Synopsis: Deflating VoIP security hype, SANS and the need for better VoIP security training, India moves to block Skype and other VoIP, Skype security, tutorials, listener comments and more...
Welcome to Blue Box: The VoIP Security Podcast #47, a 69-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.
Download the show here (MP3, 32MB) or subscribe to the RSS feed to download the show automatically.
You may also listen to this podcast right now:
Show Content:
- 00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners - and to all those listeners who have been here for so long! Special welcome to readers who found us through the new Hacking Exposed: VoIP book that was just recently released.
- 02:20 - Programming notes:
- sending in ident audio files
- SanDisk Cruzer disks (with U3 software)
- Blue Box dinner - photo by Martyn Davies
- Security Podcast Network
- SE #14- Interview with Ken Camp
- 09:19 - VoIP News: Voip Security ‘Best Practices’ Project Launches
- 09:41 - Voice of VOIPSA: The Register – Open Season for hackers
- 11:08 - SearchSecurity.com: Better VoIP training needed, SANS director says – see also Eric Chamberlin at Voxilla: VoIP Security: Stop Everything – also launched a VoIP security forum
- 18:30 - Economic Times (India): Illegal Web calls by BPOs face axe – see also 21Talks: India outlaws Skype, Yahoo and others
- 22:13 - British Computer Society: Skype – How safe is it? (sent in by both Martyn Davies and Rhodri Davies)
- 24:01 - Electronic Engineering Times: IP phone providers must focus on security, says report pointing to In-Stat report – VoIP Security: Preparing for the Evolving Threat – it can be yours for only $2,995 – see also In-Stat press release: Business VoIP Users Must Focus on Security
- 27:28 - b5media: Interview with PGP founder Phil Zimmermann: Zfone, secure VoIP media encryption software
- 29:41 - eWeek: Outlook 2007:VoIP
- 31:22 - The Age (Australia): Hackers ‘to target VoIP users’
- 32:39 - Greatreporter.com: VoIP wiretapping widespread, warns Scanit
- 34:16 - TMC.net: SPIT: Bringing Spam to Your Voicemail Box (by Bogdan Materna)
- 37:18 - Image and Data Manager (Australia): IM and VoIP Still Not On Security Radar
- 38:17 - InfoWorld ZeroDaySecurity Blog: Is social engineering always used to commit fraud?
- 45:16 - ZDNet UK: Weigh the pros and cons of VoIP over wireless
- 45:42 - Voice of VOIPSA: Security through Obscurity by Martyn Davies about the conf he attended
- 46:09 - Voice of VOIPSA: Cell phones, GPS location and Amber Alerts by Shawn Merdinger
- 47:28 - Voice of VOIPSA: IronGeek Hacking Tutorial Videos by Shawn Merdinger
- 48:32 - Enterprise VoIPPlanet: The VoIP Peering Puzzle: The IETF SPEERMINT Architecture
- Dialogic Expands IP Media Gateway Product Line (Martyn Davies works there… note the VoIP security mention later in the release)
- 51:24 - comment (audio) from “the man from California” about Click-to-Call
- 54:01 - comment (email) from Shawn Merdinger about Click-to-Call
- 56:20 - comment (email) from Raul Siles (just about BP project)
- 57:06 - comment (email) from Yiannis Miliaresis about podcast in Greece and iptelephony.gr
- 58:27 - comment (email) from Julien Goodwin about CBR article
- 58:57 - comment (email) from Alan Garwood about mini-poll on Infosecurity Europe web page
- 60:16 - comment (email) from Shlomo Dubrowin about BP project
- 61:19 - comment (blog) from Mark Collier
- 62:29 - comment (email) from Frank Leonhart about BBP dinner
- 63:29 - comment (email) from Mike Bailey asking a question about Skype installation
- 64:20 - comment (email) from Dion Rowney about recorder
- 67:30 - Review of the last week's traffic on the VOIPSEC public mailing list
- 68:23 - Wrap-up of the show
- Reminder that you can subscribe to the show via email as well as RSS
- Mention of our Frappr map
- 69:49 - End of show
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-2583 or via SIP to '[email protected]' to leave a comment there.
Thank you for listening and please do let us know what you think of the show.
P.S. We didn't mention the "upcoming shows", but here is the list we have been maintaining:
- Jan 23-26, 2007, Ft. Lauderdale, FL, Internet Telephony Conference and Expo – East
- Feb 5-9, 2007, San Francisco, CA, RSA Conference 2007
- Feb 27-Mar 1, 2007, San Francisco, Emerging Telephony 2007
- Mar 1-2, 2007, London, EUSecWest
- Mar 19-21, 2007, San Jose, CA, Spring 2007 VON
- Mar 23-25, Washington, DC, ShmooCon ‘07
- Apr 16-20, Vancouver, BC, Canada CanSecWest 2006
I think the original news item is not properly reported. TRAI, the regulatory arm in India has a long standing position on VoIP: PC to PC and Indian PSTN to PC are unregulated, whereas PC to Indian PSTN can be done only by authorized license holders. I think the news item is talking about this policy. Accordingly, if a BPO/KPO terminates the call within their own LAN and distribute it to their PBX then there should not be a problem.
But the issue is that as the picture in one of your referenced article points out, a VoIP call is terminated at an STD station and then routed to a local PSTN number. Routinely such operators are prosecuted and just as predictably an Indian news outlet circulates a story stating that VoIP is illegal in India. After all they earn many reverse links from many bloggers - with due respect to Om Malik, Tom Evslin and you.
Of course, I could be totally wrong, but I tried to validate that story, but failed. I will withdraw my comment if I am proven wrong.
Posted by: Aswath | December 22, 2006 at 12:40 PM
Nice show as always. Thanks for the mention of the Hacking Exposed book.
Posted by: Mark Collier | January 03, 2007 at 10:45 AM