Blue Box: The VoIP Security Podcast:

« November 2006 | Main | January 2007 »

December 20, 2006

Blue Box #47: Deflating VoIP security hype, SANS and the need for better VoIP security training, India moves to block Skype and other VoIP, Skype security, tutorials, listener comments and more...

Synopsis: Deflating VoIP security hype, SANS and the need for better VoIP security training, India moves to block Skype and other VoIP, Skype security, tutorials, listener comments and more...

Welcome to Blue Box: The VoIP Security Podcast #47, a 69-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 32MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners - and to all those listeners who have been here for so long! Special welcome to readers who found us through the new Hacking Exposed: VoIP book that was just recently released.
02:20 - Programming notes:
- sending in ident audio files
- SanDisk Cruzer disks (with U3 software)
- Blue Box dinner - photo by Martyn Davies
- Security Podcast Network
- SE #14- Interview with Ken Camp
09:19 - VoIP News: Voip Security ‘Best Practices’ Project Launches
09:41 - Voice of VOIPSA: The Register – Open Season for hackers
11:08 - SearchSecurity.com: Better VoIP training needed, SANS director says – see also Eric Chamberlin at Voxilla: VoIP Security: Stop Everything – also launched a VoIP security forum
18:30 - Economic Times (India): Illegal Web calls by BPOs face axe – see also 21Talks: India outlaws Skype, Yahoo and others
22:13 - British Computer Society: Skype – How safe is it? (sent in by both Martyn Davies and Rhodri Davies)
24:01 - Electronic Engineering Times: IP phone providers must focus on security, says report pointing to In-Stat report – VoIP Security: Preparing for the Evolving Threat – it can be yours for only $2,995 – see also In-Stat press release: Business VoIP Users Must Focus on Security
27:28 - b5media: Interview with PGP founder Phil Zimmermann: Zfone, secure VoIP media encryption software
29:41 - eWeek: Outlook 2007:VoIP
31:22 - The Age (Australia): Hackers ‘to target VoIP users’
32:39 - Greatreporter.com: VoIP wiretapping widespread, warns Scanit
34:16 - TMC.net: SPIT: Bringing Spam to Your Voicemail Box (by Bogdan Materna)
37:18 - Image and Data Manager (Australia): IM and VoIP Still Not On Security Radar
38:17 - InfoWorld ZeroDaySecurity Blog: Is social engineering always used to commit fraud?
45:16 - ZDNet UK: Weigh the pros and cons of VoIP over wireless
45:42 - Voice of VOIPSA: Security through Obscurity by Martyn Davies about the conf he attended
46:09 - Voice of VOIPSA: Cell phones, GPS location and Amber Alerts by Shawn Merdinger
47:28 - Voice of VOIPSA: IronGeek Hacking Tutorial Videos by Shawn Merdinger
48:32 - Enterprise VoIPPlanet: The VoIP Peering Puzzle: The IETF SPEERMINT Architecture
Dialogic Expands IP Media Gateway Product Line (Martyn Davies works there… note the VoIP security mention later in the release)
51:24 - comment (audio) from “the man from California” about Click-to-Call
54:01 - comment (email) from Shawn Merdinger about Click-to-Call
56:20 - comment (email) from Raul Siles (just about BP project)
57:06 - comment (email) from Yiannis Miliaresis about podcast in Greece and iptelephony.gr
58:27 - comment (email) from Julien Goodwin about CBR article
58:57 - comment (email) from Alan Garwood about mini-poll on Infosecurity Europe web page
60:16 - comment (email) from Shlomo Dubrowin about BP project
61:19 - comment (blog) from Mark Collier
62:29 - comment (email) from Frank Leonhart about BBP dinner
63:29 - comment (email) from Mike Bailey asking a question about Skype installation
64:20 - comment (email) from Dion Rowney about recorder
67:30 - Review of the last week's traffic on the VOIPSEC public mailing list
68:23 - Wrap-up of the show
- Reminder that you can subscribe to the show via email as well as RSS
- Mention of our Frappr map
69:49 - End of show

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-2583 or via SIP to '[email protected]' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

P.S. We didn't mention the "upcoming shows", but here is the list we have been maintaining:

Jan 23-26, 2007, Ft. Lauderdale, FL, Internet Telephony Conference and Expo – East
Feb 5-9, 2007, San Francisco, CA, RSA Conference 2007
Feb 27-Mar 1, 2007, San Francisco, Emerging Telephony 2007
Mar 1-2, 2007, London, EUSecWest
Mar 19-21, 2007, San Jose, CA, Spring 2007 VON
Mar 23-25, Washington, DC, ShmooCon ‘07
Apr 16-20, Vancouver, BC, Canada CanSecWest 2006

Posted by Dan York on December 20, 2006 at 03:41 PM in Podcasts, VoIP Security, VOIPSA | Permalink | Comments (2) | TrackBack (2)

Tags: blue box, bluebox, india, SANS, security, skype, skype security, voip, voip security, voipsa, voipsecurity

December 13, 2006

Blue Box SE #14: Interview with Ken Camp, speaker, author, VoIP blogger and more

Synopsis: Interview with Ken Camp, speaker, author, blogger, consultant and host of the Realtime / Unified Communications Community

Welcome to Blue Box: The VoIP Security Podcast Special Edition #14, a 19-minute podcast where Blue Box host Dan York interviews Ken Camp of the Realtime/Unified Communications Community.

Download the show here (MP3, 8MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

In this special edition, Dan York sat down with Ken Camp out at the Internet Telephony conference in San Diego in October 2006 to talk about what Ken is doing. Ken is a speaker, author, blogger, independent consultant and is also the host of the Realtime/Unified Communications Community, which consists of a website, podcast, blog, web forums, document database and more. Ken's also just a great guy and is very literate in security matters. At the Internet Telephony conference, he was moderating multiple panel sessions on VoIP security, including one in which Dan is a panelist.

