Blue Box: The VoIP Security Podcast: VoIP Security

December 17, 2007

Blue Box #72: Asterisk security vulnerabilities, Skype and the German government, VoIP security news, listener comments and more

Synopsis: Blue Box #72: Asterisk security vulnerabilities, Skype and the German government, VoIP security news, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast #72, a 25-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 11MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

NOTE: This show was recorded on November 30, 2007.

Show Content:

00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners - and to all those listeners who have been here for so long!
- AST-2007-025 – Asterisk – SQL Injection issue in res_config_pgsql
- AST-2007-026 – Asterisk SQL Injection issue in cdr_pgsql
- TechWorld: Expert scares world with VoIP hacking proof pointing to SIPtap - Articles also in ComputerWorld
- Wired: Skype encryption baffles German police – also in The Register and TechDirt
- VoIP News: Why Nobody’s VoIP is Secure
- PC World: ‘Swatters’ Trick AT&T’
- Comment (email) from Shawn Merdinger
- Comment (email) from Yann Cloatre
- Comment (email) from Miguel Garcia
- Comment (email) from Roel Villarius about Dutch spam filter
- Review of the last week's traffic on the VOIPSEC public mailing list
- Wrap-up of the show
25:27 - End of show

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either ~~+1-206-350-7280~~ +1-415-830-5439 or via SIP to '[email protected]' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on December 17, 2007 at 08:44 PM in Blue Box, Podcasts, VoIP Security | Permalink | Comments (0) | TrackBack (1)

Tags: asterisk, asterisk security, blue box, bluebox, dan york, danyork, jonathan zar, security, sip, siptap, skype, voip, voip security, voipsa, voipsecurity

December 02, 2007

Blue Box #71: VLAN Hopping, SIP Digest vulnerability, VoIP security hype, Skype security, Google's latest moves, listener comments and much more...

Synopsis: Blue Box #71: VLAN Hopping, SIP Digest vulnerability, VoIP security hype, Skype security, Google's latest moves, listener comments and much more...

Welcome to Blue Box: The VoIP Security Podcast #71, a 51-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

NOTE: This show was recorded on November 8, 2007.

Show Content:

00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners - and to all those listeners who have been here for so long!
SIP Digest Access Authentication RELAY-ATTACK for Toll-Fraud
VoiceCon ENews: VoIP Security Update (about my talk at Interop)
Telecom Junkies episode about VLAN Hopping
Network World: VoIP security notices show security remains a multi-vendor issue – also TechRepublic article about VoIP Hopper
Network World: VoIP security industry: Guilty as charged (Plus, 10 nasty questions to ask your VoIP supplier)
VoIP-News.com: Vonage Security Problems May Be Just the Start
The Ethical Hacker Network: Fun with Online VoIP Hacking
SearchVoIP: Unified communications security vulnerabilities
SecurityPark: Seeing through the VoIP security hype
The Guardian: Why VoIP is the next target for spammers
Skype Blog: Skype for Mac on Leopard (note comments about embracing security)
Voice of VOIPSA: Isolation vs. Integration (Dustin Trammell)
Converge!Network Digest: The Future IC/UC Net Will Be Federated (by Acme Packet)
TMCNet: Telecom Italia Sparke Enhances VoIP Services with Acme Packet
Mark Collier: VoIP Training Courses – he also has made available his presentation on security that he recently gave at AT&T’s Focus Conference.
InfoWorld: Vetting the quality of VoIP (follow-on to The lie that is Voice over IP )
Comment (email) from Matt Hillman about http://www.podcastersmeetup.com/ at ShmooCon Feb 15-17 in DC
Comment (audio) from Mohammad Halawah
Comment (email) from Frank Leonhardt
Comment (email) from Josef Janitor
- Review of the last week's traffic on the VOIPSEC public mailing list
- Wrap-up of the show
- End of show

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-7280 or via SIP to '[email protected]' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on December 02, 2007 at 01:58 PM in Blue Box, Podcasts, VoIP Security, VOIPSA | Permalink | Comments (0) | TrackBack (0)

Tags: blue box, bluebox, dan york, danyork, google, jonathan zar, security, sip, sip security, skype security, VLAN hopping, voip, voip security, voipsa, voipsecurity

November 07, 2007

Blue Box #70: 2-yr Anniversary show, VoIP security vulnerabilities, Vonage, Comcast, phishing, listener comments and much, much more...

