Welcome to Blue Box: The VoIP Security Podcast!

Greetings!  Welcome to our little corner of the online world where, from 2005-2008, once a week (roughly) we got together to have a conversation about Voice-over-IP (VoIP) security.  As you look down the page, you'll see that we have two general types of shows. Our "main" shows are where we get together and discuss the latest VoIP security news, offer commentary on topical issues and play and respond to listener comments.  These shows have been numbered consecutively since our start in October 2005 and generally run about 45 minutes.  Our "Special Edition" podcasts (now designated with a "SE" in the show title) are typically special interviews we have done, presentations we have given or panels/presentations from conferences that we have been able to record.  They are quite diverse and so do vary widely in length.  As you'll notice in our main shows, we've developed a wonderful community of listeners and always welcome comments, contributions or other feedback. Thank you for visiting and we hope you enjoy the shows.  Please do send us your thoughts and comments.

Thank you,
Dan York and Jonathan Zar

Posted by on November 22, 2006 at 02:38 PM in Administrivia | | Comments (1) | TrackBack (0)

| |

April 30, 2013

New Blue Box episodes coming...

Last week I recorded the first "Blue Box: Special Edition" interview that I have recorded in several years... and so I just wanted to give anyone reading the heads-up that a new episode may be appearing in your RSS feed soon - after a 3.5 year hiatus! :-) We're not bringing back the full show... yet, anyway... but I have a couple of interviews relating to VoIP security that I'm going to run through the Blue Box podcast feed. I hope you enjoy them... and if you have ideas for interviews you think I should consider, please feel free to send me email (although be warned I don't check it all that regularly so a response may be a bit delayed).

Posted by on April 30, 2013 at 03:43 PM in Administrivia | | Comments (0)

| |

September 24, 2012

Blue Box podcast episodes now back online

I'm pleased to note that all Blue Box podcast episodes are now available again.  As I mentioned yesterday, it was purely an administrative issue with the payment method.

For those curious, this show is a prime example of the "Long Tail" of content on the Web - even though we haven't produced a new "real" show since #85 on October 23, 2008, we still see anywhere from 30-100 downloads of various Blue Box shows every day.  People are finding the show through various search terms and listening to the episodes.  

Perhaps somewhat sadly this is also a commentary on how relevant some of the same VoIP security issues we discussed from 2005-2008 still are today in 2012!

My apologies, again, to anyone who tried listening over the past weekend when the show was offline.  Thank you for the interest and for I hope that you find our past episodes educational and useful.

Posted by on September 24, 2012 at 09:46 AM in Administrivia | | Comments (0) | TrackBack (0)

| |

September 23, 2012

Blue Box episodes temporarily unavailable

UPDATE 9/24/2012 - All Blue Box episodes are now back online.

If you are trying to listen to any of our old Blue Box shows, unfortunately it seems I missed an email alert and the payment method expired for the service I use to host the media files. I am in communication with their billing department now and expect to have the matter cleared up tomorrow with the shows available again.

My apologies to anyone who was trying to listen to one of the shows. I will get them back online as soon as I can.

Posted by on September 23, 2012 at 09:47 PM in Administrivia | | Comments (0) | TrackBack (1)

| |

July 15, 2010

Dan's new book: Seven Deadliest Unified Communications Attacks

Seven Deadliest UC AttacksFor those of you listening to Blue Box, you may be interested to know that I (Dan) recently wrote a book for Syngress called the "Seven Deadliest Unified Communications Attacks". In the book, I discuss the common theme that Jonathan and I have talked about on the show of needing to look at communications security at a higher-level, more "holistic" level. It's not enough just to think about the security of your IP-PBX... you also have to think about the security of your mail servers, your firewalls, your databases, etc.

You also have to think beyond voice to also including instant messaging/IM, video, presence, mobile devices and more. And... you have to think about them in the context of a globally-distributed IP infrastructure.

Information about the book and links to resources mentioned in the book are available from the books website:

www.7ducattacks.com

I have also posted links there to two podcast interviews I've done related to the book:

I am working on getting permission to run those both as Blue Box Special Editions (I have approval on the VUC session).

