Blue Box: The VoIP Security Podcast: Blue Box #48: The Crystal Ball Edition - Top VoIP Security issues of 2006 and predictions for 2007, Skype worm that wasn't, drive-by SPIT, OpenID, poking holes in firewalls, listener comments and more...

January 03, 2007

Blue Box #48: The Crystal Ball Edition - Top VoIP Security issues of 2006 and predictions for 2007, Skype worm that wasn't, drive-by SPIT, OpenID, poking holes in firewalls, listener comments and more...

Synopsis: The Crystal Ball Edition - Top VoIP Security issues of 2006 and predictions for 2007, Skype worm that wasn't, drive-by SPIT, OpenID for SIP authentication, poking holes in firewalls, listener comments and more...

Welcome to Blue Box: The VoIP Security Podcast #48, a 50-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

NOTE: For the first time in many shows we had an issue with the recording of the show that introduced gaps and other audio artifacts. Unfortunately, I was not running my backup recorder and schedules (and holidays) made a retake impractical. So my apologies... and if you are new to the show, please don't judge the show by the audio quality of this particular show.

Download the show here (MP3, 23MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

00:21 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners - and to all those listeners who have been here for so long! Special welcome to readers who found us through the new Hacking Exposed: VoIP book that was just recently released.
01:50 - Programming notes:
- sending in ident audio files
- Dan has launched a new blog - Disruptive Telephony
- Dan was interviewed by Jon Arnold about VoIP Security for his podcast series
04:08 - CNET: Confusion over Skype security threat clears up – all sorts of reports originating from the Websense blog entry – other links: CBC ComputerWorld TechWorld SC: Hackers unleash worm that targets Skype Heise Online – also Earthtimes gets it right
06:31 - DarkReading: VoIP More Vulnerable
09:09 - McGraw-Hill press release about Hacking Exposed: VoIP and also CRN: VoIP Risks Take Center Stage in 2007
09:49 - CNS: Telecom execs conclude enterprise security products insufficient for carrier networks
11:14 - Xchange Online: Survey: Security a Concern in Product Rollouts
12:44 - Heise Security: The hole trick: How Skype & Co. get round firewalls (tip to 21talks )
13:26 - Network Magazine (India): Voice over IP: Security issues to the fore
15:50 - Aswath Rao: There is No Money in the Authentication Business with some reaction, particularly from PhoneBoy Kveton and Alec Saunders
20:51 - ITBusiness.ca: The pros and cons of having a contractor do security
22:22 - VoIP News: Building VoIP Security at the Gateway Level – part of a special on VoIP Gateways
23:47 - Greatreporter.com: Hackers ‘can eavesdrop on 70% of web calls’
24:44 - LinuxDevices: Belkin WiFi Skype phone based on Linux
26:04 - Oral Health & Dental Practice Management: Technology in Tomorrow’s Dental Office
27:21 -Bluesocket Achieves VoIP Vocera Certifications
28:42 - Feature - Top VoIP security stories from 2006 and predictions for 2007. Some links mentioned in the discussion:
- RSA Speaking of Security Podcast #42 about phishing war story
- vnunet.com’s IT security predictions for 2007
- BCS: MessageLabs: Targeted security attacks to soar in 2007 (also in SC )
46:23 - Upcoming shows:
- Jan 23-26, 2007, Ft. Lauderdale, FL, Internet Telephony Conference and Expo – East
- Feb 5-9, 2007, San Francisco, CA, RSA Conference 2007
- Feb 27-Mar 1, 2007, San Francisco, Emerging Telephony 2007
- Mar 1-2, 2007, London, EUSecWest
- Mar 19-21, 2007, San Jose, CA, Spring 2007 VON
- Mar 23-25, Washington, DC, ShmooCon ‘07
- Apr 16-20, Vancouver, BC, Canada CanSecWest 2006
47:26 - Review of the last week's traffic on the VOIPSEC public mailing list
48:04 - No comments other than Aswath's note about OpenID that we covered earlier.
48:45 - Wrap-up of the show
- Reminder that you can subscribe to the show via email as well as RSS
- Mention of our Frappr map
50:11 - End of show

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-2583 or via SIP to '[email protected]' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Posted by Dan York on January 03, 2007 at 07:20 PM in Podcasts, VoIP Security, VOIPSA | Permalink

Tags: hacking voip, openid, security, skype, skype security, voip, voip security, voipsa

Comments

The comments to this entry are closed.

Contact Information

E-mail
[email protected]
Syndication

Subscribe to this podcast
Follow Us
Twitter: @blueboxpodcast
Google+: Blue Box page
Comment Line
+1-415-830-5439
Direct Telephone
(Dan) Skype danyork or
+1-802-735-1624
Subscribe via e-mail
Enter your email to subscribe:

Powered by FeedBlitz

Full Disclosure

Dan York, CISSP, is the Chair of the VOIP Security Alliance (VOIPSA) and Senior Content Strategist for the Internet Society.
Jonathan Zar is affiliated with Pingalo and is the Secretary of VOIPSA and member of the Board of Directors.
This is a personal project and neither the Internet Society, Pingalo nor VOIPSA have any formal connection to this podcast. In the interest of transparency we just thought you should know our affiliations.