Synopsis: Special edition with a presentation on VoIP Security given by Dan York at the IP Telephony for Government conference on April 18, 2006, in Arlington, VA.
Welcome to a special edition of Blue Box: The VoIP Security Podcast where we present a recording of a presentation that Dan York gave on April 18, 2006, in Arlington, Virginia, at the IP Telephony Solutions for Government conference sponsored by the Homeland Defense Journal and IT*Security Magazine. In this presentation, Dan provides an introduction to VoIP security issues, discusses threats and briefly touches on best practices to protect against those threats.
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.
Thank you for listening and please do let us know what you think of the show.
Synopsis: A brief show with VoIP security news, our listener survey and more
Welcome to Blue Box: The VoIP Security Podcast show #25, a 20-minute podcast from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This show also introduces our listener survey.
Reminder: There will not be a show next week as Dan will be away.
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.
In this show we also mentioned our new promotion - anyone submitting audio comments (either by email or calling the comment line) during April will be eligible for a drawing for a free copy of "Practical VoIP Security" from Syngress Press. Many thanks to Bruce Stewart and the folks at O'Reilly & Associates (who distribute Syngress books) for providing this book.
Show Content:
00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners. Mention of Frappr map for the show. Please join the map!
02:45 - Discussion of language in comments and desire to keep the show "work- and family-safe"
17:56 - Review of the last week's traffic on the VOIPSEC public mailing list. Discussion around identity management and VoIP, IPSec and VoIP security, and the "phishers snare victims with VoIP" article
18:35 - Wrap-up, info about how to leave comments, upcoming shows, etc.
19:42 - End of show
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.
Thank you for listening and please do let us know what you think of the show.
Synopsis: Super-sized edition - Two interviews, one with David Schwartz, CTO of Kayote networks and one with Rodolfo Rosini, CEO of Cellfire Security. VoIP security news, opinions and many comments from listeners, along with a way to potentially win a copy of a new book on VoIP security.
Welcome to Blue Box: The VoIP Security Podcast show #24, a 109-minute podcast from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This show also features a 38-minute interview with David Schwartz, CTO of Kayote Networks about his perspective on the IETF meeting in Dallas in March and SIP Identity and SPIT as well as another 18-minute interview with Rodolfo Rosini, CEO of Cellfire Security about his new startup.
This show is extra-large this week because there will be no show next week due to vacation travel and we wanted to make these interviews available.
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.
In this show we also mentioned our new promotion - anyone submitting audio comments (either by email or calling the comment line) during April will be eligible for a drawing for a free copy of "Practical VoIP Security" from Syngress Press. Many thanks to Bruce Stewart and the folks at O'Reilly & Associates (who distribute Syngress books) for providing this book.
Show Content:
00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners. Mention of Frappr map for the show. Please join the map!
04:04 - Discussion of the "IP Telephony Solutions for Government" show where Dan spoke last week in DC and where he was able to spend some time with listener Craig Bowser.
Why he believes SPIT is more of a concern than many others view it as
SIP peering, business models and security issues
His perspective on attending the IETF meeting in Dallas last month, and specifically issues discussed there around SPIT and SIP Identity
An explanation of the proposed SIP Identity mechanism
His views on why "policy" is incredibly important
The dangers lurking in SIP routing and how unprotected it is
This is the second part of our IETF-related interviews (the first was in show #22) and we hope this has given you a good perspective on what occurred at that meeting.
74:48 - Comment section and review of quick comments from Shawn Merdinger, Martyn Davies, Mark Collier and Craig Bowser
75:10 - Albert Maruggi on how the medium has impacted our business
80:02 - Leslie Asamoa-Krodua on identity management
86:18 - Feature interview with Rodolfo Rosini, CEO of Cellfire Security, a startup focused on VoIP security with a particular focus on cell phones. He provided a background on the company, its product that is now entering beta, the survey they recently concluded and the fact that they are hiring in London and San Francisco.
104:39 - Review of the last week's traffic on the VOIPSEC public mailing list. Discussion around client authentication, Cisco-specific tools, reviews of the Practical VoIP Security book, SOX compliance, managed security service providers and much more
106:49 - Wrap-up, info about how to leave comments, upcoming shows, etc.
109:00 - End of show
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.
