Synopsis: VoIP security news, interview with Mark Spencer of Asterisk/Digium, review of VOIPSEC mailing list.
Welcome to Blue Box: The VoIP Security Podcast show #6, a 42-minute conversation between Dan York and Jonathan Zar around news and commentary in the world of VoIP security. This show also features a 24-minute interview with Mark Spencer, the original author of Asterisk and President of Digium.
Download the show here (MP3, 40MB) or subscribe to the RSS feed to download the show automatically.
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.
This show also features a new musical intro and outro provided to us by listener Martyn Davies from the UK. Those of you who hated the previous intro of ringing phones can join us in thanking Martyn for his work. Please do let us know what you think of it!
Show Content:
- 00:23 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners.
- 01:29 - Comments section - first comment in from John Todd asking what are the primary reasons more commercial and open source VoIP systems do not currently support encryption (i.e. TLS, SRTP, etc.)
- 04:52 - Comment from Reginal Cross asking about the security of consumer VoIP systems such as Packet8.
- 08:32 - Martyn's comment and his new intro.
- 09:33 - Comment from Tom Cross that his latest Techntionary Tips contains a number of VoIP security-related items
- 10:50 - News section begins with WiFi Planet: VoIP integrated circuits - security is a concern
- 11:46 - Making Sense of VoIP Security Threats (by our upcoming guest, Bogdan Materna from VoIPShield)
- 12:30 - Australian government report on VoIP
- 13:08 - Don't believe the VoIP security hype
14:22 - Start of interview with Mark Spencer, the original author of the open source PBX Asterisk and President of Digium. Discussion on what's new, IAX encryption, SRTP bounty.
- 17:15 - Background on the creation of Asterisk
- 20:15 - Comparison to commercial PBXs and discussion of bicycle-powered PBXs in Africa
- 23:05 - How do you deploy Asterisk securely?
- 23:53 - What is the IAX protocol? How is it different?
- 27:17 - Patents and intellectual property
- 28:18 - What's next for Asterisk and discussion of open source aspects
- 31:41 - Economics of Digium - could Digium exist without Asterisk?
- 33:54 - Competition with other PBXs?
- 35:03 - The new Asterisk 1.2 release and roadmap
- 37:23 - Interview wrap-up... how developers can help and final thoughts
- 38:29 - Review of the last week's traffic on the VOIPSEC public mailing list. Major topics this week included continued discussion of the insecurity of WiFi networks, mention of the Australian government report, a discussion of whether DKIM could be used for securing SIP.
- 39:19 - Request for feedback - Do you find this VOIPSEC review section of the show useful? Please send comments to
- 40:04 - Miscellany - looking for suggestions for the lists of VoIP podcasts and VoIP security books currently on the side of the podcast weblog
- 40:37 - Wrapup of the show and information about how to provide comments.
- 41:41 - End of show
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.
Thank you for listening and please do let us know what you think of the show.
Recent Comments