Synopsis:  Blue Box #82: Asterisk & Skype security vulnerabilities, new VoIP security tools, VoIP steganography, VoIP security news and much, much more...

Welcome to Blue Box: The VoIP Security Podcast #82, a 47-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was originally recorded on June 21, 2008.

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long!
• Programming notes:
  • Note about the production team – new special editions coming soon.
  • Note about URLs for the media files
• AST-2008-008 – Remote Crash Vulnerability in SIP channel driver when run in pedantic mode
• AST-2008-009 – Remote crash vulnerability in ooh323 channel driver
• Skype-SB-2008-003 – Skype File URI Security Bypass Code Execution Vulnerability
• New version of SIPvicious


• Sipflanker – tool to find SIP devices with web GUIs




• Discussion about VoIP Steganography (pointed to by Craig Bowser)


• Geeks Are Sexy: New Technology Hides Messages in Internet Phone Calls – and Switched: Spies to Use Skype to Send Secret Messages? – and The Register


• FierceVoIP: VoIP Security and the Circle of Trust pointing to Government Computer News: Careful with the call



• The Register: ‘Untraceable’ phone fraudsters eye your credit card



• SearchUnifiedCommunications: Disaster and recovery in the VoIP/IPT RFP



• Secure Computing: Voice tools under enemy fire



• VNUnet: A good VoIP application is worth paying for



• Ofcom confirms VoIP providers must provide access to 999 and 112



• Bogdan Materna’s blog is live
• Realtime Community: The Essentials Series:
  Messaging and Web Security
  Volume III


• Global Knowledge: On-Demand Webinar on VoIP Security (hat tip to Thomas Lee )


• SearchSecurity: The threats to telcos and how they can repel them


• TMCnet: Balancing Issues in World of Telepresence


• Network World: VoIP Security Buying Guide
• Nortel and SecureLogix Team to Deliver Voice Security and Management Solutions to Worldwide Enterprise Market (see also this analysis )


• Sipera Partner Network Arms Resellers With Comprehensive UC and VoIP Security


• VIVOphone Deploys Paradial RealTunnel?? to Solve NAT Traversal Challenges for VoIP Services


• Audiocodes joins the ranks of SBC vendors


• SearchSecurity: Securing the new network (interesting because it shows the layers of a defense in depth)


• The Hindu Business News: Serious about Security


• Shows:
  
  
  
  • IP Telephony University – June 23-24, Alexandria, VA
  
  
  • IPTComm 2008 – July 1-2, Heidelberg, Germany
  
  
  • The Last H.O.P.E. – July 18-20, New York
  
  
  • SpeechTek – August 18-20, New York
  
  
  
  
• Call for papers for Hack-in-the-box Malaysia ends June 30th



• SchmooCon 2008 videos available – several dealing with VoIP
• No comments this week.
  
• Review of the last week's traffic on the VOIPSEC public mailing list 


• Wrap-up of the show


• 47:09 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

]]> Wed, 27 Aug 2008 16:53:17 +0000 voip security voip security news voip voip security tools voip steganography voip services security skype security vulnerabilities voip security podcast Blue Box #82: Asterisk & Skype security vulnerabilities, new VoIP security tools, VoIP steganography, VoIP security news and much, much more... http://securityratty.com/article/48c1a58b9d39348008877ad191ffcfea http://securityratty.com/article/48c1a58b9d39348008877ad191ffcfea

Synopsis:  Blue Box #82: Asterisk & Skype security vulnerabilities, new VoIP security tools, VoIP steganography, VoIP security news and much, much more...

---

Welcome to Blue Box: The VoIP Security Podcast #82, a 47-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was originally recorded on June 21, 2008.

