Blue Box: The VoIP Security Podcast

Synopsis: IMS security interview, VoIP security news, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast show #35, a 71-minute podcast  from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This show also includes a 25-minute interview with Miguel Garcia about IMS security.

NOTE - Due to production issues, this show is coming out after show 36 and about a month after it was originally recorded.  We do sincerely apologize for the delay!  Please note also that also that the audio comment line number is wrong in the recording.  As noted on the show website, the new number is +1-206-350-2583.

Download the show here (MP3, 65MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-350-2583 (new comment phone number!) to leave a comment there.

 Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.
• 01:45 - Programming notes - Black Hat, Fall VON
• 02:53 - Discussion about IETF 66 meeting
• 06:28 - Cisco Security Advisory: Multiple Cisco Unified CallManager Vulnerabilities  (interesting especially because of the SIP URL buffer overflow)
• 10:17 - SipFoundry sipXtapi vulnerability
• 11:05 -VOIPSA Blog: Skype protocol cracked? pointing to: VuNet , NetworkWorld , TechWorld , SecurityProNews but no mention in Skype security blog  – also Skype Journal and TechCrunch and GigaOM and Webtown – Jan in Malaysia
• 18:42 - VoIPWiki blog (Charlie Paglee): Supernoded! 
• 20:35 - Dan’s blog: Skype on a USB stick… – and Ken Camp’s response
• 24:26 - PBS - I,cringely: The Skype is Falling: Even Viral Networks have to Function in a Real World (tip of the hat to Jan in Malaysia – If all 6.1 million Skype users tried to talk at the same time, it would probably bring down the system.)
• 27:07 - Skype Podcast episode on security
• 27:50 - VOIPSA Blog: FBI Drafting CALEA Expansion Legislation
• 30:56 - Senator Ted Stevens and Net Neutrality - Jeff Pulver Blog: A Cataract-Eyed Vision of an Internet-disabled Future and Bruce Stewart at Emerging Telephony: The Internet as Tubes?  (audio can be heard here )
• 32:42 - Business Week: The Phone is the latest Phishing Rod, VoIPNews: VoIP Phishing Scams – Don’t Get Hooked! (and VoIPSA Blog ), VoIP Lowdown: Your next VoIP call may just ‘vish’ you doom
• 33:58 - Business Week CEO Guide to Technology
• 34:50 - TechWorld UK: The security pitfalls of VoIP
• 35:16 -ComputerWorld: Hunting for Hussein’s fibre-optic cable in Iraq
• 36:28 - News releases:  CheckPoint VPN-1
• 36:35 - Security Researchers to Demonstrate 25 New Tools and 15 New Exploits at Black Hat USA and Over 1000 Government Agents and Corporate Security Professionals to Attend Black Hat
• 37:02 - Call for papers for PacSec – November 29, 30 in Tokyo
• 37:15 - Upcoming shows:
  • August 8-10, Santa Clara, CA, 3rd Annual VoIP Developer Conference
  • August 21-24, San Francisco, VoiceCon Fall 2006
  • (new) - Show in Asia that Jonathan will be attending - details coming soon
  • Sept 11-14, Boston, MA, Fall VON 2006
  • Sept 18-22, New York, Interop
  • Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
  • Oct 25-26, Rome, Italy, VON Italy
  • Nov 6-9, Berlin, Germany, VON Europe Autumn
  • Nov 29-30, Tokyo, Japan, PacSec
  • Dec 4-6, Atlanta, GA, VON Enterprise
• 37:55 - Feature interview with Miguel Garcia about security in the IP Multimedia Subsystem (IMS) framework
  
  • Miguel's background
  • His book on IMS
  • Basic security concepts in IMS
  • Authentication
  • Integrity protection
  • Encrypting RTP
  • Convergence of voice and data
  • What's next for security within IMS?
  • References: Wikipedia, SIP Center, 3GPP Specifications
• 1:05:24 - Comment (email) from Morgan Stern
• 1:06:01 - Comment (email) from Derk van der Harst
• 1:06:35 - Comment (Dan’s blog): Martyn Davies on audio quality
• 1:08:52 - Review of VOIPSEC mailing list
• 1:09:30 - Wrap-up of the show
  • Mention of our Frappr map
    
  • Mention of the conference in Asia where Jonathan will be speaking
• 1:11:11 - End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-350-2583 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.