students.
• 26:38 – Wrapup of the show:  upcoming shows, notes about contributing, information about how to provide comments.
• 28:38 – End of show

Also, as a holiday bonus – and because podcasts all over the Internet are participating in this effort, after the regular show outro around 29 minutes, the show includes the UNICEF-benefit song "If Every Day Were Christmas" created by Podsafe for Peace, a collaboration of 32 artists in 9 countries very much along the lines of the "We Are The World" effort back in 1985 – only this time the artists did not physically meet and it was all put together digitally.  If you have not heard it yet, it is well worth a listen.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

NO PODCAST NEXT WEEK!  We are taking a break for the holidays but will be back with a new show on the week of January 2nd.  Have a great holiday season… and we will catch up with you in the new year…

Thank you for listening and please do let us know what you think of the show.

Synopsis: VoIP security news, interview with Mark Collier, CTO of SecureLogix

Welcome to Blue Box: The VoIP Security Podcast show #8, a 47-minute podcast (with 6 bonus minutes… read on) from Dan York around news and commentary in the world of VoIP security.

Download the show here (MP3, 48MB) or subscribe to the RSS feed to download the show automatically.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Though we tried very hard to connect (including planning to do the show with Jonathan calling in from an airport), Jonathan was travelling again this week and so Dan was solo again. This show does feature a 19-minute interview with Mark Collier, CTO of SecureLogix.

Show Content:

Detailed show notes will be available soon.  Due to the fact that I (Dan) am travelling tomorrow, I’m loading the show up here for listeners.  Show notes should appear late Wednesday night.

I will note that at approximately 22:10 I begin a very interesting 19-minute interview with Mark Collier, CTO of SecureLogix.  With 20 years experience in the field, Mark brings a wealth of expertise to the conversation, which ranged over topics such as the current state of VoIP security, standards, Skype, new projects, and Mark’s dire prediction for 2006.  Well worth a listen.

Also, as a holiday bonus – and because podcasts all over the Internet are participating in this effort, after the regular show outro around 47 minutes, the show includes the UNICEF-benefit song "If Every Day Were Christmas" created by Podsafe for Peace, a collaboration of 32 artists in 9 countries very much along the lines of the "We Are The World" effort back in 1985 – only this time the artists did not physically meet and it was all put together digitally.  If you have not heard it yet, it is well worth a listen.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis: VoIP security news, comments and opinions

Welcome to Blue Box: The VoIP Security Podcast show #7, a 28-minute podcast from Dan York around news and commentary in the world of VoIP security.

Download the show here (MP3, 26MB) or subscribe to the RSS feed to download the show automatically.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Jonathan was travelling this week and unable to participate.  We mentioned previously that Bogdan Materna from VoIPShield Systems would be interviewed this week but unfortunately he fell ill and was unable to join us.  We’ll reschedule that interview in the weeks ahead.  Our thanks go out to Tom Cross of Techtionary.com, who provided some content for today’s show.

Show Content:

• 00:20 – Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.
• 02:22 – Mention of upcoming interviews:  SecureLogic, VoIP Shield, potentially Qovia
• 03:55 – Comments section – first comment in from Scott Berkman offering a new logo (see the image to the right).  Many thanks, Scott!  Comments are welcome.
• 05:59 – Chuck Tanowitz from Schwarz Communications pitching an interview with Qovia
• 06:58 – Paul Sorge at HP Procurve finds the podcasts useful and likes the intro with phones
• 07:21 – Mike Strock mentions the show in his blog and finds the phone intro extremely annoying
• 08:16 – Rick Robinson at Avaya comments on the real versus perceived threats to VoIP
• 09:33 – The PR firm for NetClarity contacted us about NetClarity’s patent filing
• 10:29 – Craig Bowser sent in a link to a SecurityPipeline article on 3Com’s new switch with VoIP capabilities – see also the 3Com’s news release
• 12:20 – Wrapup of comments and information about sending in comments
• 13:08 – News section – Der Spiegel article on attack against cell phone voicemail and the linkage to VoIP (in German – a very brief English summary is available)
• 15:55 – ComputerWorld Australia: Fluke to acquire Visual Networks – see also the Fluke news release
• 16:45 – Bank Technology News: Voip Security Threats: Swimming With The Sleeping Sharks?
• 17:52 – ZDNet: Attention Skype-haters: SkypeKiller lets you wipe Skype from your network for good
• 18:04 – Business Week: Getting skittish about Skype (a sidebar to a larger article)
• 19:39 – LightReading: Verso responds to Skype
• 20:15 – ZDNet: Mass mailer worm maquerades as Skype update
• 21:24 – Network World: VoIP scheme gets big backers which includes an audio interview with Cullen Jennings of Cisco about ICE and a mini-tutorial on the topic
• 21:59 – Mini-feature: Tom Cross (of Techtionary.com) asks if companies are developing policies around the monitoring of VoIP calls
• 24:01 – Review of the last week’s traffic on the VOIPSEC public mailing list. Major topics this week included a request for contacts for people interested in VoIP fraud (i.e. billing abuse) and a discussion of whether RTP could be a transport for viruses.
• – Request for feedback – Do you find this VOIPSEC review section of the show useful? Please send comments to blueboxpodcast@gmail.com.
• 25:55 – Final comments – looking for suggestions for the lists of VoIP podcasts and VoIP security books currently on the side of the podcast weblog
• 26:32 – Wrapup of the show and information about how to provide comments.
• 28:04 – End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.