Thank you for listening and please do let us know what you think of the show.
Synopsis: VoIP security news, opinions and many comments from listeners, along with a way to potentially win a copy of a new book on VoIP security.
Welcome to Blue Box: The VoIP Security Podcast show #23, a 35-minute podcast from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This show was also to feature the second of two interviews we have coming at you about the IETF meetings that took place in March 2006, however due to some production issues that interview will be pushed to the next show.
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.
In this show we also introduced our new promotion - anyone submitting audio comments (either by email or calling the comment line) during April will be eligible for a drawing for a free copy of "Practical VoIP Security" from Syngress Press. Many thanks to Bruce Stewart and the folks at O'Reilly & Associates (who distribute Syngress books) for providing this book.
Show Content:
00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners. Mention of Frappr map for the show. Please join the map!
02:06 - Note that if you are hearing advertising it is not from us! (and we would like to know about it)
03:05 - Note about the book promotion
04:52 - Request to help promote the show with reviews at PodcastAlley and iTunes
30:07 - Comment from Mark Collier that he'll be out at Interop on a VoIP Security Panel
31:00 - Review of the last week's traffic on the VOIPSEC public mailing list. Great discussion around IPSec vs TLS/SRTP (with metrics), softphones and VPNs and much more
32:09 - Wrap-up, info about how to leave comments, upcoming shows, etc.
32:24 - Question about whether we should continue with the current format of including an interview in the show or run the interviews separately?
34:45 - End of show
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.
In the spirit of the programming version of Easter eggs I will ask the question: what did we do differently with regard to the audio in the recording of this episode? I did something subtle... and I'm curious to know if it is detectable. (Hmmm... sounds like a good idea for an audio comment back to us, eh?)
Thank you for listening and please do let us know what you think of the show.
Synopsis: VoIP security news, opinions and comments from listeners as well as a 25-minute interview with Dan Wing and Cullen Jennings from Cisco about SIP media security coming out of recent IETF meetings.
Welcome to Blue Box: The VoIP Security Podcast show #22, a 45-minute podcast from Dan York and Jonathan with news and commentary about the world of VoIP security. This show also features the first of two interviews we have coming at you about the IETF meetings that took place in March 2006. This week's 25-minute interview is with Dan Wing and Cullen Jennings of Cisco Systems and is primarily about Dan Wing's presentation on methods of securing the SIP media stream.
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.
Show Content:
00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners. Mention of Frappr map for the show. Please join the map!
15:34 - Feature interview with Dan Wing and Cullen Jennings of Cisco Systems primarily about Dan Wing’s presentation on SIP key exchange mechansims at the recent IETF meeting in March in Dallas, Texas. In this segment, Dan goes through his first slides and explains the basic security issues around securing SIP media streams, talks about design choices for various proposed solutions and discusses where all this is going. Given that SRTP interoperability between systems is an extremely important issue right now, it's well worth grabbing a copy of the slides and joining Dan in a journey through the issues. At about 32:03, the interview shifted to Cullen Jennings where he discussed the IETF re-organization and creation of the Realtime Applications and Infrastructure (RAI) Area and what that means for these issues. Cullen also provides his view on the security discussions that occurred down at the IETF meeting. Definitely all well worth a listen.
44:04 - Wrap-up, info about how to leave comments, upcoming shows, etc.
45:25 - End of show
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.
Thank you for listening and please do let us know what you think of the show.
Synopsis: VoIP security news, opinions and comments from listeners as well as a 30-minute interview about Sipera.
Welcome to Blue Box: The VoIP Security Podcast show #21, a 57-minute podcast from Dan York and Jonathan with news and commentary about the world of VoIP security. This show also features a 30-minute interview with Micaela Giuhat, VP of product line management for Sipera.
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.
Show Content:
00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners. Mention of Frappr map for the show. Please join the map!
01:07 - It has been five months since we launched this show!
01:41 - News - discussion of launch of Yahoo!Voice
14:32 - Mention of Codenomicon interview and the fact that Victor Garza over at InfoWorld had some great VoIP-security-related podcasts published at weblog.infoworld.com/zeroday/
how their systems are different from all the other VoIP security systems out there
the research they have done into VoIP security
what they plan to do with the $13 million dollars
and much, much more...
