Blue Box: The VoIP Security Podcast

Synopsis: Blue Box #63: Cisco and Asterisk VoIP vulnerabilities, the "Athens affair" (Greek wiretapping), iPhones and Duke, IETF and SPIT, SunRocket flares out, Skype phishing, VoIP security news and more...

Welcome to Blue Box: The VoIP Security Podcast #63, a 38-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 18MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long!
• 01:14 - Programming notes
  
  • Special Edition coming out with VON session.
  • Anyone going to Black Hat or Defcon next week?  We'd love a report.
• 01:41 - Cisco vulnerabilities: Cisco patches two VoIP security flaws.  Details at: Cisco Security Advisory: Cisco Unified Communications Manager Overflow Vulnerabilities  Dan Kaplan Cisco Patches Two Security Flaws reports IBM-ISS X-Force as having discovered them.
• 02:33 - Asterisk security vulnerabilities (several of them) – http://www.asterisk.org/security
• 06:25 - TechRepublic: VoIP threats: Beyond eavesdropping (pointer to it from Russel Shaw: VoIP security? Encrypt, encrypt, encrypt )
• 07:50 - Network World: Security firm: Don’t use iPhone Web dialer
• 09:13 - Duke University IT department reported as claiming:IPhones flooding wireless LAN at Duke University with various blogs speculating on the issue Interestingly the trade media is now reporting on what the blog writers are saying. Readers speculate on Duke University’s iPhone problem (and yes, we'll talk about the recent developments on Blue Box #64)
• 11:50 - Blogger News Network: If Social Security Calls requesting personal information, it might be smart to verify who you are talking to
• 13:57 - Register: Blacklists are Bad (and Hannes makes the connection to VoIP )
• 16:09 - Hannes Tschofenig had a number of posts relating to standards:
  
  • Disclosing SRTP Session Keys with a SIP Event Package
  • New Drafts to Tackle SPIT
  • A Survey of Protocols to Control NAT and Firewalls
  • Just read Hannes’ blog for more info about IETF 69!
• 16:42 - FTC Spam Summit
• 19:07 - IEEE article on Greek wiretapping scandal (sent in by Kand Palanisamy)
• 24:05 - Hackers stealing PBX phone minutes to on-sell cheap
• 25:52 - Emerging Telephony SunRocket Folds – Whither the Numbers
• 28:50 - Network World: Online ads could become a phisher’s dream
• 30:04 - Voice of VOIPSA: It’s What the Computer Has Become
• 31:52 - News Releases:
  • TippingPoint enhancing its IPS
  • Frost & Sullivan Extols XConnect’s Unique and Comprehensive Product Line Strategy for Federated VoIP Peering
• 33:58 - Upcoming shows:
  
  • Aug 20-23, San Francisco, CA, USA VoiceCon SF 2007
  • Sept 10-12, Los Angeles, CA, USA ITEXPO West 2007
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON
• 34:41 - comment (email) from listener Frank Leonhardt on possible Skype phishing email
• 37:03 - Review of the last week's traffic on the VOIPSEC public mailing list
• 37:35 - Wrap-up of the show 
• 38:25 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to '[email protected]' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis: Blue Box #62: CAPTCHA for SPIT, covert channels, SIP Identity, is VoIP safe?, Fiji, Google, VoIP security news and more

Welcome to Blue Box: The VoIP Security Podcast #62, a 41-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 19MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Note: Originally recorded back on July 6th.  There were some, well, "challenges" with the quality of the recording and so post-production took far longer than usual and you will still hear some audio artifacts every once in a while when Jonathan is speaking.

