Blue Box: The VoIP Security Podcast

Synopsis:Interview about IP Multimedia Subsystem (IMS) security with Morgan Stern.

Welcome to Blue Box: The VoIP Security Podcast special edition #11, a 17-minute podcast  from Dan York and Jonathan Zar containing an interview with Morgan Stern, Principal Consultant at Lucent Worldwide Services about the security of IMS systems.

Download the show here (MP3, 7MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

In this interview, I spoke with Morgan Stern, Principal Consultant, Global Convergence Center of Excellence, Lucent Worldwide Services, about the security of the IP Multimedia Subsystem (IMS) architecture.  Morgan has just been part of a panel session at Fall VON 2006 in Boston entitled "Securing Communication for IMS" and we covered a range of security topics, including:

• The differences between centralized and distributed architectures
• The various standards bodies involved with IMS
• The emergence of "A-IMS"
• How do we do distributed security?
• How do we verify the authenticity of end devices?
• Is IMS hype or reality?
• Are there really new and innovative services coming out for IMS?
• What are the major security issues for IMS?
• Lawful intercept and its issues
• His role at Lucent and what his work there is about

Morgan also provided a copy of his IMS security presentation that you may download and also mentioned a Light Reading webinar he did on IMS in general that listeners may find of interest.

If you are interested in IMS security, you may also want to listen to Blue Box podcast #35, where we interviewed author Miguel Garcia for his perspective on IMS security.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to '[email protected]' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis:Interview with Gary Miliefsky, Founder and CTO of Netclarity around how his products provide VoIP security and his views on VoIP security in general.

Welcome to Blue Box: The VoIP Security Podcast special edition #10, a 22-minute podcast  from Dan York and Jonathan Zar containing an interview with Gary Miliefsky, Founder and CTO of Netclarity.

Download the show here (MP3, 8MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

In this interview, we spoke with Gary Miliefsky, CISSP, Founder and CTO of Netclarity, on a wide range of VoIP security topics, including:

• Netclarity and its products
• How did he/Netclarity get into VoIP security?
• Relationship of their products to firewalls
• VoIP CVEs and the National Vulnerability Database
• NIST recommendations
• His perspective on where VoIP security is going

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to '[email protected]' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis: Phil Zimmermann interview, VoIP security news, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast show #37, a 60-minute podcast  from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This show also includes a 15-minute interview with Phil Zimmermann about the status of ZFone, ZRTP and more

Download the show here (MP3, 56MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-350-2583 (new comment phone number!) to leave a comment there.

 Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.
• 02:00 - Why is Jonathan in Asia?
• 05:29 - Programming notes
• 08:06 - Upcoming interviews
• 08:34 - Cisco Security Response: SIP User Directory Information Disclosure (about Dave & Mark)
• 09:10 - Cisco PIX firewall issue, as reported in LightReading , SecurityProNews   and TechWorld   and SearchSecurity.com
• 10:54 - IEEE Security & Privacy Magazine: Voices, I hear voices by Ivan Arce (posted to VOIPSEC)
• 11:38 - InternetNews.com: Phishers Hit The Phone Bank With Asterisk
• 14:06 - Business Week: Security Threats Come A-Callin’
• 14:26 - Converge!: Skype Detection: Traffic Classification In the Dark
• 15:04 - The Age (Australia): WiFi Skype phones to set you free (not security, per se, but combining Skype with WiFi… two of our favorite topics) Also mentioned the DualPhone.
• 17:07 - TMC.Net: Skype Certifies McAfee Internet Security Suite 2006  (also ZDNet and Skype/McAfee press release )
• 18:01 - VON Magazine: Zimmermann: Borderware Licenses Zfone Technology (you’ll hear about this in the interview)
• 20:03 - IPCommunications.com: Balancing Security with Performance at the VoIP Application Layer
• 20:34 - PRWeb: VoIP Call Monitoring Solution Provider Sets New Standard in Call Recording Security
• 21:34 - SonicWALL Internet Security Appliances Now Rated ‘Avaya Compliant’
• 21:56 - Persay First to Deploy FreeSpeech™ Biometric Speaker Verification in VoIP Contact Center; Provides Seamless, Second Factor Authentication and Enhanced Risk Management for Phone Banking
• 23:26 - Upcoming shows:
  • Sept 11-14, Boston, MA, Fall VON 2006
  • Sept 18-22, New York, Interop
  • Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
  • Oct 25-26, Rome, Italy, VON Italy
  • Nov 6-9, Berlin, Germany, VON Europe Autumn
  • Dec 4-6, Atlanta, GA, VON Enterprise
  • Jan 23-26, 2007, Ft. Lauderdale, FL, Internet Telephony Conference and Expo – East
  • Feb 27-Mar 1, 2007, San Francisco, “Emerging Telephony”
  • Mar 19-21, 2007, San Jose, CA, Spring 2007 VON
• 25:44 - Feature interview with Phil Zimmermann
  • Zfone update
  • Borderware and what ZRTP inclusion means
  • business model
  • call recording - how can it work with ZRTP?
  • status of release plans
  • what's next
• 40:08 - Comment (email) from Jeffrey Oxe
• 40:39 - Comment (email) from Craig Bowser
• 47:50 - Comment (audio) from Bobby Fentress
• 48:33 - Comment (email) from Crittenden IV
• 49:30 - Comment (blog) from Tom Poe asking about a SIP comment line
• 51:44 - Review of the last week's traffic on the VOIPSEC public mailing list
• 55:57 - Wrap-up of the show
  • Reminder that you can subscribe to the show via email as well as RSS
  • Mention of our Frappr map
    
