« Two years ago today, Blue Box podcast #1 was launched | Main | Blue Box #70: 2-yr Anniversary show, VoIP security vulnerabilities, Vonage, Comcast, phishing, listener comments and much, much more... »

October 25, 2007

Comments

Did you see this snippet from Reuters yesterday?

http://news.zdnet.com/2110-1009_22-6215259.html

I am curious as to what the background of this Vonage exploit might be, and why it might have hit the newswires. Something old or something new?

Will you mention it in Podcast #70?

David, Yes, we do talk about it on BBP 70 and I also intend to write a Voice of VOIPSA blog post about it. The eavesdropping item is really old news in that we've been talking about this weakness in consumer VoIP services for most of the two years of Blue Box! The other SIP exploits are ones I haven't heard of, but I'm not terribly surprised to learn of them because they are the typical type of exploit that people need to test for - but yet we're seeing that people don't.

Thanks for the comment,
Dan

The comments to this entry are closed.

The Obligatory Photo

Contact Information

Full Disclosure

  • Dan York, CISSP, is the Chair of the VOIP Security Alliance (VOIPSA) and Senior Content Strategist for the Internet Society.

    Jonathan Zar is affiliated with Pingalo and is the Secretary of VOIPSA and member of the Board of Directors.

    This is a personal project and neither the Internet Society, Pingalo nor VOIPSA have any formal connection to this podcast. In the interest of transparency we just thought you should know our affiliations.

Why "Blue Box"?

  • We chose the name "Blue Box" primarily as a nod to the era of phone phreaking in part to illustrate that threats to telephony are not new - they just continue to change and evolve. That and admittedly the name just sounded cool.

Promote Blue Box!

  • Add this graphic to your site!