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long!
• 01:21 - Programming notes
  
  • Facebook group has grown to 22 members. If you are on Facebook, do check out the group.
  • Special Edition #18 – we hope you enjoyed that and thank Martyn for doing the interviews.  We welcome such contributions.
• 02:34 - Asteridex remote command execution
• 05:41 - Voice of VOIPSA: Now I’ve CAPTCHA’d Your Attention pointing to Hannes Tschofenig’s blog entry about his Internet Draft around using CAPTCHA for SIP to prevent SPIT
• 15:38 - Voice of VOIPSA: ‘Voice over VoIP’ project aims to show use of ‘covert channels’ to tunnel voice inside of voice pointing to VoIP Covert Channel project at the Georgia Institute of Technology.
• 16:30 - Voice of VOIPSA: It’s Just Not Meant To Be Open
• 16:51 - IETF - Dan Wing issues Internet Draft SIP Identity using Media Path and receives feedback and also circulates note about Cisco IPR/patents
• 29:20 - ComputerWeekly.com: VoIP SIP fundamentals
• 25:11 - TMCnet: Caller ID Spoofing Soon to be Outlawed?
• 25:49 - PC Magazine Experts: VOIP Just Another Way to Hack
• 26:38 - eWeek: Experts: Enterprises Must Focus on VoIP Security
• 27:52 - NetworkWorld: Six burning VoIP questions – specifically what really happens when I dial 911?  and Is VoIP safe?
• 30:31 - Islands Business: Fiji Opens VoIP
• 32:06 - YouTube: VoIP Security introduction featuring Peter Cox – we talked about it on show #61 but I am now told he actually works for Borderware
• 32:28 - New podcasts involving two folks involved with the show (Dean Elwood and Martyn Davies): Bending the Needle
• 33:35 - Google acquires GrandCentral (Dan's blog) pointing to GrandCentral announcement and Google blog posting
• 37:16 - Upcoming shows:
  
  • July 19-20, New York, USA, IPTComm2007
  • July 22-27, Chicago, USA IETF 69
  • Aug 20-23, San Francisco, CA, USA VoiceCon SF 2007
  • Sept 10-12, Los Angeles, CA, USA ITEXPO West 2007
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON
• 38:29 - comments from Martyn about Peter Cox and Takehiro about the Covert Channels and comment (blog) from Adrian P. on Blue Box #51 (show on Feb 22)
• 40:02 - Review of the last week's traffic on the VOIPSEC public mailing list
• 40:32 - Wrap-up of the show 
• 41:20 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to '[email protected]' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis: Session Border Controller (SBC) Special - Martyn Davies interviews Rod Hodgman from Covergence and Jeff Carr from Borderware about their products and the role of the SBC.

Welcome to Blue Box: The VoIP Security Podcast Special Edition #18, a 33-minute podcast of interviews by Martyn Davies of Rod Hodgman from Covergence and Jeff Carr from Borderware about their products and the role of the SBC and the question "Do SBCs break the rules of SIP?"

Download the show here (MP3, 15MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

This Session Border Controller (SBC) special features two back-to-back interviews with Rod Hodgman from Covergence (www.covergence.com) and Jeff Carr from Borderware (www.borderware.com).

In the first interview, Martyn Davies speaks to Rod Hodgman, VP of Marketing at Covergence, about their SBC product line, Eclipse.  Rod talks about SBCs that support peering and access edge applications, and then focuses on access edge features such as NAT traversal and DoS protection.  The discussion also covers software vs. appliance; OS hardening, ATCA and media acceleration.  Rod answers the question "do SBCs break the rules of SIP?", and tells us a user story.

In the second part, Martyn speaks to Jeff Carr, VP of the SIP Solutions Group at Borderware, about their software SBC, SIPAssure.  Jeff talks about the access edge, SPIT (Internet Telephony SPAM): content filtering and reputation management; firewall vs. SBC.  He also tackles the question "do SBCs break the rules of SIP?", and goes on to tell us a story about one of their OEM customers.

We thank Martyn for contributing these interviews.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to '[email protected]' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

(P.S. In the spirit of full disclosure, I'll note that one of the customer stories turns out to be my employer, but I had no clue about that as this was entirely Martyn's production.)