• 59:57 - End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-350-2583 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis: IMS security interview, VoIP security news, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast show #35, a 71-minute podcast  from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This show also includes a 25-minute interview with Miguel Garcia about IMS security.

NOTE - Due to production issues, this show is coming out after show 36 and about a month after it was originally recorded.  We do sincerely apologize for the delay!  Please note also that also that the audio comment line number is wrong in the recording.  As noted on the show website, the new number is +1-206-350-2583.

Download the show here (MP3, 65MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-350-2583 (new comment phone number!) to leave a comment there.

 Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.
• 01:45 - Programming notes - Black Hat, Fall VON
• 02:53 - Discussion about IETF 66 meeting
• 06:28 - Cisco Security Advisory: Multiple Cisco Unified CallManager Vulnerabilities  (interesting especially because of the SIP URL buffer overflow)
• 10:17 - SipFoundry sipXtapi vulnerability
• 11:05 -VOIPSA Blog: Skype protocol cracked? pointing to: VuNet , NetworkWorld , TechWorld , SecurityProNews but no mention in Skype security blog  – also Skype Journal and TechCrunch and GigaOM and Webtown – Jan in Malaysia
• 18:42 - VoIPWiki blog (Charlie Paglee): Supernoded! 
• 20:35 - Dan’s blog: Skype on a USB stick… – and Ken Camp’s response
• 24:26 - PBS - I,cringely: The Skype is Falling: Even Viral Networks have to Function in a Real World (tip of the hat to Jan in Malaysia – If all 6.1 million Skype users tried to talk at the same time, it would probably bring down the system.)
• 27:07 - Skype Podcast episode on security
• 27:50 - VOIPSA Blog: FBI Drafting CALEA Expansion Legislation
• 30:56 - Senator Ted Stevens and Net Neutrality - Jeff Pulver Blog: A Cataract-Eyed Vision of an Internet-disabled Future and Bruce Stewart at Emerging Telephony: The Internet as Tubes?  (audio can be heard here )
• 32:42 - Business Week: The Phone is the latest Phishing Rod, VoIPNews: VoIP Phishing Scams – Don’t Get Hooked! (and VoIPSA Blog ), VoIP Lowdown: Your next VoIP call may just ‘vish’ you doom
• 33:58 - Business Week CEO Guide to Technology
• 34:50 - TechWorld UK: The security pitfalls of VoIP
• 35:16 -ComputerWorld: Hunting for Hussein’s fibre-optic cable in Iraq
• 36:28 - News releases:  CheckPoint VPN-1
• 36:35 - Security Researchers to Demonstrate 25 New Tools and 15 New Exploits at Black Hat USA and Over 1000 Government Agents and Corporate Security Professionals to Attend Black Hat
• 37:02 - Call for papers for PacSec – November 29, 30 in Tokyo
• 37:15 - Upcoming shows:
  • August 8-10, Santa Clara, CA, 3rd Annual VoIP Developer Conference
  • August 21-24, San Francisco, VoiceCon Fall 2006
  • (new) - Show in Asia that Jonathan will be attending - details coming soon
  • Sept 11-14, Boston, MA, Fall VON 2006
  • Sept 18-22, New York, Interop
  • Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
  • Oct 25-26, Rome, Italy, VON Italy
  • Nov 6-9, Berlin, Germany, VON Europe Autumn
  • Nov 29-30, Tokyo, Japan, PacSec
  • Dec 4-6, Atlanta, GA, VON Enterprise
• 37:55 - Feature interview with Miguel Garcia about security in the IP Multimedia Subsystem (IMS) framework
  