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long!
• Programming notes:
  • Note about the production team – new special editions coming soon.
  • Note about URLs for the media files
• AST-2008-008 – Remote Crash Vulnerability in SIP channel driver when run in pedantic mode
• AST-2008-009 – Remote crash vulnerability in ooh323 channel driver
• Skype-SB-2008-003 – Skype File URI Security Bypass Code Execution Vulnerability
• New version of SIPvicious


• Sipflanker – tool to find SIP devices with web GUIs




• Discussion about VoIP Steganography (pointed to by Craig Bowser)


• Geeks Are Sexy: New Technology Hides Messages in Internet Phone Calls – and Switched: Spies to Use Skype to Send Secret Messages? – and The Register


• FierceVoIP: VoIP Security and the Circle of Trust pointing to Government Computer News: Careful with the call



• The Register: ‘Untraceable’ phone fraudsters eye your credit card



• SearchUnifiedCommunications: Disaster and recovery in the VoIP/IPT RFP



• Secure Computing: Voice tools under enemy fire



• VNUnet: A good VoIP application is worth paying for



• Ofcom confirms VoIP providers must provide access to 999 and 112



• Bogdan Materna’s blog is live
• Realtime Community: The Essentials Series:
  Messaging and Web Security
  Volume III


• Global Knowledge: On-Demand Webinar on VoIP Security (hat tip to Thomas Lee )


• SearchSecurity: The threats to telcos and how they can repel them


• TMCnet: Balancing Issues in World of Telepresence


• Network World: VoIP Security Buying Guide
• Nortel and SecureLogix Team to Deliver Voice Security and Management Solutions to Worldwide Enterprise Market (see also this analysis )


• Sipera Partner Network Arms Resellers With Comprehensive UC and VoIP Security


• VIVOphone Deploys Paradial RealTunnel® to Solve NAT Traversal Challenges for VoIP Services


• Audiocodes joins the ranks of SBC vendors


• SearchSecurity: Securing the new network (interesting because it shows the layers of a defense in depth)


• The Hindu Business News: Serious about Security


• Shows:
  
  
  
  • IP Telephony University – June 23-24, Alexandria, VA
  
  
  • IPTComm 2008 – July 1-2, Heidelberg, Germany
  
  
  • The Last H.O.P.E. – July 18-20, New York
  
  
  • SpeechTek – August 18-20, New York
  
  
  
  
• Call for papers for Hack-in-the-box Malaysia ends June 30th



• SchmooCon 2008 videos available – several dealing with VoIP
• No comments this week.
  
• Review of the last week's traffic on the VOIPSEC public mailing list 


• Wrap-up of the show


• 47:09 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.




]]> Wed, 27 Aug 2008 15:53:18 +0000 voip security voip security news voip voip security tools voip steganography voip services security skype security vulnerabilities voip security podcast Blue Box #82: Asterisk & Skype security vulnerabilities, new VoIP security tools, VoIP steganography, VoIP security news and much, much more... http://securityratty.com/article/12a646d6f75cd20c5bdf249647b13de5 http://securityratty.com/article/12a646d6f75cd20c5bdf249647b13de5

Synopsis:  Blue Box #79: Asterisk vulnerabilities, VoiceCon/VON coverage, eavesdropping, FBI, ZFone, P2P, VoIP security news and more

---

Welcome to Blue Box: The VoIP Security Podcast #78, a 32-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 15MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was originally recorded on March 27, 2008. Yes, that was over two months ago... we know...

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 
• MANY thanks for all the offers of audio production assistance


• Dan met with Craig Bowser down at VoiceCon, also David Endler, Mark Collier, etc.


• Jonathan met with Dean Elwood, Martyn Davies, etc.


• Four Asterisk vulnerabilities


• The Economist: Bugging The Cloud


• Forbes: How to Make Your Phone Untappable


• VoIP News: VoIP: Who Might Be Spying on Your Communications? (Hint – It’s Not Just the NSA


• VoIP News: Listen Up: 17 Signs That You Are Being Wiretapped


• eChannelLine: Businesses lagging in securing VoIP (also ComputerWeekly.com and news release )


• eChannelLine: Ingate launches enhanced security for VoIP and SIP (also Enterprise VoIPPlanet )


• Voice of VOIPSA: Hacking Zyxel Gateways


• Voice of VOIPSA: Vishing Attacks


• Voice of VOIPSA: FBI VoIP Surveillance Requirements Leaked (also in FierceVoIP and Slashdot )


