Synopsis: Cisco SIP security vulnerabilities, VoIP security hype, SPIT, OpenID, other VoIP security news and more...
Welcome to Blue Box: The VoIP Security Podcast #51, a 35-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.
NOTE: This show was originally recorded February 7, 2007.
Download the show here (MP3, 16MB) or subscribe to the RSS feed to download the show automatically.
You may also listen to this podcast right now:
Show Content:
- 00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners - and to all those listeners who have been here for so long! Discussion of bandwidth in Japan and Asia.
- 03:13 - Programming notes
- Podcasts by phone is back up with new number - +12183398544
- 3:53 - Cisco Security Advisory: SIP Packet Reloads IOS Devices Not Configured for SIP – note also that Cisco is now using CVSS as mentioned in their (Cisco) FAQ
- 06:33 - Multiple VOIP Phones Aredfox PA168 Chipset Session Hijacking Vulnerability
- 09:26 - InfoWorld NL: Hype versus reality in VoIP security
- 13:37 - ITWire: NEC’s VoIP spam detector turns Turing Test on its head and also Engadget: NEC invents 99 percent effective SPIT catcher and also ZDNet: VoIP spam tipped to rocket
- 16:49 - IIS Zone: What To Do When SPIT Hits The Fan (sponsored by Verisign)
- 18:59 - Network World: Expert: Phishing and other social attacks threaten VoIP (Dave Endler)
- 20:23 - CommsDesign: VoIP security: Scenarios, challenges, and counter measures—Part I
- 21:11 - CompTIA: Concerns Over IP Telephony Security Still Present in SMB Market, CompTIA Study Reveals – see also vnunet article and techtarget (sent in by Rhodri Davies)
- 23:49 - Aswath: Extending OpenID Authentication Scheme for Communication Systems
- Comment from Shlomo Dubrowin about OpenID
- 29:09 - darkreading: FBI Faces Fresh Cyber Threats
- 29:36 - CRN: CRN Poll: No concerns around VoIP adoption (sample size?)
- 30:06 - Press Releases
- Eyeball Intros AnyFirewall Engine (sent in by Craig Bowser)
- 31:18 - Hudson Barton has a new blog Borderless Communications with a VoIP Security Bulletins page
- 31:35 - Dr. Richard Zhao Liang has relocated his blog to http://sbin.cn/blog/ because of issues accessing Wordpress.com from within China His Chinese blog is still at http://blog.zhaol.cn/
- 32:07 - Rodolfo Rosini’s company has changed its name to CellCrypt and raised $3.1M in financing
- 32:22 - Comments will be held until next week.
- 32:35 - Review of the last week's traffic on the VOIPSEC public mailing list
- 32:51 - Wrap-up of the show
- Dan's going to Cairo the week of March 19th - any listeners out there?
- Reminder that you can subscribe to the show via email as well as RSS
- 35:54 - End of show
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-2583 or via SIP to '[email protected]' to leave a comment there.
Thank you for listening and please do let us know what you think of the show.
Hi there! Congrats for the show guys, it's really great.
Just wanted to point out that you don't need to sniff the traffic to exploit BID 22191 (PA168 session hijack). All that is required is that a super user establishes a session with the device (authenticates). At that point an attacker can hijack the admin's session from ANY IP address. Of course, this can be automated by repeatedly sending a "evil" superuser request (as shown in the PoC script).
The "evil" request will dump the device's config settings, including superuser passwords in the clear. So to clarify, no sniffing is required :D
Keep the hard work!
Posted by: Adrian P. | July 05, 2007 at 09:08 PM