Synopsis:Blue Box #70: 2-yr Anniversary show, VoIP security vulnerabilities, Vonage, Comcast, phishing, listener comments and much, much more...

Welcome to Blue Box: The VoIP Security Podcast #70, a 51-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

NOTE: This show was recorded on October 25, 2007.

Show Content:

00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners - and to all those listeners who have been here for so long!
Programming notes:

Dan’s new employment with Voxeo
Dan at VON next week – Dean Elwood is doing a VoIPUser dinner – perhaps a Blue Box dinner as well?
We hope you enjoyed Blue Box SE 21 with Phil Zimmermann – many thanks to Martyn Davies for helping with that.
Reporters for some of the spring shows? (we can probably get you press credentials… if you are there)

XSS attack and SQL injection via SIP against Asterisk
The XSS attack against Linksys SPA-941 we discussed last week was picked up by Secure Computing which resulted in this SearchSecurity.com article: New Attack Methods Target Web 2.0, VoIP (last link sent to us by Rhodri Davies)
Sipera released a range of vulnerabilities related to Vonage, Grandstream and more – note that the Vonage thread has been picked up by ZDNet’s Russell Shaw
Wired: Phones Aren’t Safe Either, Hackers Say – also discussed in Network World and Russell Shaw We’ve toasted so many of these (VoIP) networks… and Dustin Trammell’s blog (in the list of sessions he attended)
SANS: Vishing, Skype, and VoIP-Based Fraud (sent in by Craig Bowser)
CXO Today: The Phishing Epidemic
PCWorld.CA: The eight most dangerous consumer technologies (Skype and consumer VoIP are #6 on page 2 )
TMC Net: VoIP Peering in Search of a Viable Interconnect Business Model (note the comments about security toward the bottom)
Cisco TechWise podcasts Session Initiation Protocol and Security (it’s on the page… came out 10/18/07 )
TechRepublic: Sanity check: Will Microsoft be your next phone company? (nice roundup of the MS announcements… some of the comments are also interesting)
Comcast

- Upcoming shows:
- Oct 24-25, New York, USA, Interop
- Oct 29-Nov 1, Boston, USA, Fall 2007 VON
Comment (email) from Dan Wing about episode 69 and the potential DDoS attack
Comment (email) from Raul Siles about episode 66
Comment (email) from Raul Siles about SANS VoIP Security course
Two-year-anniversary:
- Comment (audio) from Martyn Davies
- Comment (audio) from Dean Elwood
- Comment (audio) from Mike Wallace
- Comment (audio) from Raul Siles (with Matrix inclusion)
- Comment (audio) from Carsten Helmuth (cut off)
- Comment (email) from Scott Tanner
- Comment (email) from Shlomo Dubrowin
- Drawing for the book
- Review of the last week's traffic on the VOIPSEC public mailing list

- Wrap-up of the show

51:14 - End of show

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-7280 or via SIP to '[email protected]' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on November 07, 2007 at 10:52 PM in Blue Box, Podcasts, VoIP Security | Permalink | Comments (0) | TrackBack (0)

Tags: blue box, bluebox, cisco, comcast, dan york, danyork, DDoS, jonathan zar, phishing, SANS, security, SIP, SIP Security, sipera, vishing, voip, voip security, voipsa, voipsecurity, vonage, voxeo, xss

October 24, 2007

Two years ago today, Blue Box podcast #1 was launched

It seems rather amazing to me that it was two years ago today - October 24, 2005 - when we launched this show with Blue Box Podcast #1 (I remember because 10/24 is just a great number for a geek!). It's been a long, strange trip since then... we've learned a lot... about podcasting, about building a community... and, of course, about VoIP security. We've put out 69 main shows and 21 special editions - a total of 90 shows... with more in the queue. It's truly been a remarkable experience and we greatly appreciate all the contributions and support we've had from all of you over the years. Thank you for all of your support!

