Blue Box: The VoIP Security Podcast

Synopsis: Skype security advisory, vulnerabilities in multiple vendor's VoIP phones, more Skype security news, VoIP security, listener comments and much more

Welcome to Blue Box: The VoIP Security Podcast #41, a 42-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 17MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

 Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners.
• 02:08 - A brief bit about the audio path Dan uses to record the show.
• 04:12 - Discussion of the Podcast and Portable Media Expo. Mention of Michael Santarcangelo of Security Catalyst and Martin McKeay of Network Security Podcast.
• 08:15 - Dan was part of a Security Roundtable podcast on VoIP security.
• 09:29 - Ken Camp posted a list of IT security podcasts that a friend of his put together.
• 10:00 - Programming notes - 1-year anniversary show coming up October 24th – probably recorded on 20th, so if you have a segment or comments you would like to give us, please get them to us by evening of Oct 19th
• 11:05 - Three vulnerabilities reported by Shawn Merdinger:
• PolyCom IP-301 VoIP Desktop Phone HTTP server DoS and undocumented TCP port 42
• Linksys SPA-921 VoIP Desktop Phone HTTP Server DoS
• GrandStream GXP-2000 VoIP Desktop Phone multiple undocumented UDP ports and DoS
• 12:14 - Skype vulnerability for Mac OS X
• 13:04 - Skype Journal: SJSU: Campus OK’s Skype, for now
• 13:30 - Network World: Akonix appliance aims to give IT Skype controls  (see also Jan in Malaysia on the same subject)
• 13:49 - Skype Journal: Jordon regulator blocks skype.com
• 14:09 - TechWorld UK: Sophos offers free application killer
• 14:40 - Slashdot: SIP vs. Skype, Making the ‘Open’ Choice
• 15:09 - Slashdot: Comcast Lying About Vonage
• 16:29 - IT Week: VoIP vendors slam Cisco
• 18:17 - TelecomWeb: BellSouth, ISS Back VoIP Security Effort – see also Ga. Tech, BellSouth, Internet Security Systems initiate VoIP security research partnership – all the more interesting because ISS recently announced it will be acquired by IBM!
• 20:02 - Wired News: Beguiling but Beware: AJAX, VoIP
• 22:24 - BBC: Security fears raised at conference
• 23:14 - CIO Today: Video over IP: The Next Battleground
• 23:57 - NY Times: Clear as a Bell One Day, Fuzzy and Garbled the Next (actual article requires subscription)
• 24:24 -NIST announced updated security docs (looks like a nice one on WinXP)
• 25:35 - Voice of VOIPSA: Hello Mom, I’m a Fake
• 26:54 - TippingPoint Research Director Recognized for Leadership in Voice and Security (about David Endler)
• 29:34 -Upcoming Shows:
  • Call for papers for:
  • ETel 2007 CFP now open – CFP winding down
  • EUSecWest CFP – Mar 1-2, 2007, London
  • ShmooCon 07 CFP open to Dec 1
  • Oct 10-13, San Diego, CA, Internet Telephony Conference and Expo – West
  • Oct 25-26, Rome, Italy, VON Italy
  • Nov 6-9, Berlin, Germany, VON Europe Autumn
  • (new), Nov 29-30, Tokyo, Japan, PacSec 2006
  • Dec 4-6, Atlanta, GA, VON Enterprise
  • Jan 23-26, 2007, Ft. Lauderdale, FL, Internet Telephony Conference and Expo – East
  • Feb 27-Mar 1, 2007, San Francisco, Emerging Telephony 2007
  • (new) Mar 1-2, 2007, London, EUSecWest
  • Mar 19-21, 2007, San Jose, CA, Spring 2007 VON
  • (new) Mar 23-25, Washington, DC, ShmooCon ‘07
  • (new) Apr 16-20, Vancouver, BC, Canada CanSecWest 2006
• 29:46 - comment (email) from Dan Wing about blueboxpodcast.com vs www.blueboxpodcast.com
• 30:17 - comments (email) from Jake Neumann and Miguel Garcia about audio software
• 31:46 - comment (email) from Miguel Garcia about RTPSEC BOF
  • Audio recording, part 1 (BOF session starts at 9 minutes 45 seconds)
  • Audio recording, part 2
  • RTPSEC session minutes and slides
• 33:20 - comment (email) from Natas about dial in to BBP
• 34:43 - comment (email) from Ross Snowden about topics he is interested in (including fax)
• 37:03 - Review of the last week's traffic on the VOIPSEC public mailing list
• 39:34 - Wrap-up of the show
  • Reminder that you can subscribe to the show via email as well as RSS
  • Mention of our Frappr map
• 41:57 - End of show

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to [email protected].  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-2583 or via SIP to '[email protected]' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.