• Voice of VOIPSA: Hackers Send Thousands of Fake Calls to Deaf People


• SnapVoIP: Unified Communications in Virtual Worlds to Solve ‘Tower of Babel’ for Intelligence Agencies


• Israeli-made Cryptophone attracts world spy agencies pointing to product site


• BlogInfoSec.com: Save The Whales (about a new form of phishing)


• Network Computing: Your Data and the P2P Peril


• NetQoS: VoIP Monitor 1.1 released


• PC World: FaceTime Security Product Scans Skype’s Encrypted IM and news release


• Sipera IPCS Solution for Teleworkers Rated ‘Avaya Compliant’


• Extreme Networks Boosts Security for Converged Voice and Data Networks with New Tools
• Review of the last week's traffic on the VOIPSEC public mailing list 


• Wrap-up of the show


• 32:27 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

]]> Mon, 09 Jun 2008 12:30:57 +0000 voip voip security news voip monitor security voip news asterisk vulnerabilities voip security podcast blue box podcast Blue Box #79: Asterisk vulnerabilities, VoiceCon/VON coverage, eavesdropping, FBI, ZFone, P2P, VoIP security news and more http://securityratty.com/article/6ff472aef8df8c39ce9d47bf4fe36d51 http://securityratty.com/article/6ff472aef8df8c39ce9d47bf4fe36d51

Synopsis:  Blue Box #79: Asterisk vulnerabilities, VoiceCon/VON coverage, eavesdropping, FBI, ZFone, P2P, VoIP security news and more

---

Welcome to Blue Box: The VoIP Security Podcast #78, a 32-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 15MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was originally recorded on March 27, 2008. Yes, that was over two months ago... we know...

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 
• MANY thanks for all the offers of audio production assistance


• Dan met with Craig Bowser down at VoiceCon, also David Endler, Mark Collier, etc.


• Jonathan met with Dean Elwood, Martyn Davies, etc.


• Four Asterisk vulnerabilities


• The Economist: Bugging The Cloud


• Forbes: How to Make Your Phone Untappable


• VoIP News: VoIP: Who Might Be Spying on Your Communications? (Hint – It’s Not Just the NSA


• VoIP News: Listen Up: 17 Signs That You Are Being Wiretapped


• eChannelLine: Businesses lagging in securing VoIP (also ComputerWeekly.com and news release )


• eChannelLine: Ingate launches enhanced security for VoIP and SIP (also Enterprise VoIPPlanet )


• Voice of VOIPSA: Hacking Zyxel Gateways


• Voice of VOIPSA: Vishing Attacks


• Voice of VOIPSA: FBI VoIP Surveillance Requirements Leaked (also in FierceVoIP and Slashdot )


• Voice of VOIPSA: Hackers Send Thousands of Fake Calls to Deaf People


• SnapVoIP: Unified Communications in Virtual Worlds to Solve ‘Tower of Babel’ for Intelligence Agencies


• Israeli-made Cryptophone attracts world spy agencies pointing to product site


• BlogInfoSec.com: Save The Whales (about a new form of phishing)


• Network Computing: Your Data and the P2P Peril


• NetQoS: VoIP Monitor 1.1 released


• PC World: FaceTime Security Product Scans Skype’s Encrypted IM and news release


• Sipera IPCS Solution for Teleworkers Rated ‘Avaya Compliant’


• Extreme Networks Boosts Security for Converged Voice and Data Networks with New Tools
• Review of the last week's traffic on the VOIPSEC public mailing list 


• Wrap-up of the show


• 32:27 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.




]]> Mon, 09 Jun 2008 11:30:58 +0000 voip voip security news voip monitor security voip news asterisk vulnerabilities voip security podcast blue box podcast Blue Box #79: Asterisk vulnerabilities, VoiceCon/VON coverage, eavesdropping, FBI, ZFone, P2P, VoIP security news and more http://securityratty.com/article/7c8d62985159e1b742a937909b0b64c5 http://securityratty.com/article/7c8d62985159e1b742a937909b0b64c5

Synopsis: Blue Box #76: Cisco, Skype and BT vulnerabilities, when SIP looks like SPIT, VoIP security threat predictions and the FBI forgets to pay their bills, plus listener comments and more...

