Blue Box: The VoIP Security Podcast

Synopsis:  Blue Box #78: Cisco IP phone vulnerabilties, WiFi handset insecurity, IETF security-related news, VoIP security news, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast #78, a 40-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 17MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was originally recorded on February 25, 2008. Yes, that was two months ago... we know!

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 
• new comment line +1-415-830-5439
• Special Edition #23 with Sonus Networks
• Squawk Box podcast about voice phishing – also this article Vishing: The Latest, and Greatest, Security Concern
• Cisco: Cisco Unified IP Phone Overflow and DoS Vulnerabilities and Dustin Trammell’s coverage
• ZDNet: Design flaw in wireless VoIP handsets endanger the enterprise followed by Cisco confirms vulnerability in 7921 WiFi IP phone
• Voice of VOIPSA: Slides about P2PSIP security new available
• Voice of VOIPSA: RUCUS mailing list & BOF
• Voice of VOIPSA: End-to-end VoIP security using DTLS-SRTP
• Also a whole bunch on SIP Identity
• SIP Torture Tests for IPv6 now out in RFC 5118
• SIP Usage Scenarios Similar to SPIT
• SPEERMINT Security BCPs
• SIP Identity Baiting Attack
• Concerns around Applicability of RFC 4474
• VoIP Hopper 0.9.9 released (site ) – Thanks to Frank Leonhardt for the info.
• VoIP News: Is Someone Listening to Your VoIP Calls? (linked to from ZDNet )
• ZDNet: Cracking GSM
• TMCnet- Practicing Safe OCS
• TMCnet- Security Attack of the Day (Tom Cross starts blogging for TMCnet)
• Speaking of Tom, Techtionary.com Releases SIP Security Checklist
• Voice of VOIPSA: SIPTap Author forms VoIP Security Company (by Craig Bowser!)
• Voice of VOIPSA: Underpowered Hardware
• Project Spider – about SPIT
• CBC: Bell recovers stolen data on 3.4 million customers
• Comment (email) from Larry Farmer
• Comment (email) from Shlomo Dubrowin
• Comment (email) about SE #23
• Review of the last week's traffic on the VOIPSEC public mailing list 
• Wrap-up of the show
• 40:01 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to '[email protected]' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.