Blue Box: The VoIP Security Podcast: Blue Box Podcast #12

Synopsis: VoIP security news, WiFi phone vulnerabilities, comments, news, VOIPSEC review

Welcome to Blue Box: The VoIP Security Podcast show #12, a 55-minute podcast from Dan York and Jonathan Zar around news and commentary in the world of VoIP security. This show also features an 15-minute interview with Bogdan Materna, CTO and co-founder of VoIPShield Systems

Download the show here (MP3, 50MB) or subscribe to the RSS feed to download the show automatically.

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

Show Content:

00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners. Mention of Frappr map for the show. Please join the map!
01:33 - Upcoming interviews:

soon - Shawn Merdinger about WiFi handset vulnerabilities
Jan 30 – Rick Robinson at Avaya about their teleworker set (back in show #8)
Feb 6 – Nick Frost, author of Information Security Forum report mentioned in #8
Feb 20– Per Cederqvist of Ingate systems on to talk about ‘sdescriptions’ key exchange

02:46 - Upcoming events - Dan will be attending O'Reilly's Emerging Telephony Conference in San Francisco January 24-26. If you are also planning to be there, please drop us an e-mail. Jonathan will now be attending Internet Telephony happening at the same time in Florida. If you are also interested in sending in a report, check out the details on the show blog.
04:06 - Apology and explanation about problems with show #10
04:31 - News section: Vulnerabilities - eStara Softphone Remote Buffer Overflow FSIRT post – solved in 3.0.1.47 per msg to VOIPSEC mailing list
05:49 - Cisco 7940 IP Phone Reboot DoS – milw0rm.com exploit and Cisco response
06:33 - WiFi SIP handset vulnerabilities from Shawn Merdinger at Shmoocon:

08:30 - The NON-vulnerability - Yahoo News: Avaya Bitten Hard by WMF Bug and Avaya security advisory (Can people please read security bulletins before writing articles about them?)
10:16 - Intranet Journal: Five Questions to Consider Before Migrating to VoIP
10:52 - Contractor UK: VoIP Free? You must be joking (reference to upcoming guest Nick Frost)
12:05 - Unstrung: WLANs Enter Integration Age
12:48 - IT Observer: Sound Choices for VoIP Security – white paper by Jonathan Casteel, which curiously appears to be a term paper for a university class (but is a good summary)
13:53 - TMC.Net: TI introduces PIQUA for VoIP QoS (See also InfoWorld Netherlands and ElectronicsTalk )
15:27 - TechWorld: Ipoque launches Skype-killer (also news release )
16:08 - VON Magazine: Security Gizmos at CES (Sonare “Babble” technology and comment that it may be built into phones)
17:16 - VON Magazine: WiFi (in)security (talks about Shmoocon)
17:42 - IPCommunications.com Meru Offers RF-Level Security (also news release= )
18:58 - Call for Papers: CanSecWest – Apr 5-7 in Vancouver, specifically looking for VoIP security info
19:27 - Slashdot: NSA Wiretap Whistleblower
19:53 - IDC: Latest VoIP Semiconductor Forecast
20:30 - ZDNet: Russell Shaw: "Is ENUM the key to true VoIP directory assistance?"
22:09 - News releases - Pennsylvania State University chooses Qovia for VoIP Management (ordinarily wouldn’t include this but Steve Mank from Qovia was on last week)
22:45 - Emperix, Shenick and CT Labs announcing VoIP security testing of Juniper Netscreen
24:00 - Feature interview with Bogdan Materna of VoipShield Systems
- Background on VoIPShield, formation, funding, etc.
- VoIPAudit description
- Type of solution, form factor
- Update mechanism?
- 29:34 - Typical threats
- Layers of solution
- What IP-PBXs does it work with?
- Who is using VoIPAudit
- 34:15 - How are you different from IDS'?
- Competitors? Relationship to VoIP vendors?
- What's next?
- 37:28 - What do you see as main threats to VoIP?
- 38:57 - End of interview
39:02 - Comment section - Comment from Shawn Merdinger about the WiFi vulnerabilities he was releasing
39:45 - Comment from Bruce Stewart, editor of O'Reilly's Emerging Telephony website, which supports the conference, but will continue after the conference is over.
40:51 - Comment from Vikram Rangnekar about listening to the show in the traffic jams of Bombay, ideas for the show and his own company
44:20 - Book review by Martyn Davies of The 3G IP Multimedia Subsystem (IMS) : Merging the Internet and the Cellular Worlds by Gonzalo Camarillo and Miguel-Angel Garcia-Martin
49:35 - Review of the last week's traffic on the VOIPSEC public mailing list. Major topics this week included discussion around what is the most popular key exchange protocol: MIKEY vs SDP sdescriptions, feasiblity of protecting just part of the SDP packet, estara and Cisco vulnerabilities, SIP being used to send data and more.
50:80 - Mention of new search feature by Podzinger available on the right side of the show blog
52:07 - Reminder that next week there might be multiple shows coming out of the conferences.
52:42 - Wrapup of the show: upcoming shows, notes about contributing, information about how to provide comments.
55:27 - End of show