Synopsis: Blue Box #71: VLAN Hopping, SIP Digest vulnerability, VoIP security hype, Skype security, Google's latest moves, listener comments and much more...

Welcome to Blue Box: The VoIP Security Podcast #71, a 51-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

NOTE: This show was recorded on November 8, 2007.

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 
• SIP Digest Access Authentication RELAY-ATTACK for Toll-Fraud
• VoiceCon ENews: VoIP Security Update (about my talk at Interop)
• Telecom Junkies episode about VLAN Hopping
• Network World: VoIP security notices show security remains a multi-vendor issue – also TechRepublic article about VoIP Hopper
• Network World: VoIP security industry: Guilty as charged (Plus, 10 nasty questions to ask your VoIP supplier)
• VoIP-News.com: Vonage Security Problems May Be Just the Start
• The Ethical Hacker Network: Fun with Online VoIP Hacking
• SearchVoIP: Unified communications security vulnerabilities
• SecurityPark: Seeing through the VoIP security hype
• The Guardian: Why VoIP is the next target for spammers
• Skype Blog: Skype for Mac on Leopard (note comments about embracing security)
• Voice of VOIPSA: Isolation vs. Integration (Dustin Trammell)
• Converge!Network Digest: The Future IC/UC Net Will Be Federated (by Acme Packet)
• TMCNet: Telecom Italia Sparke Enhances VoIP Services with Acme Packet
• Mark Collier: VoIP Training Courses – he also has made available his presentation on security that he recently gave at AT&T’s Focus Conference.
• InfoWorld: Vetting the quality of VoIP (follow-on to The lie that is Voice over IP )
• Comment (email) from Matt Hillman about http://www.podcastersmeetup.com/ at ShmooCon Feb 15-17 in DC
• Comment (audio) from Mohammad Halawah
• Comment (email) from Frank Leonhardt
• Comment (email) from Josef Janitor
• - Review of the last week's traffic on the VOIPSEC public mailing list 
• - Wrap-up of the show
• - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-7280 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis: Blue Box #71: VLAN Hopping, SIP Digest vulnerability, VoIP security hype, Skype security, Google's latest moves, listener comments and much more...

Welcome to Blue Box: The VoIP Security Podcast #71, a 51-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

NOTE: This show was recorded on November 8, 2007.

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 
• SIP Digest Access Authentication RELAY-ATTACK for Toll-Fraud
• VoiceCon ENews: VoIP Security Update (about my talk at Interop)
• Telecom Junkies episode about VLAN Hopping
• Network World: VoIP security notices show security remains a multi-vendor issue ??? also TechRepublic article about VoIP Hopper
• Network World: VoIP security industry: Guilty as charged (Plus, 10 nasty questions to ask your VoIP supplier)
• VoIP-News.com: Vonage Security Problems May Be Just the Start
• The Ethical Hacker Network: Fun with Online VoIP Hacking
• SearchVoIP: Unified communications security vulnerabilities
• SecurityPark: Seeing through the VoIP security hype
• The Guardian: Why VoIP is the next target for spammers
• Skype Blog: Skype for Mac on Leopard (note comments about embracing security)
• Voice of VOIPSA: Isolation vs. Integration (Dustin Trammell)
• Converge!Network Digest: The Future IC/UC Net Will Be Federated (by Acme Packet)
• TMCNet: Telecom Italia Sparke Enhances VoIP Services with Acme Packet
• Mark Collier: VoIP Training Courses ??? he also has made available his presentation on security that he recently gave at AT&T???s Focus Conference.
• InfoWorld: Vetting the quality of VoIP (follow-on to The lie that is Voice over IP )
• Comment (email) from Matt Hillman about http://www.podcastersmeetup.com/ at ShmooCon Feb 15-17 in DC
• Comment (audio) from Mohammad Halawah
• Comment (email) from Frank Leonhardt
• Comment (email) from Josef Janitor
• - Review of the last week's traffic on the VOIPSEC public mailing list 
• - Wrap-up of the show
• - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-7280 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis:Blue Box #68: Top 14 VoIP Vulnerabilities, Asterisk security, VoIP hacker, IMS, P2P, Skype, industry moves, VoIP security news, listener comments and more...

Welcome to Blue Box: The VoIP Security Podcast #68, a 46-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 


• 01:03 - Programming notes:
  
  • New comment line – 206-350-7280
  
  
  • Slight web site changes
  
  
  • Books from Peter Thermos and Ari Takanen – anniversary show promotion
  
  
• 03:27 - NetworkWorld: Top 14 VoIP Vulnerabilities – and also this comment in reply


• 07:08 - blog.spywareguide.com: Bubbles… for Kids! (spyware that propagates via Skype IM)


• 09:25 - Voice of VoIPSA: What would your security roadmap for Asterisk be? and 3Com to sell/support Asterisk


• 18:11 - Voice of VOIPSA: VoIP Hacker Goes to Jail pointing to Information Week interview with Robert Moore which is similar to the Telecom Junkies interview I did earlier with Robert Moore.