  • Miguel's background
  • His book on IMS
  • Basic security concepts in IMS
  • Authentication
  • Integrity protection
  • Encrypting RTP
  • Convergence of voice and data
  • What's next for security within IMS?
  • References: Wikipedia, SIP Center, 3GPP Specifications
• 1:05:24 - Comment (email) from Morgan Stern
• 1:06:01 - Comment (email) from Derk van der Harst
• 1:06:35 - Comment (Dan’s blog): Martyn Davies on audio quality
• 1:08:52 - Review of VOIPSEC mailing list
• 1:09:30 - Wrap-up of the show
  • Mention of our Frappr map
    
  • Mention of the conference in Asia where Jonathan will be speaking
• 1:11:11 - End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-350-2583 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis: IPv6 security, VoIP security news and more...

Welcome to Blue Box: The VoIP Security Podcast show #34, a 49-minute podcast  from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This show covers the usual VoIP security news and then includes a 27-minute interview with Yurie Rich and John Spence from Command Information about IPv6 security.

Download the show here (MP3, 45MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.  Mention of our listener survey
• 01:32 - Mention of IETF meeting and the audio streaming and the actual IETF agenda  (also, if you have no understanding of how the IETF works, you may want to read The Tao of IETF )
• 02:20 - Mention of Podcast Awards - NOTE: Nominations closed on July 15th.
• 02:51 - Dan will be at Fall VON in Boston and Internet Telephony in San Diego - we'll plan dinners there.
• 03:09 - Dan will be on a panel of VoIP bloggers at Fall VON in Boston (listeners may not know of his blog at blog.danyork.com )
• 04:01 - Still looking for anyone with Wordpress expertise for suggestions about fighting blog spam over at Voice of VOIPSA.
• 04:22 - CIO India: VOIP Security Services Taking Hold
• 05:30 - VOIPSEC: Call for Papers/Invitation to 2nd ETSI Security Workshop
• 06:18 - BBC: Taipei to embrace net telephones
• 07:19 - MARA Top 10 Wireless and Mobile security vulnerabilities
• 08:54 -Top 100 Network Security Tools
• 11:13 Vonage V-Phone: Robin Good: Portable VoIP USB Key Makes Low-Cost Calls From Any PC You Connect It To: Vonage V-Phone and Tom Keating: Vonage V-Phone Review
• 13:43 - Security Watch: VoIP disrupts Aussie national security efforts points to ComputerWorld Australia article of same title
• 14:37 - Information Week: In Depth: Five Things You Must Know About VoIP : VoIP security is dodgy= (tip of the hat to Ken Camp’s blog )
• 16:12 - Upcoming shows:
  • July 19-21, Tokyo, Japan, VON Japan
  • August 2-3, Las Vegas, Black Hat 2006
  • August 8-10, Santa Clara, CA, 3rd Annual VoIP Developer Conference
  • (new) August 21-24, San Francisco, VoiceCon Fall 2006
  • Sept 11-14, Boston, MA, Fall VON 2006
  • (new) Sept 18-22, New York, Interop
  • Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
  • Oct 25-26, Rome, Italy, VON Italy
  • Nov 6-9, Berlin, Germany, VON Europe Autumn
  • Dec 4-6, Atlanta, GA, VON Enterprise
• 17:20 - Feature interview with Yurie Rich and John Spence (bios at bottom of this page) from Command Information about IPv6 security. Topics discussed include:
  • Introductions, background
  • What is the difference with IPv6? Why the interest now?
  • Microsoft and what is going on with IPv6 and MS products
  • US government/Department of Defense IPv6 mandates
  • Is IPv6 actually more secure?
  • Security issues within IPv6
  • What happened to all the broadcasts?
  • Implications of multicasting on network architecture
  • Allocations of IPv6 address blocks
  • When will we see IPv6?  What is the business case?
  • IPv6 in Asia
  • Final thoughts
• 45:37 - Comment section - but for a complete change, there are no comments!
• 46:28 - Review of the last week's traffic on the VOIPSEC public mailing list
• 47:11 - Wrap-up of the show
  • Mention of our Frappr map
• 48:40 - End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis: VoIP fraud case and CALEA revisited, VoIP security news, listener comments and much, much more...

