Blue Box: The VoIP Security Podcast:

« September 2006 | Main | November 2006 »

October 27, 2006

Blue Box SE #13: "VoIP Security Best Practices" panel at Internet Telephony Fall 2006

Synopsis:"VoIP Security Best Practices" panel at the Internet Telephony Exposition West 2006, October 13, 2006, San Diego, CA, USA.

Welcome to Blue Box: The VoIP Security Podcast special edition #13, a 59-minute podcast of the "VoIP Security Best Practices" panel presented at the Internet Telephony Expo on Friday, October 13th, in San Diego, California, USA.

Download the show here (MP3, 27MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Participating in the panel were:

Ken Camp (Moderator), Speaker - Author - Consultant IP Adventures
Dan York, Mitel
Shahadat Khan, Eyeball Networks
Jonathan Weiss, Lucent
Micaela Giuhat, Sipera Systems
Tom Gilheany, Nortel

This is the second of several panel presentations we will be making available from the Internet Telephony conference. We thank Rich Tehrani and the rest of the TMCNet staff for allowing us to record the sessions. Thanks also to Ken Camp for his assistance and to the panelists who gave their permission to be recorded as well.

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-2583 or via SIP to '[email protected]' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on October 27, 2006 at 10:43 PM in Conferences, Podcasts, VoIP Security | Permalink | Comments (0) | TrackBack (0)

Tags: best practices, eyeball networks, ken camp, lucent, mitel, nortel, sipera, voip, voip security, voipsa, voipsecurity

October 24, 2006

Blue Box #43: 1-year anniversary show! VoIP security, Skype security... and video cameras on the Eiffel Tower?

Synopsis: One-year anniversary of the show - VoIP security news, Skype security, phishing, video cameras on the Eiffel Tower, service providers and security, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast #43, a 37-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 17MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners - and to all those listeners who have been here for so long!.
01:55- Programming notes: looking for "best" episodes for CD, schwag for Cafe Press, and notes about upcoming shows and panels
02:34 - Dan will be speaking about VoIP security at a GSA Conference in Boxborough, Mass., on Thursday, October 26th.
03:19 - LinuxWorld.au: Business VoIP: Golden Egg Hidden in Services, Says IDC
04:45 - Sydney Morning Herald: Something’s phishy
05:27 - CommsDesign: Ensure successful VoWLAN: Understand security in VoIP networks
06:21 - xchange online: VoIP Security Threats: It’s not If, It’s When
07:48 - Ars Technica: Jordan bans, then unbans Skype
09:28 - Jan in Malaysia: The total madness and insecurity issues of the current public Skype.exe and why no corporation should implement it just like that.
11:32 - Jan also has: Security, privacy, Trust and Safety where he points to the Skype Forum where the issues are discussed
12:21 - TMC.Net: Telstra Goes Global
13:27 - TMC.Net: Japanese Insurance Provider Implements NICE’s VoIP Solutions
15:45 - Foundry Networks Converged Voice and Data Switches Receive Department of Defense VoIP Certification
16:42 - 3Com Advances Secure Enterprise Mobility with New Wireless Voice over IP Telephone (see also CIO blog )
17:22 -VOIP Calling: Crucial Issues Regarding Security
18:08 - Feature segment talking about 1 year in the life of a podcast
- Thoughts about the community, shoutouts to those who have been a part, statistics
- Thoughts on what we'd like to do in the next year of the show
- What would you like us to do in our second year of the show?
16:51 - comment (email) from Natas about dial in to BBP stats
29:09 - comment (email) from Martyn Davies with shoutouts to people he met at IP'06
30:23 - comment (email) from Leslie Asamoa-Krodua about Jajah and asking about the security of it
32:58 - comment (email) from whitehat about High-tech school security
33:57 - Review of the last week's traffic on the VOIPSEC public mailing list
35:45 - Wrap-up of the show
- Reminder that you can subscribe to the show via email as well as RSS
- Mention of our Frappr map
37:24 - End of show