During the interview, Ken spoke about the sessions there at Internet Telephony, his background, what he's doing with the Realtime / Unified Communications Community and more. To read more about what Ken is doing, you can visit:

Digital Common Sense, Ken's blog
the Realtime Unified Communications Community

We appreciate Ken taking the time to speak with us and hope you all enjoy the interview as well.

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on December 13, 2006 at 03:52 PM in Podcasts, VoIP Security | Permalink | Comments (0) | TrackBack (1)

Tags: ken camp, security, unified communications, voip, voip security, voipsa

December 05, 2006

Blue Box #46: Google click-to-call, Bluetooth, Skype secuity, VOIPSA Best Practices project, VoIP security news, listener comments and more

Synopsis: Google click-to-call, Bluetooth, Skype secuity, VOIPSA Best Practices project, VoIP security news, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast #46, a 49-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 23MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners - and to all those listeners who have been here for so long!
02:09 - Programming notes and discussion of Blue Box Dinner in London on Dec 7th.
03:45 - Voice of VOIPSA: Click to Harrass (Dustin Trammell about Google Click-to-call and then my response)
12:25 - Voice of VOIPSA: Mobile phone insecurities and snakes on a plane (Shawn Merdinger)
14:09 - Voice of VOIPSA: Security meets flexibility (Martyn Davies)
14:32 - Network World: Secure caller ID for VoIP (by Jonathan Rosenberg of IETF fame)
15:34 - SearchSMB.com: Secure VoIP in simple steps (From Rodri Davies) Note that article author has security blog.
16:40 - ITwire Australia: Skype bugging your network? Here’s how to squash it
17:31 - Ken Camp: Skype on the Thumbdrive? Not When it Violates Company Policy
21:39 - Jan in Malaysia: How to log your local Skype (Jan continues his Skype security explorations)
22:28 - Dangerously Irrelevant: Advising, webcams and Skype (about a UMinn prof who runs into uni policy about using Skype)
24:30 - SouthBendTribune.com: New bait for ‘phishing’ scams
25:21 - ComputerWorld New Zealand: Bank of America rolls out VoIP – with some pain
27:14 - ZDNet India: Juniper and NEC announce joined network solutions
28:15 -The Register: Computer Misuse Act could ban security tools
28:43 -VONaLink ScreenPop – New VoIP Caller ID Software Released
29:18 -Irdeto IPTV security solution successfully completes rigorous audit by respected security experts
30:21 - Telecoms Korea: VoIP susceptiple to Spam (subscription required)
31:08 - Upcoming shows:
- Dec 4-6, Atlanta, GA, VON Enterprise
- Dec 5, London, UK, Secure Mobile Computing
- Jan 23-26, 2007, Ft. Lauderdale, FL, Internet Telephony Conference and Expo – East
- Feb 5-9, 2007, San Francisco, CA, RSA Conference 2007
- Feb 27-Mar 1, 2007, San Francisco, Emerging Telephony 2007
- Mar 1-2, 2007, London, EUSecWest
- Mar 19-21, 2007, San Jose, CA, Spring 2007 VON
- Mar 23-25, Washington, DC, ShmooCon ‘07
- Apr 16-20, Vancouver, BC, Canada CanSecWest 2006
32:25 - Feature segment - impending launch of VOIPSA Best Practices project page
- More on the impending launch
37:14 - comment (audio) from Jamie Brody (?) from Truphone
39:53 - comment (email) from Richard who writes hi2005.wordpress.com and has excellent acronym lists: Resources, Security Acronyms and Telecom Acronyms
40:52 - comment (email) from Ross Chason about two-factor identification in phones
42:10 - comment (email) from Simon Wood ho points to list of spoken phrases for speech quality at the Open Speech Repository
43:46 - comment (email) from Paul Asadoorian about pen-test email list discussion
45:04 - comment (email) from Rhodri Davies
46:08 - comment (email) about how to protect a network
47:30 - Review of the last week's traffic on the VOIPSEC public mailing list
48:09 - Wrap-up of the show
- Reminder that you can subscribe to the show via email as well as RSS
- Mention of our Frappr map
49:14 - End of show

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on December 05, 2006 at 03:42 PM in Podcasts, VoIP Security, VOIPSA | Permalink | Comments (1) | TrackBack (0)

Tags: blue box, bluebox, bluetooth security, google, phishing, security, skype, skype security, voip, voip security, voipsa, voipsecurity

December 01, 2006

Blue Box Dinner - Thursday, Dec 7th, London, UK

Given that I (Dan) am going to be over in London in the United Kingdom next week to speak at a Mitel reseller event, we thought we might do a little dinner with Blue Box listeners / VOIPSEC readers. Martyn Davies is helping and there are already several people coming. So if the thought of hanging out with some other folks interested in VoIP security is of interest, the details are as follows:

DATE: Thursday, December 7, 2006
TIME: TBD, but probably 6 or 7pm-ish
WHERE: Either "Belgo" or "Kettner" in the Soho - Covent Garden area (see the comments for more info)

I'll update this entry as we finalize info, but if you are interested in attending, please do drop an email to [email protected] with the subject "London Blue Box Dinner" so that we can get an estimate of how many people will be attending. Looking forward to meeting some of our UK listeners!

Posted by Dan York on December 01, 2006 at 02:32 PM in Blue Box Dinners | Permalink | Comments (3) | TrackBack (1)

Tags: blue box, bluebox, voip, voip security