Welcome to Blue Box: The VoIP Security Podcast show #33, a 44-minute podcast  from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This show covers the usual VoIP security news, but then through some excellent listener comments gets back into a continued discussion of the Pena/Moore VoIP fraud case and also CALEA.

Download the show here (MP3, 40MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.  Mention of our listener survey - PLEASE TAKE A MOMENT TO COMPLETE THE SURVEY!  (Thank you!)
• 02:35 - Mention of upcoming Telecom Junkies podcast where this VoIP fraud case will be discussed.
• 02:56 - Mention of IETF meeting and the audio streaming and the actual IETF agenda  (also, if you have no understanding of how the IETF works, you may want to read The Tao of IETF )
• 04:33 - Dan will be at Fall VON in Boston and Internet Telephony in San Diego - we'll plan dinners there.
• 05:10 - Returning to using the LAME encoder.
• 04:51 - The Register: Say Hello to voice phishing (pointing to Websense security alert ) tip of the hat to Liquidmatrix security blog
• 07:18 -eChannelLine: VoIP hackers present opportunity for channel
• 08:22 - VOIPSA Blog: VoWLAN with Smartphones
• 09:57 - NetworkWorld: AT&T tests disaster response
• 10:41 - More Than Half Of Tech Companies Admit Breaches In Past Year, Not Sufficiently Funding Security, Says Deloitte Report
• 12:50 - BellSouth Chooses Tektronix for Real-Time VoIP Service Monitoring
• 13:29 - Upcoming shows:
  • July 19-21, Tokyo, Japan, VON Japan
  • August 2-3, Las Vegas, Black Hat 2006
  • August 8-10, Santa Clara, CA, 3rd Annual VoIP Developer Conference
  • (new) August 21-24, San Francisco, VoiceCon Fall 2006
  • Sept 11-14, Boston, MA, Fall VON 2006
  • (new) Sept 18-22, New York, Interop
  • Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
  • Oct 25-26, Rome, Italy, VON Italy
  • Nov 6-9, Berlin, Germany, VON Europe Autumn
  • Dec 4-6, Atlanta, GA, VON Enterprise
• 14:06 - Comment (audio) from Martyn Davies
• 18:53 - Comment (email) from Aswath Rao on CALEA
• 21:14 - Comment (VOIPSA blog) from Randell Jesup on FCC and CALEA
• 24:21 - Comment (email) from Craig Bowser about VoIP fraud
• 25:55 - Comment (web) from Robert Welbourn
• 29:15 - Comment (audio) from Andy Zmolek about VoIP fraud
• 34:52 - Comment (email) from Julien Goodwin on LAME encoder
• 35:23 - Comment (email) from Matt Gibson about domains
• 37:08 - Comment (email) from magazine editor - Can anyone point to documented SPIT attacks?
• 38:03 - Comment (email) from Mark Trifiro on ENUM and ISN
• 41:52 - Review of the last week's traffic on the VOIPSEC public mailing list
• 42:30 - Wrap-up of the show
  • Mention of our Frappr map
• 44:05 - End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis: ENUM tutorial, VoIP security news, listener comments and much, much more...