---

Welcome to Blue Box: The VoIP Security Podcast #76, a 38-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 17MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 
• new comment line +1-415-830-5439
• Cisco: Cisco Unified Communications Manager CTL Provider Heap Overflow
• Skype: SKYPE-SB/2008-001: Skype Cross Zone Scripting Vulnerability ??? coverage in Skype blog and ComputerWorld article
• GNUcitizen: BT Home Call Jacking also mentioned in VOIPSEC message ??? coverage in PC World and The Register
• Voice of VOIPSA: SIP Security slides at ETSI event
• Voice of VOIPSA: How do you differentiate between legitimate SIP usage and SPIT? pointing to Dan???s Internet-Draft document
• RFC 5039 on SIP and Spam
• Sipera ???news release on Top 5 VoIP Threat Predictions of 2008 ??? coverage in The Register: 2008 ??? the year VoIP gets hacked? and IT Business Edge: VoIP Security Still Falling Short
• SearchSecurity.com: Enterprise security in 2008: Addressing emerging threats like VoIP and virtualization
• C|Net blogs: Can terrorists use the Net to avoid wiretaps?

FBI Wiretaps dropped due to unpaid bills

• CityCell joins rivals forced to pay up for VoIP infringements
• Comment (email) from someone looking for VoIP security professional in Connecticut
• Comment (email) from Shlomo Dubrowin
• Review of the last week's traffic on the VOIPSEC public mailing list 
• Wrap-up of the show
• 38:09 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

]]> Thu, 14 Feb 2008 16:37:49 +0000 voip voip infringements voip security professional voip threat predictions voip security news voip security voip security podcast comments sip Blue Box #76: Cisco, Skype and BT vulnerabilities, when SIP looks like SPIT, VoIP security threat predictions and the FBI forgets to pay their bills, http://securityratty.com/article/b00b1b75e564b40517a1a73ddcf6657b http://securityratty.com/article/b00b1b75e564b40517a1a73ddcf6657b

Synopsis: Blue Box #76: Cisco, Skype and BT vulnerabilities, when SIP looks like SPIT, VoIP security threat predictions and the FBI forgets to pay their bills, plus listener comments and more...

---

Welcome to Blue Box: The VoIP Security Podcast #76, a 38-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 17MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 
• new comment line +1-415-830-5439
• Cisco: Cisco Unified Communications Manager CTL Provider Heap Overflow
• Skype: SKYPE-SB/2008-001: Skype Cross Zone Scripting Vulnerability – coverage in Skype blog and ComputerWorld article
• GNUcitizen: BT Home Call Jacking also mentioned in VOIPSEC message – coverage in PC World and The Register
• Voice of VOIPSA: SIP Security slides at ETSI event
• Voice of VOIPSA: How do you differentiate between legitimate SIP usage and SPIT? pointing to Dan’s Internet-Draft document
• RFC 5039 on SIP and Spam
• Sipera “news release on Top 5 VoIP Threat Predictions of 2008 – coverage in The Register: 2008 – the year VoIP gets hacked? and IT Business Edge: VoIP Security Still Falling Short
• SearchSecurity.com: Enterprise security in 2008: Addressing emerging threats like VoIP and virtualization
• C|Net blogs: Can terrorists use the Net to avoid wiretaps?

FBI Wiretaps dropped due to unpaid bills

• CityCell joins rivals forced to pay up for VoIP infringements
• Comment (email) from someone looking for VoIP security professional in Connecticut
• Comment (email) from Shlomo Dubrowin
• Review of the last week's traffic on the VOIPSEC public mailing list 
• Wrap-up of the show
• 38:09 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.




]]> Thu, 14 Feb 2008 15:37:50 +0000 voip voip infringements voip security professional voip threat predictions voip security news voip security voip security podcast comments sip Blue Box #76: Cisco, Skype and BT vulnerabilities, when SIP looks like SPIT, VoIP security threat predictions and the FBI forgets to pay their bills, http://securityratty.com/article/c0914c73b0c753bea48c9000c9d04ea9 http://securityratty.com/article/c0914c73b0c753bea48c9000c9d04ea9

Synopsis: Blue Box #74: 2008 Crystal Ball Edition, Asterisk and Trixbox vulnerabilities, top 10 lists, VoIP security trends for 2008 and more....