In many ways, much of the book came out of the three years of great conversations that Jonathan and I had with so many of you - and I have to thank all of you who have participated in the Blue Box community over the years for your questions, your comments and all the feedback. I hope you will find that this book continues that dialogue and discussion about how to secure our communications networks.

If you found this post interesting or useful, please consider either subscribing to the RSS feed or following BlueBox on Twitter.

Posted by on July 15, 2010 at 11:49 AM in Books, VoIP Security | | Comments (0) | TrackBack (0)

| |

October 22, 2009

Blue Box #86: An Update on Blue Box, One Year Later

Synopsis: Blue Box #86: Dan and Jonathan provide an update on what's happened in the year since Blue Box #85 and talk a bit about what's next

Welcome to Blue Box: The VoIP Security Podcast #86, a 19-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 9 MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

  • 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long!
  • Dan and Jonathan discuss what has happened in the past year and why there have not been new shows.
  • Discussion of what some of the main issues in VoIP security have been over the past year.
  • Mention that fugitive Edwin Pena was extradited back to the US and arraigned in New Jersey court last Friday
  • Mention of the recent traffic on the VOIPSEC public mailing list
  • Wrap-up of the show
  • 19:38 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-415-830-5439 or via SIP to '[email protected]' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

If you found this post interesting or useful, please consider either subscribing to the RSS feed or following BlueBox on Twitter.

Posted by on October 22, 2009 at 12:47 PM in Blue Box, Podcasts, VoIP Security | | Comments (0) | TrackBack (0)

| |

April 07, 2009

Testing twitter integration with TypePad

Just testing Twitter integration... I have a growing suspicion that TypePad only notifies Twitter if you write your post online using TypePad's interface.  But of course, I don't.  I write almost all my posts offline using the MarsEdit editor.  Let's see if this shows up in http://twitter.com/blueboxpodcast

Posted by on April 07, 2009 at 09:21 AM in Administrivia | | Comments (0) | TrackBack (0)

| |

Blue Box is now on Twitter... and new shows *are* coming...

FYI, if you use Twitter, you can now find out when new shows are out and/or interact with Jonathan and I by following us at:

http://twitter.com/blueboxpodcast

And yes, new shows are on the way. I've been a wee bit busy with a recent job role change and Jonathan's had some crazy times on his end as well... but soon... real soon...

Posted by on April 07, 2009 at 08:54 AM in Administrivia, Blue Box | | Comments (0) | TrackBack (0)

| |

March 09, 2009

eComm 2009: Dan, Jonathan and Martyn together for the first time

Last week at the Emerging Communications Conference (eComm) 2009 in San Francisco, a remarkable event happened: Jonathan Zar, Martyn Davies, and I (Dan York) all wound up at the same place at the same time. Over the 3.5 years since we started Blue Box back in October 2005, Jonathan and I have met at events, Martyn and I have met and Jonathan and Martyn have met. But the three of us had never been together at the same place.

Now the particular place we met was a "Dev Dinner" hosted by (my employer) Voxeo after the end of eComm - and we had some great conversations along with the food. Martyn produced his camera and we did record the actual event:

bluebox-at-ecomm2009.jpg

Alas, it was too noisy there for us to do any actual recording, but it was great to have all three of us there. For those who may not recall the history, Martyn was one of our earliest listeners and is the person who provided both the image that we use for Blue Box (in iTunes, in the MP3 file, etc.) and also the music that we use for the intro and outro. He's also guest-hosted several times and contributed a couple of interviews over the years.

P.S. And yes, Jonathan and I will be getting some more shows out...

Technorati Tags: , , , , , , ,

Posted by on March 09, 2009 at 08:45 AM in Blue Box, Conferences | | Comments (0) | TrackBack (0)

| |

January 23, 2009

Speaking on "SIP Trunking and Security" at ITEXPO in Miami Feb 3rd

ITEXPO-East-logo-2.jpgIf you will be in Miami at ITEXPO February 2-4 you are welcome to attend a free "SIP Trunking And Security" session I (Dan York) will be doing as part of Ingate Systems' SIP Trunking Workshops. The SIP trunking workshops are free to all attendees even if you only register for an exhibit pass.