45:54 - End of interview
46:45 - Comment from Tom Hayden
47:18 - Comment from Craig Bowser
47:46 - Comment from Hema Krishnamurthy
49:08 - Audio comment from David Retikoff from Nerds On-site
52:44 - Comment from Doug Simar
54:18 - Review of the last week's traffic on the VOIPSEC public mailing list. Large amount of interesting traffic on SPIT (Spam for Internet Telephony), SRTP, VoIP security whitepapers, Skype report and more
56:00 - Wrap-up, info about how to leave comments, upcoming shows, etc.
56:54 - End of show
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.
Thank you for listening and please do let us know what you think of the show.
Synopsis: Interview with Jim Gallagher of Codenomicon, provider of VoIP security test tools, from the floor of Spring VON 2006.
Welcome to a special edition of Blue Box: The VoIP Security Podcast from the floor of the Spring 2006 VON conference in San Jose, CA. In this 15 minute podcast, host Dan York interviews Jim Gallagher of Codenomicon about their company, their test tools and how they can help companies developing VoIP products.
This is actually the only recording I will be bringing you from the Spring VON exhibitors. However, Victor Garza over at Infoworld's "Zero Day Security" recorded a number of podcasts from VON that listeners to this show may also find of interest.
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.
Synopsis: Review of VoIP security news and comments from listeners
Welcome to Blue Box: The VoIP Security Podcast show #10, a 19-minute podcast from Dan York with news and commentary in the world of VoIP security. Due to scheduling issues, Dan and Jonathan were unable to connect to do the show together and given the number of news items in the queue Dan went ahead with a solo show. Both will be back together next week.
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.
Show Content:
00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners. Mention of Frappr map for the show. Please join the map!
12:53 - Review of the last week's traffic on the VOIPSEC public mailing list. Large amount of interesting traffic on SPIT (Spam for Internet Telephony)
17:23 - Wrap-up, info about how to leave comments, upcoming shows, etc.
19:30 - End of show
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.
Thank you for listening and please do let us know what you think of the show.
Synopsis: Joint interview with Mikey from the Pulvermedia Podcasting Network where I talk about the security presentations that occurred here at VON. The interview was recorded at the PPN booth on the exhibit floor of the Spring VON show in San Jose, California, on March 16, 2006.
Welcome a special edition of Blue Box: The VoIP Security Podcast from the floor of the Spring 2006 VON conference in San Jose, CA. This was a joint interview between myself and Mikey from the Pulvermedia Podcasting Network where I first talked about Blue Box and then discussed the security presentations that were here at the show, spoke a bit about SPIT and then relayed other thoughts about the show this year. Mikey also talked a bit about what he and his colleague Laura have been doing there at their booth talking to people about podcasting and interviewing various folks (those interviews are available here)
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected].
Audio comments sent as attached MP3 files are definitely welcome and
will be played in future shows. You may also call the listener comment
line at +1-206-338-6654 to leave a comment there.
Synopsis: Interview with Phil Zimmermann about his new Zfone project, the ZRTP protocol and other related topics. The interview was recorded at the Spring VON show in San Jose, California, on March 16, 2006.
Welcome a special edition of Blue Box: The VoIP Security Podcast from the floor of the Spring 2006 VON conference in San Francisco, CA. In this interview with Phil Zimmermann we talk about his Zfone project and how it has evolved since it was first announced in January (which we covered here). Phil explains the origins of his ideas, how Zfone works, how ZRTP works and how people can get involved with the public Zfone beta program. More information is available at http://www.philzimmermann.com/
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected].
Audio comments sent as attached MP3 files are definitely welcome and
will be played in future shows. You may also call the listener comment
line at +1-206-338-6654 to leave a comment there.
Jonathan Zar is affiliated with Pingalo and is the Secretary of VOIPSA and member of the Board of Directors.
This is a personal project and neither the Internet Society, Pingalo nor VOIPSA have any formal connection to this podcast. In the interest of transparency we just thought you should know our affiliations.
Why "Blue Box"?
We chose the name "Blue Box" primarily as a nod to the era of phone phreaking in part to illustrate that threats to telephony are not new - they just continue to change and evolve. That and admittedly the name just sounded cool.
Recent Comments