---

Welcome to Blue Box: The VoIP Security Podcast #74, a 44-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 20MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 
• new comment line +1-415-830-5439
• SE 22 with Jonathan Rosenberg
• Asterisk AST-2007-027: Database matching order permits host-based authentication to be ignored
• Voice of VOIPSA: Trixbox contains ‘phone home’ code to retrieve arbitrary commands to execute
• trixbox CE audit tool official statement and fixes
• Audit Tool Change Plan
• Audit tool ‘fix’ being pushed out tonight
• ComputerWorld: VoIP vulnerabilities increasing, but not exploits
• CRN: Top 9 VoIP Threats and Vulnerabilities (Sipera PR strikes again) – points to CRN article: VoIP Threats, Vulnerabilities Abound which is based on press release Sipera VIPER Lab Reveals Top 5 VoIP Vulnerabilities in 2007
• Voice of VOIPSA: Pointers to any audi methodology for forensic analysis of VoIP systems?
• TMC.net: SIP and Security: Just Do It Right!
• PAETEC, Alcatel-Lucent Deploy Industry Leading Disaster Recovery VoIP Solution
• Feature: top stories of 2007 and trends for 2008
• No comments this week.
• Review of the last week's traffic on the VOIPSEC public mailing list 
• Wrap-up of the show
• 43:57 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

]]> Tue, 08 Jan 2008 14:42:39 +0000 trends vulnerabilities voip security trends security trixbox vulnerabilities voip vulnerabilities listener comment line comment line top Blue Box #74: 2008 Crystal Ball Edition, Asterisk and Trixbox vulnerabilities, top 10 lists, VoIP security trends for 2008 and more.... http://securityratty.com/article/8076404175c339d862777d2e464a59e5 http://securityratty.com/article/8076404175c339d862777d2e464a59e5

Synopsis: Blue Box #74: 2008 Crystal Ball Edition, Asterisk and Trixbox vulnerabilities, top 10 lists, VoIP security trends for 2008 and more....

---

Welcome to Blue Box: The VoIP Security Podcast #74, a 44-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 20MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 
• new comment line +1-415-830-5439
• SE 22 with Jonathan Rosenberg
• Asterisk AST-2007-027: Database matching order permits host-based authentication to be ignored
• Voice of VOIPSA: Trixbox contains ‘phone home’ code to retrieve arbitrary commands to execute
• trixbox CE audit tool official statement and fixes
• Audit Tool Change Plan
• Audit tool ‘fix’ being pushed out tonight
• ComputerWorld: VoIP vulnerabilities increasing, but not exploits
• CRN: Top 9 VoIP Threats and Vulnerabilities (Sipera PR strikes again) – points to CRN article: VoIP Threats, Vulnerabilities Abound which is based on press release Sipera VIPER Lab Reveals Top 5 VoIP Vulnerabilities in 2007
• Voice of VOIPSA: Pointers to any audi methodology for forensic analysis of VoIP systems?
• TMC.net: SIP and Security: Just Do It Right!
• PAETEC, Alcatel-Lucent Deploy Industry Leading Disaster Recovery VoIP Solution
• Feature: top stories of 2007 and trends for 2008
• No comments this week.
• Review of the last week's traffic on the VOIPSEC public mailing list 
• Wrap-up of the show
• 43:57 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.