Synopsis: Blue Box #61: IETF framework to fight SPIT, VoIP security video, new tools, voip security news, listener comments and only a brief mention of the iPhone

Welcome to Blue Box: The VoIP Security Podcast #61, a 29-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long!
• 01:21 - Programming notes
  • New special edition shows coming up very soon.
• 01:41 - Sipera: Many SIP vulnerabilities with softphones from AIM, MSN, Nortel and Avaya 4602SW desk phone
• 04:05 - Voice of VOIPSA: IETF Internet-Drafts on SPIT – Hannes Tschofenig seeking comments
  • Requirements for Authorization Policies to tackle SPIT
  • A Framework for reducing SPIT
• 07:10 - Voice of VOIPSA: Pucker Up, Part 3 – Shawn’s latest piece.
• 08:24 - Voice of VOIPSA: Truth in Caller ID Act passed again
• 09:19 - Voice of VOIPSA: We Know Where You Live
• 10:27 - Mark Collier has several new articles on his VoIP security blog including:
  • a pointer to this VoIP Security Threats video on YouTube
  • Mark’s presentation at INNUA
• 13:35 - ComputerWeekly.com: VoIP Security Fundamentals
• 14:51 - Release of rtpbreak tool
• 15:42 - BBC: Telephone tapping (from Frank Leonhardt)
• 16:55 - Fox News: Hacker Taps Cell Phone to Stalk Family
• 17:26 - News releases:
• Mobile Voip: T-Mobile Introduces Unlimited Calling With T-Mobile HotSpot @Home
• M5T Releases the M5T ZRTP SAFE VoIP Application
• 21:14 - Feature on status of Best Practices Project
• 22:06 - Upcoming shows:
  
  • July 19-20, New York, USA, IPTComm2007
  • July 22-27, Chicago, USA IETF 69
  • Aug 20-23, San Francisco, CA, USA VoiceCon SF 2007
  • Sept 10-12, Los Angeles, CA, USA ITEXPO West 2007
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON
• 23:20 - comment (email) from Rhodri Davies about SIP in SANS list
• 24:19 - comment (email) from Frank Leonhardt about his paper and also link
• 24:49 - comment (email) from JP Li asking about slides for SE #16
• 25:36 - comment (blog) from Benny Ketelslegers about SIP botnets
• 27:15 - Review of the last week's traffic on the VOIPSEC public mailing list
• 27:58 - Wrap-up of the show 
• 29:02 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to '[email protected]' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis: Blue Box #60: new VoIP security offerings from CheckPoint, VoIPShield, VoIP and business continuity, CALEA, new VoIP Security book, NAC mini-tutorial, more on botnets, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast #60, a 28-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long!
• 01:15 - Programming notes
  
  • Martyn Davies will be moderating a panel on VoIP security at VON Europe that will include Dan and others
  • Blue Box dinner at the June VON show on Monday, June 11th
  • We’ve recently set up a group on the Facebook social networking site for fans of the show.  If you are a Facebook user, feel free to join.
• 02:28 - ComputerWeekly.com: Check Point promises more VoIP security, fewer slowdowns
• 03:35 - VoIPShield Security Suite Debuts…
  • VoIPShield Security Suite Debuts at Interop Las Vegas
  • Ken Camp response
  • InfoWorld
• 05:21 - PC World: Attackers Get Chatty on VoIP
• 06:37 - Skype Journal: UK: Paedophiles use Skype to find and pursue likely targets
• 07:42 - TMC.net: VoIP Helps Increase Business Continuity Awareness
• 10:10 - VoIPNews: VoIP Providers Hold Their Breath as CALEA Deadline Passes
• 12:15 - New book coming out in August: Securing VoIP Networks: Threats, Vulnerabilities and Countermeasures by Peter Thermos and Ari Takanen
• 13:38 - Voice of VOIPSA: Security: A Question of Balance
• 14:23 - Voice of VOIPSA: Google Launches Security Blog
• 14:54 - Follow-up on the Estonian botnet issue – it apparently wasn’t Russia but instead was botnet groups and Cyberattack in Estonia—what it really means
• 15:48 - SPIT Framework Internet-Draft - stay tuned for a URL
• 16:43 - News Releases:
  • Covergence Announces Support for IBM BladeCenter
• 16:54 - Feature - mini-tutorial on NAC
• 20:17 - Upcoming shows:
  
