« If you are attending Black Hat this week, let us know... | Main | New comment line number - +1-206-350-2583 »

August 04, 2006

Blue Box #36: Black Hat super-sized edition - VoIP security news, interviews with David Endler, Mark Collier, Ofir Arkin and much, much more...

Synopsis: Black Hat 2006 super-sized edition - VoIP security news, interviews with David Endler, Mark Collier, Ofir Arkin and much, much more

Welcome to Blue Box: The VoIP Security Podcast show #36, a 83-minute podcast  from Dan York and Jonathan Zar with news and commentary about the world of VoIP security. This is a special edition focusing on the 2006 Black Hat Briefing in Las Vegas and the voice security talks that were given at the conference.

NOTE:  As explained in the show, this podcast #36 is being released before show #35, which will be released next week.  You didn't miss #35... it just hasn't been released yet.

Download the show here (MP3, 77MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-350-2583 (new comment phone number!) to leave a comment there.

NOTE: As I will explain in more detail on our next show (#37), there were a number of issues with the audio in this show both in the recording as well as in the post-production.  One of the issues was some very annoying noise artifacts in the Endler/Collier interview that sound like cell phone interference.  There are also a couple of gaps... and those with finally attuned ears will hear some clipping of the audio.  Suffice it to say that I would not want our podcast to be judged by the audio quality of this episode!  I'll explain more in our next episode about exactly why this episode didn't hit our usual quality level.

Show Content:

(NOTE - More detailed show notes with links will be made available next week.  For right now, we just want to get the show posted.)

  • 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.
  • 08:10 - Interview with Dave Endler and Mark Collier about their Black Hat talk and the VoIP security tools they released this week. (News articles from ZDNet and the Register.)
  • 35:41 - Discussion of Hendrik Sholz's new smap tool and his zero-day exploit against Cisco PIX firewalls
  • 39:46 - Discussion of Jay Schulman's session on phishing with Asterisk
  • 45:29 - Discussion of Doug Mohney's session on using voice analytics to defeat social engineering
  • 46:13 - Discussion of Nicolas Fischbach's session on carrier VoIP security
  • 48:38 - Interview with Ofir Arkin about his session on NAC, Insightix, his role in VOIPSA, security research, etc.
  • 1:05:42 - Mention of Alan Schimmler and his Still Secure blog and NAC
  • 1:06:35 - Chat with Brenno de Winter about RFID (including this movie), his Dutch IT news podcast, and his podcast about learning Dutch that he started for his American girlfriend
  • 1:11:41 - Mention of session on Network Neutrality and Dan Kaminsky's tools to help measure the neutrality of carriers
  • 1:12:30 - Dark Reading: Skype’s Fire(wall) Fight (quotes Shawn Merdinger and sent in by Craig Bowser)
  • 1:13:30 - Upcoming shows:
  • 1:15:03 - Comment (email) from Martyn Davies
  • 1:16:30 - Comment (email) from John Haluska
  • 1:17:48 - Comment (email) from David Belle-Isle
  • 1:19:17 - Comment (email) from Bobby Fentress
  • 1:19:48 - Comment (weblog) from Michael Boman
  • 1:20:37 - Comment (email) from Craig Bowser
  • 1:22:11 - Wrap-up of the show
  • 1:22:40 - End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at +1-206-350-2583 to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Posted by on August 04, 2006 at 04:36 PM in Conferences, Podcasts, VoIP Security, VOIPSA |

Tags: blackhat, blackhat2006, bluebox, security

| |

Comments

i am looking for software i can use to secure my VoIP application

Posted by: tonderai | August 17, 2006 at 03:40 AM

The comments to this entry are closed.

The Obligatory Photo

Contact Information

License

Full Disclosure

  • Dan York, CISSP, is the Chair of the VOIP Security Alliance (VOIPSA) and Senior Content Strategist for the Internet Society.

    Jonathan Zar is affiliated with Pingalo and is the Secretary of VOIPSA and member of the Board of Directors.

    This is a personal project and neither the Internet Society, Pingalo nor VOIPSA have any formal connection to this podcast. In the interest of transparency we just thought you should know our affiliations.

Why "Blue Box"?

  • We chose the name "Blue Box" primarily as a nod to the era of phone phreaking in part to illustrate that threats to telephony are not new - they just continue to change and evolve. That and admittedly the name just sounded cool.

Archives

Categories

Search

Promote Blue Box!

  • Add this graphic to your site!

Recent Posts

Recent Comments

Subscribe to this blog's feed