Synopsis: IP phone security vulnerabilities, SIP fuzzing, Phil Zimmermann, ZRTP and IETF, Skype security, listener comments and a brief final commentary about visiting the pyramids in Egypt
Welcome to Blue Box: The VoIP Security Podcast #55, a 78-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.
Download the show here (MP3, 36MB) or subscribe to the RSS feed to download the show automatically.
You may also listen to this podcast right now:
Show Content:
- 00:20 - Intro to the show, contact information and how to provide comments. Welcome to all the new listeners - and to all those listeners who have been here for so long!
- 01:29 - Programming notes
- Apologies for lengthy delay
- Hope you enjoyed Blue Box Special Edition #17 with Saverio Niccolini
- Jonathan's IPTV session at Spring VON
- Brief note about Dan's trip to Cairo (more at the end of the show)
- Blogroll for “Blue Box Friends” – send in email with answer to question “What is Dan’s #1 prediction for what’s going to happen in VoIP security this year?”
- If you are a CISSP, listening to podcasts can be counted as CPE credits
- Voice of VOIPSA and Blue Box part of Security Bloggers Network
- 11:39 - RIT VoIP Conference – Rochester, NY, May 18th – looking for papers
- 12:30 - SIP fuzzing vulnerabilities from the Madynes project
- Cisco 7940/7960 DoS
- Grandstream Budgetone 200 DoS (note that vendor did not respond to researchers)
- Asterisk SDP DoS - and then also proof-Of-Concept code for Asterisk vulnerability
- Thinking about "patch management plans for phones"?
- 17:49 - Network World: Trojan calls on Skype
- 18:28 - Shawn Merdinger starts blogging his "Top 10" list of questions to ask your vendor about VoIP security (part 3 presumably coming soon):
- Voice of VOIPSA: Pucker up – Intimate VoIP Phone Security Questions – part 1 of 3
- Voice of VOIPSA: Pucker up - Intimate VoIP Phone Security Questions - part 2 of 3
- 22:08 - Silicon.com Special report on VoIP Security
- 25:29 - VoIP News: Pretty Good (VoIP) Privacy
- 26:10 - VoIP News: CounterPath Gets Pretty Good Privacy with ZFone
- 28:13 - Voice of VOIPSA: Skype with a ‘Z’
- 30:10 - Voice of VOIPSA: Cracking the WLAN
- Voice of VOIPSA: Ghosts of VoIP Security Tools Past…and Future? (note the comment in reply from the grugq)
- 31:01 - Aswath Rao: OpenID Negates the Need for P2P SIP
- 33:17 - PC Advisor: Take care of your smartphone’s security
- comment (email) from Shawn about FlexiSpy
- mention of EE Times: Getting a lock on RTOS security
- 36:42 - IETF: VoIP Security Threats relevant to SPEERMINT (sent in by Shawn)
- 38:12 - Mention of IETF BLISS working group
- 39:14 - Mitel Presence: Using IP Communications as a Tool For Disaster Recovery and Business Continuity
- 40:17 - Sipera's new VoIP Threat Advisories
- 41:54 - News releases:
- 43:56 - Feature discussion around the IETF 68 RTPSEC BOF that occurred in Prague about secure key exchange protocols for Secure RTP (SRTP) (with the caveat that neither of us were there)
- comment (email) from Miguel Garcia
- Voice of VOIPSA: SRTP key exchange – minutes of IETF RTPSEC BOF now posted pointing to RTPSEC minutes
- 53:20 - Brief mention of VOIPSA Best Practices project.
- 54:08 - Upcoming shows:
- Apr 16-20, Vancouver, BC, Canada CanSecWest 2006
- May 14-17, Santa Clara, CA, USA Communications Developer Conference
- May 18, Rochester, NY, USA, RIT VoIP Conference
- May 23-25, Paris, France Eurosec Forum 2007 – I am speaking
- June 12-14, Stockholm, Sweden, VON Europe Spring – both Martyn and I will be there… we’ll have to have a Blue Box dinner
- July 22-27, Chicago, USA IETF 69
- Aug 20-23, San Francisco, CA, USA VoiceCon SF 2007
- Sept 10-12, Los Angeles, CA, USA ITEXPO West 2007
- Oct 29-Nov 1, Boston, USA, Fall 2007 VON
- 54:20 - comment (audio) from Hasan Diwan about adding his blog, Prolific Programmer to the Blue Box blogroll
- 56:34 - comment (email) from Detlef
- 57:18 - comment (email) from Mark Collier about ETel story
- 57:49 - comment (email) from Dean Elwood about biometrics for identity authentication
- 58:49 - comment (email) from Shawn Merdinger about http://oldskoolphreak.com/tfiles/pwf.txt
- 59:41 - comment (email) from Shawn about Hitchhiker’s Guide to SIP
- 61:28 - comment (email) from Martyn Davies about OpenID
- 64:24 -comment (email) from Seth about adding a Podnova subscription button
- 64:39 - comment (email) from Roland about RSS feed not validating
- 64:52 - comment (email) from Martyn Davies about SE16 and removing the hum
- 66:05 - Review of the last week's traffic on the VOIPSEC public mailing list
- 67:16 - Wrap-up of the show
- A bit of a travelogue about Dan's trip to Cairo, Egypt, and his impressions of the pyramids, Cairo, etc.
- 78:05 - End of show
Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to [email protected]. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-206-350-2583 or via SIP to '[email protected]' to leave a comment there.
Thank you for listening and please do let us know what you think of the show.
Good show as always, keep up the good work.
Posted by: Zapperlink | April 17, 2007 at 10:19 AM