Welcome to Blue Box: The VoIP Security Podcast show #32, a 49-minute podcast  from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This show includes a 14-minute tutorial on ENUM - what it is and what implications it has for security - as well as the usual coverage of VoIP security news and comments from listeners

Download the show here (MP3, 45MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.  Mention of our listener survey - PLEASE TAKE A MOMENT TO COMPLETE THE SURVEY!  (Thank you!)
• 02:38 - Discussion of why the first release of show #31 sounded like a really bad rap mashup
• 06:23 - I will be a guest on the upcoming Telecom Junkies podcast where the recent Pena/Moore VoIP fraud case will be discussed.
• 07:50 - Dan will be at the IETF 66th Meeting in Montreal, June 9-14 - Please drop us a note if you are going to be there. 
• 08:11 - Dan will be attending Fall VON 2006 in Boston in September and will also be speaking out at the Internet Telephony conference in San Diego in October… so we’ll definitely have to do something there.
• 08:29 - Anyone have any opinions about WordOfBlog.net – they have contacted us about putting a graphic in there and I’m still not sure what all it is.
• 09:18 - IPCommunications.com(TMC.Net): Verizon Blocks Threats Linked to IP-Based Phone Systems (see also news release: Verizon launches ‘VoIP Security Assessment Service’
• 10:53 - VOIPSA Blog: A Tour Through Zfone by Eric Chen of NTT
• 12:01 - Computer Weekly: Skype to tighten up VoIP security - also CNet: Skype to address user identification concerns and VOIPSA blog
• 13:42 - VOIPSA Blog: Skype security pointing to RECON presentations part one and part two
• 14:51 - eWeek: Unpatched iTunes, Skype, Firefox Inviting Malware Targets
• 15:42 - VOIPSA blog: Black Hats and Evil Twins by Martyn Davies on WiFi
• 16:23 - ITBusiness.ca: VoIP systems bring in new vulnerabilities
• 16:40 - Dave Endler and Mark Collier launch a website and a weblog about their upcoming book “Hacking VoIP Exposed”.  They will also be out at Black Hat in August.
• 18:09 - CNet: FCC approves new Internet phone taxes
• 20:02 - Mitel: Two out of three UK business unprepared for disasters
• 21:33 - XConnect Announces Availability of Local Directory Server™; Telio and VozTelecom First Alliance Members to Deploy
• 22:00 - Feature discussion/tutorial about ENUM:
  
  • Wikipedia entry on ENUM
  • IETF ENUM WG charter
  • RFC 3761: The E.164 to Uniform Resource Identifiers (URI) Dynamic Delegation Discovery System (DDDS) Application
  • IETF ENUM Working Group Internet drafts
  • ITU page on ENUM
  • Richard Stastny’s VoIP and ENUM blog
  • Voiponder: ENUM: Mapping the E.164 Number Space into the DNS
  • Eurescom mess@ge: ENUM – The bridge between telephony and the Internet
  • Internet Telephony: ENUM—It’s All In The Numbers
  • Powerpoint presentations: Overview of ENUM and Richard Stastny’s overview of current status
  • ENUM Forum
  • Voice Peering Forum
  • CC1 ENUM LLC
  • Austrian ENUM Trial Site (all in German)
  • e164.org
  • e164.info (private peering network)
  • Expired Internet draft on Privacy and Security Considerations in ENUM
  • ENUM / E.164 Validation Architecture
  • Electronic Privacy Information Center (EPIC) page on ENUM
  • Roger Clarke: ENUM – A Case Study in Social Irresponsibility
  • 2nd Annual ENUM Sumit 2006 on April 19-20, 2006, in Boston
  • ENUM and VoIP Peering Forum on June 19-20 in London
  • CircleID website
  • Nominum: Paul Mockapetris on Harmonizing the World of IP Communications with ENUM Technologies (co-inventor of DNS)
• 36:00 - Upcoming Shows:
  • July 9-14, Montreal, Canada, IETF 66th Meeting
  • July 19-21, Tokyo, Japan, VON Japan
  • August 2-3, Las Vegas, Black Hat 2006
  • August 8-10, Santa Clara, CA, 3rd Annual VoIP Developer Conference
  • Sept 11-14, Boston, MA, Fall VON 2006
  • Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
• 37:09 - Email comment from Simon Wood
  