Sadly, despite our best efforts, Blue Box #70 , our 2-year anniversary show, did NOT make it out today on our actual anniversary. With my schedule, we wound up trying to record tonight and unfortunately the hotel WiFi at the hotel I am staying at in New York City just wasn't up to giving us the quality recording that we wanted to have via Skype. Here's a taste of what we were experiencing:

200710242221
If I read that right, we were getting a 32% packet loss... even if it was really 9%, it was still a lot. The roundtrip was much higher sometimes... up near 300 or more milliseconds. You just can't get a good recording in those circumstances. Skype was working fine earlier in the night, so I don't know if we just hit a time when more people were back at the hotel using the network. Whatever the reason, we eventually just had to give up. I thought about trying Yahoo!Voice or Gizmo, but generally if Skype is having problems the other ones will as well.

It's disappointing, primarily because I really wanted to get the show out today. We've recorded shows from hotels in the past (even using hotel WiFi) and this is the first time in two years that we've actually had to cancel a recording because of poor connectivity!

We're going to try again tomorrow from the Interop show where I did find I got great connectivity in some areas. We'll see. If not it may need to wait until Friday when I'm back in my home studio.

In the meantime, thanks again to all of you who have made this show a joy to produce and do each week!

Technorati Tags: danyork, jonathanzar, bluebox, voip security

Posted by Dan York on October 24, 2007 at 10:21 PM in Blue Box, VoIP Security | Permalink | Comments (0)

October 17, 2007

Blue Box SE#021: Interview with ZFone and ZRTP creator Phil Zimmermann by Brenno de Winter

Synopsis: Interview with ZFone and ZRTP creator Phil Zimmermann by Brenno de Winter.

Welcome to Blue Box: The VoIP Security Podcast Special Edition #21, a 44-minute interview between Phil Zimmermann and Brenno de Winter in August 2007.

Download the show here (MP3, 20MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

Brenno de Winter produces a Dutch podcast about information technology news called "ICT Roddels" (http://ictroddels.nl/) and back in early August he sat down with ZFone and ZRTP creator Phil Zimmermann to discuss (in English) what ZFone and ZRTP are all about. Brenno released the interview on his show and then offered it to us to run as a Blue Box show. In the 40-minute interview, Brenno and Phil spend the first 20 or so minutes talking about ZFone, ZRTP and VoIP security and then spend the remainder of the show talking about security in general, Phil's background and other topics.

While we have interviewed Phil in the past ourselves, it's been about a year since we last spoke with him and so we thought this might be an interesting update for you to hear. We thank Brenno for making the interview available to us.

I also have to say a word of thanks to long-time contributor Martyn Davies who stepped in at the last moment to provide the intro/outro to this interview. I unfortunately lost my voice after a presentation yesterday (bad news for a podcaster!) and Jonathan is currently traveling - and our goal this year is to make sure we get shows out on Wednesdays.

