Blue Box: The VoIP Security Podcast:

« May 2007 | Main | July 2007 »

June 29, 2007

Blue Box #61: IETF framework to fight SPIT, VoIP security video, new tools, voip security news, listener comments and only a brief mention of the iPhone

Synopsis: Blue Box #61: IETF framework to fight SPIT, VoIP security video, new tools, voip security news, listener comments and only a brief mention of the iPhone

Welcome to Blue Box: The VoIP Security Podcast #61, a 29-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners - and to all those listeners who have been here for so long!
01:21 - Programming notes
- New special edition shows coming up very soon.
01:41 - Sipera: Many SIP vulnerabilities with softphones from AIM, MSN, Nortel and Avaya 4602SW desk phone
04:05 - Voice of VOIPSA: IETF Internet-Drafts on SPIT – Hannes Tschofenig seeking comments
- Requirements for Authorization Policies to tackle SPIT
- A Framework for reducing SPIT
07:10 - Voice of VOIPSA: Pucker Up, Part 3 – Shawn’s latest piece.
08:24 - Voice of VOIPSA: Truth in Caller ID Act passed again
09:19 - Voice of VOIPSA: We Know Where You Live
10:27 - Mark Collier has several new articles on his VoIP security blog including:
- a pointer to this VoIP Security Threats video on YouTube
- Mark’s presentation at INNUA
13:35 - ComputerWeekly.com: VoIP Security Fundamentals
14:51 - Release of rtpbreak tool
15:42 - BBC: Telephone tapping (from Frank Leonhardt)
16:55 - Fox News: Hacker Taps Cell Phone to Stalk Family
17:26 - News releases:

Mobile Voip: T-Mobile Introduces Unlimited Calling With T-Mobile HotSpot @Home

M5T Releases the M5T ZRTP SAFE VoIP Application

21:14 - Feature on status of Best Practices Project
22:06 - Upcoming shows:
- July 19-20, New York, USA, IPTComm2007
- July 22-27, Chicago, USA IETF 69
- Aug 20-23, San Francisco, CA, USA VoiceCon SF 2007
- Sept 10-12, Los Angeles, CA, USA ITEXPO West 2007
- Oct 29-Nov 1, Boston, USA, Fall 2007 VON
23:20 - comment (email) from Rhodri Davies about SIP in SANS list
24:19 - comment (email) from Frank Leonhardt about his paper and also link
24:49 - comment (email) from JP Li asking about slides for SE #16
25:36 - comment (blog) from Benny Ketelslegers about SIP botnets
27:15 - Review of the last week's traffic on the VOIPSEC public mailing list
27:58 - Wrap-up of the show
29:02 - End of show

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-2583 or via SIP to '[email protected]' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on June 29, 2007 at 05:19 PM in Podcasts, VoIP Security, VOIPSA | Permalink | Comments (1) | TrackBack (0)

Tags: blue box, bluebox, dan york, ietf, jonathan zar, security, SIP, SIP security, spit, voice spam, voip, voip security, voipsa, voipsecurity

June 16, 2007

Brief Break in Blue Box Schedule

Blue Box listeners - I'm on vacation this coming week and Jonathan has been travelling, so we're taking a brief break. We'll be back the week of June 25th with a regular show. We've also got some great Special Editions in the queue:

Martin Davies has put together a great interview show about Session Border Controllers (SBCs). I think you'll definitely enjoy this one!
New contributor Frank Leonhardt has an interview with some of the folks involved with Facetime about their new firewall that includes Skype management.
Martyn Davies also received permission to run the audio of the panel on VoIP security that he moderated at VON Europe last week in Stockholm.

I think you should enjoy them all and I'm looking forward to making them available once I'm back from vacation.

Talk to you soon...