• 39:18 - Audio and email comment from Miguel Castillo Holgado
• 42:27 - Email comment from Reid Palmeira
• 43:18 - Audio comment from Andy Zmolek and mention of audio comment from Perry Engle
• 44:11 - Email comment from Miguel Castillo Holgado asking about Juniper’s white papers
• 46:15 - Review of the last week's traffic on the VOIPSEC public mailing list, mostly focused on softphone vulnerabilities and a continued heavy discussion of Skype security
• 47:22 - Wrap-up of the show
  • Mention of our Frappr map
• 48:45 - End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis: VoIP fraud case, CALEA tutorial/commentary, VoIP security news, listener comments and much, much more...

Welcome to Blue Box: The VoIP Security Podcast show #31, a 53-minute podcast  from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This show includes a 10-minute segment on the recent Pena/Moore VoIP fraud case and about a 15-minute discussion of the recent FCC decision about CALEA and what that means. There is of course the usual coverage of VoIP security news and comments from listeners

Download the show here (MP3, 61MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

NOTE: I would welcome any comments about the audio quality of this MP3 file as compared to our other shows would be appreciated - I am trying out a new audio encoder. Thanks.

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.  Mention of our listener survey - PLEASE TAKE A MOMENT TO COMPLETE THE SURVEY!  (Thank you!) It looks like Dan will most likely be at the IETF 66th Meeting in Montreal, June 9-14 - Please drop us a note if you are going to be there.  Check out VOIPSA's blog if you have not already done so.
• 10:28 - Feature discussion of recent VoIP fraud scam that was all over the news:
  
  • DOJ News Release
  • DOJ complaint against Pena
  • DOJ complaint against Moore
  • Business Week: Is Your VoIP Phone Vulnerable? (and my VOIPSA blog response as well as Slashdot: VoIP Security Vulnerabilities)
  • New Telephony: VoIP Network Security: How a Hacker Took Advantage of Vulnerabilities
  • Networking Pipeline: VoIP’s Real Security Threat
  • TMC.net: VoIP Security Hack Highlights the Need for Proactive Solutioins (by Bogdan Materna)
  • FOX News / Eweek: Alleged VoIP Scam Highlights Looming Security Threat
• 20:26 - Feature discussion on CALEA and the recent FCC decision:
  • VOIPSA blog  
  • Computer World: Court upholds VoIP wiretapping  
  • Jeff Pulver blog: The Week I Wish that Wasn’t—Down and Out in Washington, DC  
  • InfoWorld: Internet pioneers: VOIP wiretapping complicated (and VOIPSA blog )  
  • IT Assoc of America: CALEA and VoIP: Study Finds Wiretaps in Cyberspace Problematic
• 36:43 - Core Technologies Uncovers Vulnerabilities
• 37:41 - VOIPSA Blog: Not Just SPIT but SPOG and SPOM by Martyn Davies
• 38:19 - Burton Group analyst Irwin Lazar’s report Debunking the Hype About Skype now available with free login
• 38:53 - Burton Group session on VoIP
• 39:14 - VON Magazine online: Black Hat tracks VoIP
• 40:53 - Webtown – Jan in Malaysia: Ipoque PRX Traffic Manager now able to detect, control and block Skype Version 2.5.  (trackback to http://www.typepad.com/t/trackback/5124548 )
• 41:23 - Steve Gibson’s Security Now covered NAT in #42 and Open Ports in #43.
• 42:02 - Upcoming Shows:
  • July 9-14, Montreal, Canada, IETF 66th Meeting
  • July 19-21, Tokyo, Japan, VON Japan
  • August 2-3, Las Vegas, Black Hat 2006
  • August 8-10, Santa Clara, CA, 3rd Annual VoIP Developer Conference
  • Sept 11-14, Boston, MA, Fall VON 2006
  • Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
• 42:47 - Email comment from Mark Trifiro about having links launch in new windows
• 44:44 - Audio comment from Adrian Braun
• 45:27 - Email comment from Miguel Garcia – will be at IETF
• 45:51 - Email comment from “verizon user” pointing to ITAA report being on RISKS list
• 46:24 - Email comment from David Belle-Isle (threat vs vulnerability)
• 47:40 - Email comment from Chris Serafin about giving a customer case study
• 49:28 - Review of the last week's traffic on the VOIPSEC public mailing list, mostly focused on softphone vulnerabilities and a continued heavy discussion of Skype security
• 51:26 - Shoutout to Sasha, the host of the Skype podcast
• 51:50 - Wrap-up of the show
  • Mention of our Frappr map
• 53:15 - End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis: VoIP security news for the week, Skype security issues, VOIPSA weblog, our listener survey, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast show #29, a 32-minute podcast  from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. 