• 19:14 - Converge!Digest: Defending the IMS Core (sponsored by Sonus)


• 20:56 - Processor: Getting Tough with P2P= which relates to Dan’s recent issues with using Skype at a hotel


• 26:36 - PC World: Attack of the Killer Bots


• 28:57 - News Releases
  • Sipera Secures $10 Million to Further Advance VoIP/UC Security=
  
  
  • Bandwidth.com Bands with Acme Packet (finally, security for SIP trunking!)
  
  
  • Radware Unveils Industry First Behavioral Server Protections as Part of its Full Spectrum Protection Technology
  
  
  • Alcatel-Lucent Bolsters its Security Solutions in Worldwide Reseller Agreement with CloudShield Technologies
  
  
  • Clavister Announces New Version of its IP-Based Security Operating System (see also press release )
  
  
  • ForeScout Continues Innovation Leadership with Latest Network Access Control Offering=
  
  
  
  
• 32:24 - 3Com bought by Bain Capital, Huawei


• 34:58 - Skype CEO out, eBay takes $1.4 million charge


• 37:08 - Nokia to buy Navteq


• 38:26 - Vonage loses patent trial
  


• 39:29 - Upcoming shows:
  
  
  
  • Oct 24-25, New York, USA, Interop
    
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON


• 39:58 - Comment (email) from Peter Thermos


• 42:15 - Comment (email) from Frank Leonhardt about Skype malware


• 42:24 - Comments (blog) about video edition #1


• 42:51 - Brief commentary from Dan about using TalkPlus to call a SIP URI from a cell phone


• 45:39 - Review of the last week's traffic on the VOIPSEC public mailing list 


• 46:00 - Wrap-up of the show
  


• 46:51 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-7280 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis:Blue Box #68: Top 14 VoIP Vulnerabilities, Asterisk security, VoIP hacker, IMS, P2P, Skype, industry moves, VoIP security news, listener comments and more...

Welcome to Blue Box: The VoIP Security Podcast #68, a 46-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 


• 01:03 - Programming notes:
  
  • New comment line – 206-350-7280
  
  
  • Slight web site changes
  
  
  • Books from Peter Thermos and Ari Takanen – anniversary show promotion
  
  
• 03:27 - NetworkWorld: Top 14 VoIP Vulnerabilities – and also this comment in reply


• 07:08 - blog.spywareguide.com: Bubbles… for Kids! (spyware that propagates via Skype IM)


• 09:25 - Voice of VoIPSA: What would your security roadmap for Asterisk be? and 3Com to sell/support Asterisk


• 18:11 - Voice of VOIPSA: VoIP Hacker Goes to Jail pointing to Information Week interview with Robert Moore which is similar to the Telecom Junkies interview I did earlier with Robert Moore.


• 19:14 - Converge!Digest: Defending the IMS Core (sponsored by Sonus)


• 20:56 - Processor: Getting Tough with P2P= which relates to Dan’s recent issues with using Skype at a hotel


• 26:36 - PC World: Attack of the Killer Bots


• 28:57 - News Releases
  • Sipera Secures $10 Million to Further Advance VoIP/UC Security=
  
  
  • Bandwidth.com Bands with Acme Packet (finally, security for SIP trunking!)
  
  
  • Radware Unveils Industry First Behavioral Server Protections as Part of its Full Spectrum Protection Technology
  
  
  • Alcatel-Lucent Bolsters its Security Solutions in Worldwide Reseller Agreement with CloudShield Technologies
  
  
  • Clavister Announces New Version of its IP-Based Security Operating System (see also press release )
  
  
  • ForeScout Continues Innovation Leadership with Latest Network Access Control Offering=
  
  
  
  
• 32:24 - 3Com bought by Bain Capital, Huawei


• 34:58 - Skype CEO out, eBay takes $1.4 million charge


• 37:08 - Nokia to buy Navteq


• 38:26 - Vonage loses patent trial
  


• 39:29 - Upcoming shows:
  
  
  
  • Oct 24-25, New York, USA, Interop
    
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON


• 39:58 - Comment (email) from Peter Thermos


• 42:15 - Comment (email) from Frank Leonhardt about Skype malware


• 42:24 - Comments (blog) about video edition #1


• 42:51 - Brief commentary from Dan about using TalkPlus to call a SIP URI from a cell phone


• 45:39 - Review of the last week's traffic on the VOIPSEC public mailing list 


• 46:00 - Wrap-up of the show
  


• 46:51 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-7280 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.