FYI, we seem to have skipped the "Upcoming Shows" part of the show that we regularly do, but here is the list of upcoming shows as we currently have it:
- Call for papers for:
- ETel 2007 CFP now open – CFP winding down
- EUSecWest CFP – Mar 1-2, 2007, London
- ShmooCon 07 CFP open to Dec 1
- Oct 25-26, Rome, Italy, VON Italy
- Nov 6-9, Berlin, Germany, VON Europe Autumn
- Nov 29-30, Tokyo, Japan, PacSec 2006
- Dec 4-6, Atlanta, GA, VON Enterprise
- Jan 23-26, 2007, Ft. Lauderdale, FL, Internet Telephony Conference and Expo – East
- Feb 5-9, 2007, San Francisco, CA, RSA Conference 2007
- Feb 27-Mar 1, 2007, San Francisco, Emerging Telephony 2007
- Mar 1-2, 2007, London, EUSecWest
- Mar 19-21, 2007, San Jose, CA, Spring 2007 VON
- Mar 23-25, Washington, DC, ShmooCon ‘07
- Apr 16-20, Vancouver, BC, Canada CanSecWest 2006

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on October 24, 2006 at 03:02 PM in Podcasts, VoIP Security, VOIPSA | Permalink | Comments (1) | TrackBack (0)

Tags: 3com, foundry, ISS, skype, skype security, telstra, voip, voip security, voipsa

October 23, 2006

Blue Box #42: The Rant edition - the ticking time bomb of VoIP service provider insecurity, Skype security, Swiss government and spyware, listener comments and more

Synopsis: Dan's caffeine-fed rants on the insecurity of VoIP service providers, Middle East governments are no longer blocking Skype, the Swiss government is considering using spyware to eavesdrop on VoIP, TOR is a good thing, listener comments and much, MUCH more

Welcome to Blue Box: The VoIP Security Podcast #42, a 37-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

NOTE: This episode's severe laughter can only be attributed to the very strong cup of tea Dan purchased somewhere near the VT border while driving to Ottawa in the dark and heavy rain. It is very different from any other show we've done before - and probably will do in the future.

Download the show here (MP3, 17MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners - and to all those listeners who have been here for so long!.
01:50- Programming notes: looking for "best" episodes for CD and mention of Martin McKeay's Network Security Podcast #47, where he has a fascinating interview with the executive director of the Tor Project
04:28 - Internet Telephony conference review – mention of upcoming interviews and also the photo album from the show
05:55 - Rant about lack of security from VoIP service providers as demonstrated at the Internet Telephony "Service Provider Face-Off" (We would dearly like to hear from some VoIP service providers who are including security!)
15:18 - Rant about Secunia alert about Avaya vulnerability
18:26 - TMC.Net: A ‘Bullet-Proof’ VoIP System
19:19 - Swiss government considers spyware to track VoIP (Register , TechWorld UK ) – sent in by Craig Bowser
20:48 - AMCE Packet goes IPO - Bloggingstocks – MarketWatch – Yahoo!Finance
22:15 - VNUNet – Technology multiplies business risk
22:53 - The London Times – TruePhone announces VoIP calling on Nokia N80, free until end of year
23:38 - Kaleej Times Dubai may relax prohibition on PC - to phone VoIP

24:11 - Skype Journal: Skype Restored in Jordan
24:50 - Covergence Teams up with BroadSoft to Help Service Providers
25:15 - TMC - SixApart LiveJournal service adds web based SIP dialing using Gizmo
26:02 - Upcoming shows:
Call for papers for:
- ETel 2007 CFP now open – CFP winding down
- EUSecWest CFP – Mar 1-2, 2007, London
- ShmooCon 07 CFP open to Dec 1

Shows:

Oct 25-26, Rome, Italy, VON Italy
Nov 6-9, Berlin, Germany, VON Europe Autumn
Nov 29-30, Tokyo, Japan, PacSec 2006
Dec 4-6, Atlanta, GA, VON Enterprise
Jan 23-26, 2007, Ft. Lauderdale, FL, Internet Telephony Conference and Expo – East
Feb 5-9, 2007, San Francisco, CA, RSA Conference 2007
Feb 27-Mar 1, 2007, San Francisco, Emerging Telephony 2007
Mar 1-2, 2007, London, EUSecWest
Mar 19-21, 2007, San Jose, CA, Spring 2007 VON
Mar 23-25, Washington, DC, ShmooCon ‘07
Apr 16-20, Vancouver, BC, Canada CanSecWest 2006