]]> Tue, 08 Jan 2008 13:42:40 +0000 trends vulnerabilities voip security trends security trixbox vulnerabilities voip vulnerabilities listener comment line comment line top Blue Box #74: 2008 Crystal Ball Edition, Asterisk and Trixbox vulnerabilities, top 10 lists, VoIP security trends for 2008 and more.... http://securityratty.com/article/f7cb21e8ec7fa464a1a6470729819dff http://securityratty.com/article/f7cb21e8ec7fa464a1a6470729819dff Thu, 13 Dec 2007 22:50:02 +0000 vulnerabilities voip vulnerabilities sipera viper team sipera viper lab media reports top impac list vendor Security World: Top 5 VoIP vulnerabilities in 2007 http://securityratty.com/article/000fe05beb7be31948ee3c35b723296d http://securityratty.com/article/000fe05beb7be31948ee3c35b723296d

Synopsis:Blue Box #70: 2-yr Anniversary show, VoIP security vulnerabilities, Vonage, Comcast, phishing, listener comments and much, much more...

---

Welcome to Blue Box: The VoIP Security Podcast #70, a 51-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

NOTE: This show was recorded on October 25, 2007.

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 
• Programming notes:
• Dan???s new employment with Voxeo
• Dan at VON next week ??? Dean Elwood is doing a VoIPUser dinner ??? perhaps a Blue Box dinner as well?
• We hope you enjoyed Blue Box SE 21 with Phil Zimmermann ??? many thanks to Martyn Davies for helping with that.
• Reporters for some of the spring shows?  (we can probably get you press credentials??? if you are there)
• XSS attack and SQL injection via SIP against Asterisk
• The XSS attack against Linksys SPA-941 we discussed last week was picked up by Secure Computing which resulted in this SearchSecurity.com article: New Attack Methods Target Web 2.0, VoIP (last link sent to us by Rhodri Davies)
• Sipera released a range of vulnerabilities related to Vonage, Grandstream and more ??? note that the Vonage thread has been picked up by ZDNet???s Russell Shaw
• Wired: Phones Aren???t Safe Either, Hackers Say ??? also discussed in Network World and Russell Shaw We???ve toasted so many of these (VoIP) networks??? and Dustin Trammell???s blog (in the list of sessions he attended)
• SANS: Vishing, Skype, and VoIP-Based Fraud (sent in by Craig Bowser)
• CXO Today: The Phishing Epidemic
• PCWorld.CA: The eight most dangerous consumer technologies (Skype and consumer VoIP are #6 on page 2 )
• TMC Net: VoIP Peering in Search of a Viable Interconnect Business Model (note the comments about security toward the bottom)
• Cisco TechWise podcasts Session Initiation Protocol and Security (it???s on the page??? came out 10/18/07 )
• TechRepublic: Sanity check: Will Microsoft be your next phone company? (nice roundup of the MS announcements??? some of the comments are also interesting)
• Comcast
• AP: Comcast blocks some Internet traffic
• Ed Brill notes the impact on Notes/Domino traffic
• cnet post
• TorrentFreak: Comcast Throttles BitTorrent Traffic, Seeding Impossible
• P2PNet: Comcast impedes hi-speed file sharing
• Carnegie Mellon???s CyLab and Nortel Combine Efforts to Research Leading Security Technologies
• SearchVoIP.au: Avaya white paper: VoIP Security for Dummies
• - Upcoming shows:
  
  
  
  • Oct 24-25, New York, USA, Interop
    
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON
• Comment (email) from Dan Wing about episode 69 and the potential DDoS attack
• Comment (email) from Raul Siles about episode 66
• Comment (email) from Raul Siles about SANS VoIP Security course
• Two-year-anniversary:
  • Comment (audio) from Martyn Davies
  • Comment (audio) from Dean Elwood
  • Comment (audio) from Mike Wallace
  • Comment (audio) from Raul Siles (with Matrix inclusion)
  • Comment (audio) from Carsten Helmuth (cut off)
  • Comment (email) from Scott Tanner
  • Comment (email) from Shlomo Dubrowin
• - Drawing for the book
• - Review of the last week's traffic on the VOIPSEC public mailing list 


• - Wrap-up of the show


• 51:14 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-7280 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

]]> Wed, 07 Nov 2007 19:52:27 +0000 voip security voip security vulnerabilities voip security news voip voip security podcast consumer voip vulnerabilities sans voip security sans Blue Box #70: 2-yr Anniversary show, VoIP security vulnerabilities, Vonage, Comcast, phishing, listener comments and much, much more...