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-7280 or via SIP to '[email protected]' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on October 17, 2007 at 01:40 PM in Blue Box, Podcasts, VoIP Security | Permalink | Comments (0) | TrackBack (0)

Tags: blue box, bluebox, brenno de winter, phil zimmermann, philzimmermann, security, voip, voip security, voipsecurity, zfone, zrtp

October 10, 2007

Blue Box #69: Linksys SPA-941 vulnerability, SIP DDoS, New release of SIPVicious, Asterisk security roadmap, other VoIP security news, listener comments and more

Synopsis:Blue Box #69: Linksys SPA-941 vulnerability, SIP DDoS, New release of SIPVicious, Asterisk security roadmap, other VoIP security news, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast #69, a 46-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners - and to all those listeners who have been here for so long!
01:03 - Programming notes:
- Reminder of new comment line – 206-350-7280
- Books from Peter Thermos and Ari Takanen – anniversary show promotion
02:13 - XSS attack against Linksys SPA-941

07:52 - USENIX ;login: article about SIP DDoS from Hement Sengar

12:10 - New release of SIPVicious tool suite

14:49 - Voice of VOIPSA: Suggestions for a Security Roadmap for Asterisk

21:02 - heise.uk: Skype silently fixes URI problem which relates to Windows issue pointed out back in July (see also here )

25:39 - heise online: Bavarian Criminal Police Office denies use of Trojan to eavesdrop on VoIP calls

27:57 - Zeenews.com (India): CBI favours monitoring of Internet gateways and networks

28:54 - Washington Post: VOIP Mix-Up Exposes Customer Call Data

31:58 - CXO Today (India): Mobile Business Applications Boost Security Demand

35:08 - Upcoming shows:
- Oct 24-25, New York, USA, Interop
- Oct 29-Nov 1, Boston, USA, Fall 2007 VON

35:33 - Comments - challenge with audio comment
35:47 - Comment (email) from Stephen Bosch asking about the CISSP credential

40:13 - Comment (email) from Scott Tanner (which we’ll hold for the 2-yr show) - Dan also gets talking about Dopplr.com

41:27 - Comment (email) from Frank Leonhardt

41:40 - Comment (email) from Michael Miller about PPT syncing software - answer is that we use a site called SlideShare

43:18 - Review of the last week's traffic on the VOIPSEC public mailing list

43:57 - Wrap-up of the show

46:26 - End of show

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-7280 or via SIP to '[email protected]' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on October 10, 2007 at 10:48 PM in Blue Box, Podcasts, VoIP Security, VOIPSA | Permalink | Comments (0) | TrackBack (0)

Tags: asterisk, cisco, cissp, dan york, danyork, jonathan zar, linksys, security, sip, sipvicious, skype, skype security, voip, voip security, voipsa, voipsecurity

October 03, 2007

Blue Box #68: Top 14 VoIP Vulnerabilities, Asterisk security, VoIP hacker, IMS, P2P, Skype, industry moves, VoIP security news, listener comments and more...

Synopsis:Blue Box #68: Top 14 VoIP Vulnerabilities, Asterisk security, VoIP hacker, IMS, P2P, Skype, industry moves, VoIP security news, listener comments and more...

Welcome to Blue Box: The VoIP Security Podcast #68, a 46-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners - and to all those listeners who have been here for so long!

01:03 - Programming notes:
- New comment line – 206-350-7280
- Slight web site changes
- Books from Peter Thermos and Ari Takanen – anniversary show promotion
03:27 - NetworkWorld: Top 14 VoIP Vulnerabilities – and also this comment in reply

07:08 - blog.spywareguide.com: Bubbles… for Kids! (spyware that propagates via Skype IM)

09:25 - Voice of VoIPSA: What would your security roadmap for Asterisk be? and 3Com to sell/support Asterisk

18:11 - Voice of VOIPSA: VoIP Hacker Goes to Jail pointing to Information Week interview with Robert Moore which is similar to the Telecom Junkies interview I did earlier with Robert Moore.