  • Dustin Trammell will be speaking at Defcon 15 about VoIP and steganography
  • Ken Camp will be moderating two panels on VoIP Security at IT Expo
  • June 12-14, Stockholm, Sweden, VON Europe Spring – both Martyn and I will be there… we’ll have a Blue Box dinner
  • July 22-27, Chicago, USA IETF 69
  • Aug 20-23, San Francisco, CA, USA VoiceCon SF 2007
  • Sept 10-12, Los Angeles, CA, USA ITEXPO West 2007
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON
• 21:32 - comment (email) from Rhodri Davies about SIP botnets
• 23:55 - comment (email) about analog surveillance
• 25:09 - comment (blog) from Security4All
• 25:22 - comment (blog) from Ludovic Petit that he can’t see the PDF files
• 25:44 - comment (facebook) from Reuven
• 26:31 - Review of the last week's traffic on the VOIPSEC public mailing list
• 27:29 - Wrap-up of the show 
• 28:35 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to '[email protected]' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis: 802.1X mini-tutorial, new VoIP security vulnerabilities, new security tools, the biggest threat to VoIP? ... botnets hitting Estonia...  and chimichangas and sushi trains...

Welcome to Blue Box: The VoIP Security Podcast #59, a 55-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 24MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long!
• 01:36 - Dan and Jonathan discuss recent conferences, the US DOD's JITC certification process and stray into Mexican food...
• 06:38 - Programming notes
  
  • Martyn Davies will be moderating a panel on VoIP security at VON Europe that will include Dan and others
  • Blue Box dinner at the June VON show on Monday, June 11th
  • We’ve recently set up a group on the Facebook social networking site for fans of the show.  If you are a Facebook user, feel free to join.
• 08:01 - Sipera Finds New VoIP Phone Security Threats
• 12:58 -Information Week: Security Tools Top 2007 IT Professionals Poll (VoIP drops to 3rd) – see also IT Business Edge
• 16:59 - ITP Technology: Cracking the code
• 18:25 - Network World: Security in PacketCable networks
• 20:59 - Speaking of Network World, by way of Mark Collier , we learned that Network World has a VoIP Security page
• 21:28 - VoIPPlanet: A series of ‘The VoIP Peering Puzzle’ background pieces on SBC’s
• 23:24 - Ken Camp: What’s the biggest Threat to Enterprise VoIP?
• 25:21 - CRN: VoIP Demystified
• 26:08 - TMCnet: Trends in IP Communications and the Evolution of the SBC
• 27:15 - ComputerWeekly.com: VoIP, UC adoption continue to rise
• 29:45 - Botnet attacks against Estonia:
  
  • Washington Post: Cyber Assaults on Estonia Typify a New Battle Tactic
  • CNN: Estonia suspects Kremlin in Web attacks
  • BBC: Estonia hit by ‘Moscow cyber war’
  • Global Guerrillas: Russia vs. Estonia: 21st Century State vs State conflict 
• 34:04 - News Releases:
  • General Dynamics Awarded $18 Million Contract to Deliver VoIP to the Pentagon
  • Freebird releases VoIP call recorders
• 35:27 - Feature - mini-tutorial on IP phones and 802.1X
• 40:00 - Upcoming shows:
  