My session will be 11:15-12:30 on Wednesday, February 3rd, and if you do attend please feel free to come up and introduce yourself (or drop me a note in advance to let me know to look out for you). I'll be bringing my recording gear, too, and the talk will eventually go out in my Blue Box Podcast feed so you will be able to hear it later.

P.S. If you are attending ITEXPO and your company makes a product or provides a service related to VoIP security, please feel free to let me know and perhaps we can schedule an interview to go out as a Blue Box Special Edition.

Technorati Tags: , , , , , , , ,

Posted by on January 23, 2009 at 08:51 AM in Conferences, VOIPSA | | Comments (0) | TrackBack (0)

| |

November 18, 2008

FYI - "Security Bloggers Network" in transition... stay tuned...

For those of you who may be used to reading this blog through the "Security Bloggers Network" set up originally by Alan Shimel, you need to be aware that the "SBN" is going through a transition. As Alan details on his blog, Google is in the process of shutting down the "Network" feature of Feedburner and as a result the page and feed for the SBN will be going away.

Alan is working on a new solution but in the meantime you may want to grab the OPML file for the Security Bloggers Network (you should then be able to import this into most feed readers). There are a lot of great security blogs out there.

Stay tuned for more information - once Alan has another solution in place I'll post an update.

Posted by on November 18, 2008 at 07:22 PM in Administrivia | | Comments (0) | TrackBack (0)

| |

October 27, 2008

RSS feed back...

It looks like FeedBurner finally refreshed its DNS info and the RSS feed is back in action. My apologies for the interruption. Please do let me know if there is anything else strange going on with the website or feed. Thanks.

Posted by on October 27, 2008 at 03:24 AM in Administrivia | | Comments (0) | TrackBack (0)

| |

October 26, 2008

Blue Box RSS feed dead - waiting for Feedburner to update its DNS

Ah, the joys of switching domain name providers. I transferred blueboxpodcast.com from one registrar to another last week shortly before the domain name was set to expire. Unfortunately, I made one serious mistake - I didn't check the DNS nameservers for the domain at the new registrar (GoDaddy) to ensure they were pointing to the new nameservers. They weren't... they will still pointing to the old nameservers. As a result, when the domain name expired at the end of the day on Friday, the web site was no longer available and had the message that the domain name had expired.

MANY THANKS to the couple of you who contacted me on Saturday to let me know about this!

So I fixed the web site yesterday morning so that "www.blueboxpodcast.com" pointed over to TypePad, where I host this site, and that all seems to be back in action. If you type in "blueboxpodcast.com" without the "www", it was going to a generic GoDaddy page but I've set up the forwarding now so that this should now redirect you to www.blueboxpodcast.com once the DNS propagation occurs.

feedburnerlogo.jpgWhat is still dead, though, is the RSS feed... which is rather annoying since that is what podcast subscription tools like iTunes use! In working through the issues this morning, it appears to be the issue that

Feedburner is not using the updated DNS information.
The Blue Box RSS feed, which is http://feeds.feedburner.com/BlueBox is somehow pointing over to the old page. Yet the base feed for this site, http://www.blueboxpodcast.com/atom.xml resolves perfectly fine and does have the RSS information. (Please don't switch to subscribe to that one... I do like the stats I get through Feedburner.)

So it appears that I'm waiting for FeedBurner to update its DNS. I've tried all sorts of options in the FeedBurner settings, including the "Resync Feed" but nothing works because it seems that it is unable to get to the new site (because of DNS).

I've filed a help request in the FeedBurner Google Group (which appears to be the only way to get help). Hopefully FeedBurner will age out its DNS info soon and the feed will be back in action.

What I find strange, though, is that I'm 99% sure that all the DNS records had a TTL of 1 hour (and I'm 100% positive the new ones do). So my question to FeedBurner is - if that is the case, why aren't they respected the TTL settings of the domains?

I'll update this post once I have more information.

Technorati Tags: , , , , ,

Posted by on October 26, 2008 at 08:24 AM in Administrivia, Blue Box | | Comments (0) | TrackBack (0)

| |

October 24, 2008

Three years of Blue Box podcasts....

