Blue Box: The VoIP Security Podcast

Synopsis: VoIP security news, opinions and many comments from listeners, along with a way to potentially win a copy of a new book on VoIP security.

Welcome to Blue Box: The VoIP Security Podcast show #23, a 35-minute podcast  from Dan York and Jonathan Zar with news and commentary about the world of VoIP security.  This show was also to feature the second of two interviews we have coming at you about the IETF meetings that took place in March 2006, however due to some production issues that interview will be pushed to the next show.

Download the show here (MP3, 33MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

In this show we also introduced our new promotion - anyone submitting audio comments (either by email or calling the comment line) during April will be eligible for a drawing for a free copy of "Practical VoIP Security" from Syngress Press. Many thanks to Bruce Stewart and the folks at O'Reilly & Associates (who distribute Syngress books) for providing this book.

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.  Mention of Frappr map for the show.  Please join the map!
• 02:06 - Note that if you are hearing advertising it is not from us! (and we would like to know about it)
• 03:05 - Note about the book promotion
• 04:52 - Request to help promote the show with reviews at PodcastAlley and iTunes
• 05:37 - Wired: A Pretty Good Way to Foil the NSA
• 06:20 - Wired: Why VoIP Needs Crypto (Bruce Schneier) - Ken Camp response to Schneir  and Bruce Stewart comment as well as Ars Technica reaction to Schneier: VoIP maybe not so secure?
• 08:07 - Network World: 802.11w fills wireless security holes
• 08:50 - FCW.com: Pentium computers vulnerable to cyberattack (about CanSecWest and mentions VoIP)
• 09:35 - Voiponder: Examining Two Well-Known Attacks on VoIP and Slashdot: Overlooked VoIP Security Issues?  and points to SiVuS scanner at  www.vopsecurity.org
• 11:33 - Red Herring – print: Spams New Target: VoIP and Ken Camp’s response 
• 12:51 - Techworld: Universities given more cash to secure VoIP  (Ram Dantu and colleagues) - also Newsblaze: U.S. Team To Study Potential Problems in Internet Phone Systems, Continuity Central: Research collaboration to investigate VoIP vulnerabilities and Contractor UK: VoIP dials up 2 million Brits (also other info about Skype users in UK)
• 14:36 - Sci-Tech Today: From PBX to VoIP: Making the Change  (security on page 4)
• 14:57 - Global Knowledge: Enterprise VoIP Security
• 15:31 - Searchsecurity.com: VoIP Security Learning Guide  (great list of links)
• 16:30 - Network World Security Strategies – newsletter pointing to Siemens white papers  (Telcom fraud, etc.)
• 17:41 - JaJah back in the news… eWeek: Cell Phones, Web Browsers to get VOIP Features  and JaJah Going Wireless Soon 
• 19:02 - Ken Camp: Skype Thoughts: P2P, tiered networks, or security risk?
• 19:28 - Podcast on telecom - Telecom Junkies
• 20:39 - Skype Podcast  (from a Skype enthusiast)
• 21:20 - Steve Gibson also continues his excellent series of podcasts with Security Now! Episode 34 on public key cryptography
• 22:09 - Upcoming shows:
  • April 18, DC (Arlington, VA) Homeland Defense & IT Security Training Conference  (I’ll be speaking)
  • Interop, April 30-May 5, Las Vegas (anyone going?)
  • June 1-2, DC, Workshop on VoIP security by Cybersecurity Industry Alliance and tekVizion – free to US gov, $195 for others
  • June 1-2, Berlin, Third Annual VoIP Security Workshop
• 23:11 - Comment from Alexis Laliberte
• 25:35 - Comment from Craig Bowser about meeting in DC
• 25:44 - Comment from Julien Goodwin about willing to engage in the debate
• 27:10 - Comment from Bruce Stewart
• 27:19 - Comment from Shawn Merdinger about  VoIP arrests in Bangladesh
• 28:08 - Comment from anonymous posting to #21 on breathing into the mike
• 29:08 - Comment from  Kandy on show 22
• 30:07 - Comment from Mark Collier that he'll be out at Interop on a VoIP Security Panel
• 31:00 - Review of the last week's traffic on the VOIPSEC public mailing list. Great discussion around IPSec vs TLS/SRTP (with metrics), softphones and VPNs and much more
  
• 32:09 - Wrap-up, info about how to leave comments, upcoming shows, etc.
• 32:24 - Question about whether we should continue with the current format of including an interview in the show or run the interviews separately?
• 34:45 - End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-338-6654 to leave a comment there.

In the spirit of the programming version of Easter eggs I will ask the question: what did we do differently with regard to the audio in the recording of this episode? I did something subtle... and I'm curious to know if it is detectable.  (Hmmm... sounds like a good idea for an audio comment back to us, eh?)

Thank you for listening and please do let us know what you think of the show.