  • Dustin Trammell will be speaking at Defcon 15 about VoIP and steganography
  • June 12-14, Stockholm, Sweden, VON Europe Spring – both Martyn and I will be there… we’ll have a Blue Box dinner
  • July 22-27, Chicago, USA IETF 69
  • Aug 20-23, San Francisco, CA, USA VoiceCon SF 2007
  • Sept 10-12, Los Angeles, CA, USA ITEXPO West 2007
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON
• 42:12 - comment (email) from Phil about analog tapping of VoIP phone
• 44:28 - comment (email) from Shlomo Dubrowin
• 49:13 - Review of the last week's traffic on the VOIPSEC public mailing list
• 49:35 - Wrap-up of the show 
• 51:13 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to '[email protected]' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis: The SIP Botnet edition - VoIP bots are here, now what?  Also rogue firmware mini-tutorial, other VoIP security news, listener comments, more...

Welcome to Blue Box: The VoIP Security Podcast #58, a 35-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 14MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long!
• 00:53 - Programming notes
  • Dan was out in Fort Huachuca, AZ, for a US DoD telecommunications conference
  • Martyn Davies will be speaking on May 23 at the Eurosec conference in Paris (replacing Dan)
• 02:20 - Voice of VOIPSA: Ready or not, here come the IRC-controlled SIP/VoIP attack botnets
• 15:15 - Voice of VOIPSA: SIPit 20 shows the very clear need for SIP security interoperability
• 15:29 - MSN Money: Your phone may be under attack
• 16:43 - TechRepublic: Four obstacles to implementing VoIP (also Russell Shaw blog post)
• 17:31 - News Releases:
  • Borderware: The economic impact of VoIP Security Vulnerabilities and how to secure VoIP for business  (announcing new white paper)
• 18:23 - Feature - mini-tutorial on set firmware and the issue of rogue firmware loads
• 22:41 - Upcoming shows:
  
  • May 23-25, Paris, France Eurosec Forum 2007 – Martyn Davies will be speaking
  • June 12-14, Stockholm, Sweden, VON Europe Spring – both Martyn and I will be there… we’ll have a Blue Box dinner
  • July 22-27, Chicago, USA IETF 69
  • Aug 20-23, San Francisco, CA, USA VoiceCon SF 2007
  • Sept 10-12, Los Angeles, CA, USA ITEXPO West 2007
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON
• 23:20 - comment (email) from Craig Bowser about CPEs
• 25:08 - comment (email) from Frank Leonhardt about GoogleTalk and SIP
• 25:42 - comment (email) from Simon Wood about recording hardware
• 27:14 - comment (email) from natas
• 28:51 - Review of the last week's traffic on the VOIPSEC public mailing list
• 29:21 - Wrap-up of the show 
• 30:16 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to '[email protected]' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis: Call signaling encryption mini-tutorial, VoIP eavesdropping, VoIP security news, listener comments and men in white vans...

Welcome to Blue Box: The VoIP Security Podcast #57, a 35-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 18MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

(Time codes were lost in a browser crash and will be added back in the future.)

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long!
• VoIP News: Your VoIP Calls are Wiretapped – and Other Legal Surprises
• ZD Net blogs: They CAN spy on your IP, VoIP – through walls!
• ComputerWorldUK: Virus and access protection slip down security concerns (none of execs concerned about VoIP security) – also WebWire
• IETF: New draft of media keying security requirements
• ChannelWeb: Cisco To Partners: Make Security Part Of Every Deal
• eWeek: Extreme pumps up the network
• News Releases:
  • Sipera: Transition Toward End-to-End IP Driving Demand for Enterprise Media Gateways
• Feature section on voice encryption
• Upcoming shows:
  