Today is a special day for me. It was three years ago on October 24, 2005, that Blue Box Podcast #1 was uploaded. It was an 11-minute episode where I talked about... Skype security, SIP security, IETF, VOIPSA and some other VoIP security news..... (Hmmm... sounds lot like our recent shows, too, eh?)

Jonathan Zar joined me a week later on Blue Box Podcast #2 and we've been going ever since. We've now produced over 112 episodes, had close to 245,000 downloads of our various shows, met some amazing people, learned a lot along the way... and hopefully helped you all learn a lot out there as well.

Thank you to all of you who have joined with us on this journey... whether you've listened to our show from the very beginning (and we know of a couple of you who have) or have only recently joined in... thank you!

And now... on to the next three years... :-)

Technorati Tags: , , , , , , , ,

Posted by on October 24, 2008 at 10:35 PM in Blue Box | | Comments (1) | TrackBack (0)

| |

October 23, 2008

Blue Box #85: Internet phone calls and terrorism, Georgia Tech report on Emerging Cyber Security Threats, phone jamming, 802.1X-REV, 802.1AE, VoIP security news and more

Synopsis: Blue Box #85: Internet phone calls and terrorism, Georgia Tech report on Emerging Cyber Security Threats, phone jamming, 802.1X-REV, 802.1AE, VoIP security news and more

Welcome to Blue Box: The VoIP Security Podcast #85, a 32-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 15 MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to '[email protected]' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Posted by on October 23, 2008 at 03:42 PM in Blue Box, Podcasts, VoIP Security | | Comments (0) | TrackBack (0)

Tags: 802.1x, blue box, bluebox, dan york, danyork, georgia tech, jonathan zar, phone jamming, sip, skype, terrorism, uk, voice, voice over ip, voice security, voip, voip security, voipsa, voipsecurity

| |

October 20, 2008

Blue Box's 3-year anniversary coming up on Friday...

It was three years ago Friday, on October 24, 2005, that I uploaded Blue Box Podcast #1, an 11-minute show where I introduced the show, talked about VoIP security news (To no surprise, I was talking about Skype security!), some projects of VOIPSA and some other podcasts people might find interesting. A week later, on Halloween 2005, Jonathan joined me in Blue Box Podcast #2 and we were off and running...

Three years later... 84 main Blue Box episodes (with one more recorded) .... 26 Special Editions (with about 10 in the queue)... almost 250,000 downloads... we're still here and, with an admitted bit of a rough patch this summer, are still going along creating shows and enjoying what we do.

Jonathan and I are planning to record a 3-year show on this coming Friday, October 24th, and if you have any comments you would like us to include in that show, please do get them to us by the end of the day on Thursday, October 23rd. You can send them to us via:

The show started out 3 years ago as really an experiment in seeing whether or not podcasting could be used to reach out to very specific audiences... and it's been both fun, amazing and interesting to see how well it's done.

Thank you to all of you who have continued to listen and contribute over the years!

Technorati Tags: , , , , , , ,

Posted by on October 20, 2008 at 08:22 PM in Blue Box, VoIP Security | | Comments (0) | TrackBack (0)

| |

Next »

The Obligatory Photo

Contact Information

License

Full Disclosure

  • Dan York, CISSP, is the Chair of the VOIP Security Alliance (VOIPSA) and Senior Content Strategist for the Internet Society.

    Jonathan Zar is affiliated with Pingalo and is the Secretary of VOIPSA and member of the Board of Directors.

    This is a personal project and neither the Internet Society, Pingalo nor VOIPSA have any formal connection to this podcast. In the interest of transparency we just thought you should know our affiliations.

Why "Blue Box"?

  • We chose the name "Blue Box" primarily as a nod to the era of phone phreaking in part to illustrate that threats to telephony are not new - they just continue to change and evolve. That and admittedly the name just sounded cool.

Archives

Categories

Search

Promote Blue Box!

  • Add this graphic to your site!

Recent Posts

Recent Comments

Subscribe to this blog's feed