27:38 - comment (email) from Martyn Davies about sound quality
32:46 - comment (email) from Shlomo Dubrowin
32:20 - comment (email) from Craig Bowser
32:39 - comment (email) from Shawn Merdinger
33:35 - Review of the last week's traffic on the VOIPSEC public mailing list
35:04 - Wrap-up of the show
- Reminder that you can subscribe to the show via email as well as RSS
- Mention of our Frappr map
37:01 - End of show

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on October 23, 2006 at 11:54 PM in Podcasts, VoIP Security, VOIPSA | Permalink | Comments (1) | TrackBack (0)

Tags: acme packet, covergence, skype, skype security, tor, voip, voip security, voipsecurity

October 17, 2006

Blue Box SE #12: "Intro to VoIP Security" panel at Internet Telephony Fall 2006

Synopsis:"Intro to VoIP Security" panel at the Internet Telephony Exposition West 2006, October 13, 2006, San Diego, CA, USA.

Welcome to Blue Box: The VoIP Security Podcast special edition #12, a 51-minute podcast of the "Intro to VoIP Security" panel presented at the Internet Telephony Expo on Friday, October 13th, in San Diego, California, USA.

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Participating in the panel were:

Ken Camp (Moderator), Speaker - Author - Consultant IP Adventures
Emmitt Wells, Security and Communications Practice Manager, Getronics
Eric Rasmussen, Juniper Networks
Tom Gilheany, Leader, Enterprise Security Solutions, Nortel
Surya Kumar IVG, Deputy General Manager- VoIP Products and Eng, HCL Technologies

This is the first of several panel presentations we will be making available from the Internet Telephony conference. We thank Rich Tehrani and the rest of the TMCNet staff for allowing us to record the sessions. Thanks also to Ken Camp for his assistance and to the panelists who gave their permission to be recorded as well.

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on October 17, 2006 at 11:16 PM in Conferences, Podcasts, VoIP Security | Permalink | Comments (0) | TrackBack (2)

Tags: getronics, hcltechnologies, IPadventures, juniper, nortel, security, voip, voip security, voipsecurity

October 09, 2006

Blue Box #41: Skype vulnerability, Skype security, VoIP security news, listener comments and more

Synopsis: Skype security advisory, vulnerabilities in multiple vendor's VoIP phones, more Skype security news, VoIP security, listener comments and much more

Welcome to Blue Box: The VoIP Security Podcast #41, a 42-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 17MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners.
02:08 - A brief bit about the audio path Dan uses to record the show.
04:12 - Discussion of the Podcast and Portable Media Expo. Mention of Michael Santarcangelo of Security Catalyst and Martin McKeay of Network Security Podcast.
08:15 - Dan was part of a Security Roundtable podcast on VoIP security.
09:29 - Ken Camp posted a list of IT security podcasts that a friend of his put together.
10:00 - Programming notes - 1-year anniversary show coming up October 24th – probably recorded on 20th, so if you have a segment or comments you would like to give us, please get them to us by evening of Oct 19th
11:05 - Three vulnerabilities reported by Shawn Merdinger:

12:14 - Skype vulnerability for Mac OS X
13:04 - Skype Journal: SJSU: Campus OK’s Skype, for now
13:30 - Network World: Akonix appliance aims to give IT Skype controls (see also Jan in Malaysia on the same subject)
13:49 - Skype Journal: Jordon regulator blocks skype.com
14:09 - TechWorld UK: Sophos offers free application killer
14:40 - Slashdot: SIP vs. Skype, Making the ‘Open’ Choice
15:09 - Slashdot: Comcast Lying About Vonage
16:29 - IT Week: VoIP vendors slam Cisco
18:17 - TelecomWeb: BellSouth, ISS Back VoIP Security Effort – see also Ga. Tech, BellSouth, Internet Security Systems initiate VoIP security research partnership – all the more interesting because ISS recently announced it will be acquired by IBM!
20:02 - Wired News: Beguiling but Beware: AJAX, VoIP
22:24 - BBC: Security fears raised at conference
23:14 - CIO Today: Video over IP: The Next Battleground
23:57 - NY Times: Clear as a Bell One Day, Fuzzy and Garbled the Next (actual article requires subscription)
24:24 -NIST announced updated security docs (looks like a nice one on WinXP)
25:35 - Voice of VOIPSA: Hello Mom, I’m a Fake
26:54 - TippingPoint Research Director Recognized for Leadership in Voice and Security (about David Endler)
29:34 -Upcoming Shows:
- Call for papers for:
- ETel 2007 CFP now open – CFP winding down
- EUSecWest CFP – Mar 1-2, 2007, London
- ShmooCon 07 CFP open to Dec 1
- Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
- Oct 25-26, Rome, Italy, VON Italy
- Nov 6-9, Berlin, Germany, VON Europe Autumn
- (new), Nov 29-30, Tokyo, Japan, PacSec 2006
- Dec 4-6, Atlanta, GA, VON Enterprise
- Jan 23-26, 2007, Ft. Lauderdale, FL, Internet Telephony Conference and Expo – East
- Feb 27-Mar 1, 2007, San Francisco, Emerging Telephony 2007
- (new) Mar 1-2, 2007, London, EUSecWest
- Mar 19-21, 2007, San Jose, CA, Spring 2007 VON
- (new) Mar 23-25, Washington, DC, ShmooCon ‘07
- (new) Apr 16-20, Vancouver, BC, Canada CanSecWest 2006
29:46 - comment (email) from Dan Wing about blueboxpodcast.com vs www.blueboxpodcast.com
30:17 - comments (email) from Jake Neumann and Miguel Garcia about audio software
31:46 - comment (email) from Miguel Garcia about RTPSEC BOF
- Audio recording, part 1 (BOF session starts at 9 minutes 45 seconds)
- Audio recording, part 2
- RTPSEC session minutes and slides
33:20 - comment (email) from Natas about dial in to BBP
34:43 - comment (email) from Ross Snowden about topics he is interested in (including fax)
37:03 - Review of the last week's traffic on the VOIPSEC public mailing list
39:34 - Wrap-up of the show
- Reminder that you can subscribe to the show via email as well as RSS
- Mention of our Frappr map
41:57 - End of show

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on October 09, 2006 at 10:16 PM in Podcasts, VoIP Security, VOIPSA | Permalink | Comments (0) | TrackBack (0)

Tags: security, skype, voip, voip security, voipsa, voipsecurity

October 06, 2006

Listen to Blue Box episodes by phone!

As you will hear in the soon-to-be-released show #41, listener "natas" has now made it possible for you to dial a phone number and listen to any of the Blue Box "main" shows over your phone (special edition shows coming at some point soon). Simply dial:

+1-712-432-5355

and you will be prompted to enter in the number of the show you would like to listen to. You can press the "#" key to fast-forward, the "*" key to rewind, the "0" key to pause/resume and the "1" key to exit the episode and return to the main menu to listen to another episode. Obviously, when you are done you can just hang up.

Given that this is an experiment, any comments people have on the usefulness (or not) of this service would be appreciated. You can leave them here or send them in via email or audio. If you do find the service useful, I would be curious as to why... where are you or what situation are you in where calling in to listen is easier than downloading the MP3 directly and listening? I'd really like to know. (natas indicates he is doing this for some other podcasts and is having people call in.)

Many thanks to natas for setting this up and I look forward to any feedback listeners have.

P.S. For those interested, natas has a phone connection coming from a VoIP service provider into his Asterisk server where he as the IVR set up. He has uploaded (with our permission) the show MP3s onto his Asterisk server and whichever one is requested is then played for the caller.

Posted by Dan York on October 06, 2006 at 12:59 PM in Administrivia | Permalink | Comments (1) | TrackBack (0)

October 04, 2006

Security Roundtable podcast on VoIP security

FYI, I was the guest on the recent Security Roundtable podcast #5 focused on VoIP security. I gave an overview of VoIP security issues, discussed some best practices and answered numerous questions from the group of hosts. It was a wide-ranging discussion that covered Skype, recent legislation, enterprise network issues and much more. It was a fun podcast to be part of and I do appreciate the SRT team inviting my participation. If you are new to VoIP security issues in general, do give it a listen.

Posted by Dan York on October 04, 2006 at 12:35 PM in Podcasts, VoIP Security | Permalink | Comments (0) | TrackBack (0)