  • May 14-17, Santa Clara, CA, USA Communications Developer Conference
  • May 18, Rochester, NY, USA, RIT VoIP Conference
  • May 23-25, Paris, France Eurosec Forum 2007 – I am speaking
  • June 12-14, Stockholm, Sweden, VON Europe Spring – both Martyn and I will be there… we’ll have to have a Blue Box dinner
  • July 22-27, Chicago, USA IETF 69
  • Aug 20-23, San Francisco, CA, USA VoiceCon SF 2007
  • Sept 10-12, Los Angeles, CA, USA ITEXPO West 2007
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON
• comment (blog) from Zapperlink
• comment (email) from Craig Bowser about Verizon vs Vonage
• comment (email) from Ponyboy about our mention of Project Wal-Mart Freedom
• comment (email) from Reuven Lakein
• comment (email) from Roel Villerius
• Review of the last week's traffic on the VOIPSEC public mailing list
• Wrap-up of the show 
• 35:10 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to '[email protected]' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis: Voice encryption tutorial, Skype worm, McAfee's Sage Journal, Zfone, VoIP security news, listener comments and more... 

UPDATE - April 24: Unfortunately, due to an error in coding the appropriate enclosure (now fixed) many of you who subscribe via RSS will have downloaded a PDF file instead of the MP3 file. My apologies, and you'll need to unfortunately download the file directly from the website at this point.

Welcome to Blue Box: The VoIP Security Podcast #56, a 38-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 18MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long!
• 01:24 - New worm wriggles around on Skype  (also on CSO Online ) - See also F-Secure blog and Jan Geirnaert
• 03:06 - Voice of VOIPSA: Ghosts of VoIP Security Tools Past…and Future?  (note the comment in reply from the grugq)
• 04:41 - McAfee’s Sage Journal and their Global Threat Review (and the mention of VoIP)
  • McAfee news release
  • McAfee Sage Journal (PDF)
  • InfoWorld: McAfee: Cyber-crime will continue to pay
  • CNET/ZDNet: McAfee offers ‘Sage’ advice on security issues
  • Tech.co.uk: Cybercrims will ‘find new ways to make money’
  • Khaleej Times (UAE): Cybercrime, other security issues will increase=
  • also interesting to note that McAfee Avert Labs has a blog

• 08:00 - Information Week: VoIP Too Complicated? Tell That To The Cable Companies
• 11:02 - TechRepublic: PKI vs. Zfone: What’s your best bet for VoIP security?
• 12:07 - SC Magazine: Mobile security: when will it become necessary?
• 13:04 - ComputerWorld Malaysia: All-in-one security devices face hurdles – interesting for the mention of “Unified Threat Management” (UTM) and the growing concern about how to work with VoIP (expressed in final paragraph)
• 17:04 - Security Watch by Steve Gold: VoIP – a flawed technology?
• 19:47 - News releases:
  • AGN and Sipera partner to provide secure SIP Trunking
  • Mu Security Receives Frost & Sullivan 2007 Product of the Year Award
  • Top Layer Networks’ Enterprise-Series Intrusion Prevention Solution Raises the Bar for Protection against Emerging Cyber Threats
  • Radware Earns Top Ratings in Extensive Lab Testing of VoIP Traffic Resiliency and Quality
• 22:23 - Feature section on voice encryption
• 31:53 - Upcoming shows:
  
  • May 14-17, Santa Clara, CA, USA Communications Developer Conference
  • May 18, Rochester, NY, USA, RIT VoIP Conference
  • May 23-25, Paris, France Eurosec Forum 2007 – I am speaking
  • June 12-14, Stockholm, Sweden, VON Europe Spring – both Martyn and I will be there… we’ll have to have a Blue Box dinner
  • July 22-27, Chicago, USA IETF 69
  • Aug 20-23, San Francisco, CA, USA VoiceCon SF 2007
  • Sept 10-12, Los Angeles, CA, USA ITEXPO West 2007
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON
• 33:25 - comment (email) from Aswath Rao
• 35:25 - comment (email) from Craig Bowser
• 35:47 - comment (blog) from Amit about VoIP SEAL PDF files
• 36:33 - Review of the last week's traffic on the VOIPSEC public mailing list
• 37:02 - Wrap-up of the show 
• 38:14 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to '[email protected]' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.