19:14 - Converge!Digest: Defending the IMS Core (sponsored by Sonus)

20:56 - Processor: Getting Tough with P2P= which relates to Dan’s recent issues with using Skype at a hotel

26:36 - PC World: Attack of the Killer Bots

28:57 - News Releases
- Sipera Secures $10 Million to Further Advance VoIP/UC Security=
- Bandwidth.com Bands with Acme Packet (finally, security for SIP trunking!)
- Radware Unveils Industry First Behavioral Server Protections as Part of its Full Spectrum Protection Technology
- Alcatel-Lucent Bolsters its Security Solutions in Worldwide Reseller Agreement with CloudShield Technologies
- Clavister Announces New Version of its IP-Based Security Operating System (see also press release )
- ForeScout Continues Innovation Leadership with Latest Network Access Control Offering=
32:24 - 3Com bought by Bain Capital, Huawei

34:58 - Skype CEO out, eBay takes $1.4 million charge

37:08 - Nokia to buy Navteq

38:26 - Vonage loses patent trial

39:29 - Upcoming shows:
- Oct 24-25, New York, USA, Interop
- Oct 29-Nov 1, Boston, USA, Fall 2007 VON

39:58 - Comment (email) from Peter Thermos

42:15 - Comment (email) from Frank Leonhardt about Skype malware

42:24 - Comments (blog) about video edition #1

42:51 - Brief commentary from Dan about using TalkPlus to call a SIP URI from a cell phone

45:39 - Review of the last week's traffic on the VOIPSEC public mailing list

46:00 - Wrap-up of the show

46:51 - End of show

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-7280 or via SIP to '[email protected]' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on October 03, 2007 at 06:00 AM in Blue Box, VoIP Security, VOIPSA | Permalink | Comments (0) | TrackBack (0)

Tags: 3com, blue box, bluebox, botnets, bots, dan york, danyork, IMS, jonathan zar, P2P, peer-to-peer, robert moore, security, sipera, Skype, skype nokia, skype security, spyware, voip, voip security, VOIPSA, voipsecurity, vonage

September 26, 2007

Blue Box #67: Contest for listeners, discussion about status, some VoIP security news, listener comments

Synopsis:Blue Box #67: Contest for listeners, discussion about status, some VoIP security news, listener comments

Welcome to Blue Box: The VoIP Security Podcast #67, a 20-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners - and to all those listeners who have been here for so long!

- Discussion of:
- reasons for break in shows having to do with Dan no longer working for Mitel
- two-year anniversary of the show coming up on October 24th
- listener contest for copies of Peter Thermos and Ari Takanen's new book "Securing VoIP Networks"
- ZDNet: "Jericho Forum voices concerns over VoIP Security"
- Telappliant: "VoIP 'more secure than traditional phone systems'" (note the last paragraph about VOIPSA)
- SecurityFocus: "VoIP Hopping: A Method of Testing VoIP Security or Voice VLANs and Release of "VoIP Hopper tool"
- SIP Hacking Workshop in November in Vienna
- Upcoming shows:
- Oct 29-Nov 1, Boston, USA, Fall 2007 VON

- Comment (email) from Craig Bowser (about VoIP Hopping article)
- Comment (email) from Doug Simar about iPhone
- Review of the last week's traffic on the VOIPSEC public mailing list

- Wrap-up of the show

20:46 - End of show

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-2583 or via SIP to '[email protected]' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on September 26, 2007 at 09:52 AM in Blue Box, Podcasts, VoIP Security, VOIPSA | Permalink | Comments (0) | TrackBack (0)

Tags: blue box, bluebox, dan york, danyork, jonathan zar, security, voip, voip hopping, voip security, voipsa, voipsecurity

September 25, 2007

FYI - I'm out at AstriCon in Arizona (and looking for Asterisk security feedback over on the VOIPSA weblog)

FYI, I'm currently out at the Asterisk conference, AstriCon, in Phoenix, Arizona through Thursday night. If any listeners are also here at the show, please do drop a note as I'm always interested in meeting listeners face-to-face.

Also, over on the Voice of VOIPSA weblog, I've posted the question: "What would your 'security roadmap' for Asterisk be?" I'm giving a talk on the subject on Thursday and would welcome any feedback.