Posted by Dan York on June 16, 2007 at 06:09 AM in Administrivia | Permalink | Comments (0) | TrackBack (0)

June 11, 2007

Update: Dan is NOT at VON Europe in Stockholm - but the Blue Box dinner will go ahead

Well, sometimes "life" intervenes in the best of plans. As I wrote on my Disruptive Telephony blog, I will now very unfortunately NOT be attending VON Europe in Stockholm. However, the Blue Box dinner planned for tonight will go ahead with Martyn Davies, Dean Elwood and about a dozen others. I've already let Martyn know that I expect to get a good recorded segment out of it for inclusion in a future podcast! :-)

As for my Thursday panel on VoIP security that Martyn is moderating, Cullen Jennings from Cisco has agreed to step in. Cullen is the IETF Area Director for real-time applications.. so essentially everything related to SIP rolls up to him, including VoIP security in the standards world. I know from our many discussions that Cullen has a very strong interest in security, so the panel discussion should be quite a good one.

I'm very disappointed that I won't be able to be there to be part of the dinner or panel, but I'm looking forward to hearing how they all go.

Posted by Dan York on June 11, 2007 at 07:55 AM in Conferences | Permalink | Comments (1) | TrackBack (0)

June 08, 2007

Blue Box #60: new VoIP security offerings from CheckPoint, VoIPShield, VoIP and business continuity, CALEA, new VoIP Security book, NAC mini-tutorial, more on botnets, listener comments and more

Synopsis: Blue Box #60: new VoIP security offerings from CheckPoint, VoIPShield, VoIP and business continuity, CALEA, new VoIP Security book, NAC mini-tutorial, more on botnets, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast #60, a 28-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners - and to all those listeners who have been here for so long!
01:15 - Programming notes
- Martyn Davies will be moderating a panel on VoIP security at VON Europe that will include Dan and others
- Blue Box dinner at the June VON show on Monday, June 11th
- We’ve recently set up a group on the Facebook social networking site for fans of the show. If you are a Facebook user, feel free to join.
02:28 - ComputerWeekly.com: Check Point promises more VoIP security, fewer slowdowns
03:35 - VoIPShield Security Suite Debuts…
- VoIPShield Security Suite Debuts at Interop Las Vegas
- Ken Camp response
- InfoWorld
05:21 - PC World: Attackers Get Chatty on VoIP
06:37 - Skype Journal: UK: Paedophiles use Skype to find and pursue likely targets
07:42 - TMC.net: VoIP Helps Increase Business Continuity Awareness
10:10 - VoIPNews: VoIP Providers Hold Their Breath as CALEA Deadline Passes
12:15 - New book coming out in August: Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures by Peter Thermos and Ari Takanen
13:38 - Voice of VOIPSA: Security: A Question of Balance
14:23 - Voice of VOIPSA: Google Launches Security Blog
14:54 - Follow-up on the Estonian botnet issue – it apparently wasn’t Russia but instead was botnet groups and Cyberattack in Estonia—what it really means
15:48 - SPIT Framework Internet-Draft - stay tuned for a URL
16:43 - News Releases:
- Covergence Announces Support for IBM BladeCenter
16:54 - Feature - mini-tutorial on NAC
20:17 - Upcoming shows:
- Dustin Trammell will be speaking at Defcon 15 about VoIP and steganography
- Ken Camp will be moderating two panels on VoIP Security at IT Expo
- June 12-14, Stockholm, Sweden, VON Europe Spring – both Martyn and I will be there… we’ll have a Blue Box dinner
- July 22-27, Chicago, USA IETF 69
- Aug 20-23, San Francisco, CA, USA VoiceCon SF 2007
- Sept 10-12, Los Angeles, CA, USA ITEXPO West 2007
- Oct 29-Nov 1, Boston, USA, Fall 2007 VON
21:32 - comment (email) from Rhodri Davies about SIP botnets
23:55 - comment (email) about analog surveillance
25:09 - comment (blog) from Security4All
25:22 - comment (blog) from Ludovic Petit that he can’t see the PDF files
25:44 - comment (facebook) from Reuven
26:31 - Review of the last week's traffic on the VOIPSEC public mailing list
27:29 - Wrap-up of the show
28:35 - End of show

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on June 08, 2007 at 09:44 PM in Podcasts, VoIP Security, VOIPSA | Permalink | Comments (1) | TrackBack (0)

Tags: blue box, bluebox, botnets, checkpoint, dan york, jonathan zar, NAC, security, skype, voip, voip security, voipsa, voipsecurity, voipshield, voneurope