Download the show here (MP3, 37MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

NOTE: I would welcome any comments about the audio quality of this MP3 file as compared to our other shows would be appreciated - I am trying out a new audio encoder. Thanks.

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.  Mention of our listener survey - PLEASE TAKE A MOMENT TO COMPLETE THE SURVEY!  (Thank you!)
• 01:39 - We have turned off moderation on the weblog comments because TypePad has introduced a form of CAPTCHA to combat automated spam
• 02:22 - List of podcast topics – please give it a look and do send us your comments (or call them in!)
• 02:40 - It looks like Dan will most likely be at the IETF 66th Meeting in Montreal, June 9-14 - Drop us a note if you are going to be there.
• 03:26 - Check out VOIPSA's blog if you have not already done so
• 04:28 - Alcatel NON-vulnerability – post to pen-test and 2002 posting
• 07:00 - Network World: Better security: New VoIP system adds authentication, improved tracking
• 07:42 - Security Pro News: VoIP Security Guide  which also pointed to voiplowdown.com
• 08:29 -Communications Technology: The Internet’s a Scary Place for Voice
• 08:50 - DQ Channels: ZyXEL unveils ZyWALL 1050 Internet security appliance
• 09:05 -RADVISION Whitepaper on IMS, SIP and security
• 09:26 -Saverio Niccolini whitepaper on SIP and DoS
• 09:54 - Webtorials.com: AT&T Voice Over IP Security- What are the Risks and Solutions?
• 10:34 - TMC.Net: Bulletproof VoIP Security for SIP Softphone Users
• 11:09 - Network World: Aussie firm finds Skype flaw (also sent to us by Craig Bowser)   
• 12:50 - Silicon.com: Skype – is your version secure?, Ken Camp: Gartner: Firms must act now to fight Skype security threat and InformationWeek: Enterprises should ditch Skype: Gartner
  and VoIP News: Gartner Slams Skype – Again
• 14:44 - Jan in Malaysia: New tool for controlling Skype
• 15:21 - Skypecasting - and the Skypecast Dan participated in: "For Immediate Release #142: Skypecast edition"
• 18:43 - Upcoming Shows:
  • June 20-21, Tel Aviv, Israel, VON Israel
  • July 9-14, Montreal, Canada, IETF 66th Meeting
  • July 19-21, Tokyo, Japan, VON Japan
  • August 2-3, Las Vegas, Black Hat 2006
  • August 8-10, Santa Clara, CA, 3rd Annual VoIP Developer Conference
  • Sept 11-14, Boston, MA, Fall VON 2006
  • Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
• 20:15 - Comment (email) from Dave Roper
• 22:06 - Comment (email) from Craig Bowser
• 23:06 - Comment (audio) from Reginal Cross
• 26:04 - Comment (email) from David Belle-Isle on threat vs vulnerability (See here and here )
• 28:32 - Review of the last week's traffic on the VOIPSEC public mailing list, including continued discussion of John Todd’s actual attack, H.235 and Asterisk security
• 29:29 - Wrap-up of the show
  • Mention of our Frappr map
  • "For Immediate Release Show #140" that Dan guest co-hosted
• 32:08 - End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.