Technorati Tags: asterisk, astricon, conferences, security, voip, voip security, voipsa

Posted by Dan York on September 25, 2007 at 09:35 AM in Conferences, VoIP Security, VOIPSA | Permalink | Comments (0)

September 07, 2007

Blue Box SE#020 - SIP Security discussion with Cullen Jennings of IETF and Cisco

Synopsis: Interview about SIP security with Cullen Jennings, Area Director for the Real-time Applications and Infrastructure area of the Internet Engineering Task Force (IETF).

Welcome to Blue Box: The VoIP Security Podcast Special Edition #20, a 42-minute interview about SIP security with Cullen Jennings of IETF and Cisco. Recorded at VoiceCon San Francisco in August 2007.

Download the show here (MP3, 19MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

In this Special Edition, I sat down with Cullen Jennings out at VoiceCon San Francisco in August 2007 to talk about SIP security. Cullen had just co-presented with Eric Rescorla a 3-hour tutorial on SIP security and in this interview we covered an overview of the topics covered in that session, such as:

challenges in encrypting SIP signaling (forking, early media (including what it is))
proposed methods of encrypting voice/media, including ZRTP and DTLS
SIP identity
SIP outbound, a proposal for helping SIP signaling work across firewalls
certificate management in SIP
future security issues of concern within SIP

I believe you will find it both a very educational and interesting interview that will help explain some of the various areas of SIP security.

Cullen is a Distinguished Engineer with Cisco Systems but more relevantly is one of the Area Directors for the "Real-time Applications and Infrastructure" (RAI) area of the Internet Engineering Task Force (IETF). Basically almost all of the SIP-related standards move through the RAI area of the IETF. Cullen also has a strong interest in security and has been an author on several of the security-related RFCs and Internet-Drafts related to SIP.

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-2583 or via SIP to '[email protected]' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on September 07, 2007 at 04:53 PM in Podcasts, VoIP Security, VOIPSA | Permalink | Comments (0) | TrackBack (1)

Tags: cisco, cullen jennings, dan york, dtls, ietf, sip, sip identity, sip security, voip, voip security, voipsa, voipsecurity, zrtp

Blue Box: The VoIP Security Podcast

A podcast offering news, views and commentary on security issues for Voice Over IP(VoIP), Unified Communications (UC) and IP Telephony

December 17, 2007

Blue Box #72: Asterisk security vulnerabilities, Skype and the German government, VoIP security news, listener comments and more

December 02, 2007

Blue Box #71: VLAN Hopping, SIP Digest vulnerability, VoIP security hype, Skype security, Google's latest moves, listener comments and much more...

November 07, 2007

Blue Box #70: 2-yr Anniversary show, VoIP security vulnerabilities, Vonage, Comcast, phishing, listener comments and much, much more...

October 24, 2007

Two years ago today, Blue Box podcast #1 was launched

October 17, 2007

Blue Box SE#021: Interview with ZFone and ZRTP creator Phil Zimmermann by Brenno de Winter

October 10, 2007

Blue Box #69: Linksys SPA-941 vulnerability, SIP DDoS, New release of SIPVicious, Asterisk security roadmap, other VoIP security news, listener comments and more

October 03, 2007

Blue Box #68: Top 14 VoIP Vulnerabilities, Asterisk security, VoIP hacker, IMS, P2P, Skype, industry moves, VoIP security news, listener comments and more...

September 26, 2007

Blue Box #67: Contest for listeners, discussion about status, some VoIP security news, listener comments

September 25, 2007

FYI - I'm out at AstriCon in Arizona (and looking for Asterisk security feedback over on the VOIPSA weblog)

September 07, 2007

Blue Box SE#020 - SIP Security discussion with Cullen Jennings of IETF and Cisco

The Obligatory Photo

Contact Information

License

Full Disclosure

Why "Blue Box"?

Archives

Categories

Search

Promote Blue Box!

Recent Posts

Recent Comments

VoIP Security Books