Synopsis:  Blue Box #78: Cisco IP phone vulnerabilties, WiFi handset insecurity, IETF security-related news, VoIP security news, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast #78, a 40-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 17MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was originally recorded on February 25, 2008. Yes, that was two months ago... we know!

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 
• new comment line +1-415-830-5439
• Special Edition #23 with Sonus Networks
• Squawk Box podcast about voice phishing ??? also this article Vishing: The Latest, and Greatest, Security Concern
• Cisco: Cisco Unified IP Phone Overflow and DoS Vulnerabilities and Dustin Trammell???s coverage
• ZDNet: Design flaw in wireless VoIP handsets endanger the enterprise followed by Cisco confirms vulnerability in 7921 WiFi IP phone
• Voice of VOIPSA: Slides about P2PSIP security new available
• Voice of VOIPSA: RUCUS mailing list & BOF
• Voice of VOIPSA: End-to-end VoIP security using DTLS-SRTP
• Also a whole bunch on SIP Identity
• SIP Torture Tests for IPv6 now out in RFC 5118
• SIP Usage Scenarios Similar to SPIT
• SPEERMINT Security BCPs
• SIP Identity Baiting Attack
• Concerns around Applicability of RFC 4474
• VoIP Hopper 0.9.9 released (site ) ??? Thanks to Frank Leonhardt for the info.
• VoIP News: Is Someone Listening to Your VoIP Calls? (linked to from ZDNet )
• ZDNet: Cracking GSM
• TMCnet- Practicing Safe OCS
• TMCnet- Security Attack of the Day (Tom Cross starts blogging for TMCnet)
• Speaking of Tom, Techtionary.com Releases SIP Security Checklist
• Voice of VOIPSA: SIPTap Author forms VoIP Security Company (by Craig Bowser!)
• Voice of VOIPSA: Underpowered Hardware
• Project Spider ??? about SPIT
• CBC: Bell recovers stolen data on 3.4 million customers
• Comment (email) from Larry Farmer
• Comment (email) from Shlomo Dubrowin
• Comment (email) about SE #23
• Review of the last week's traffic on the VOIPSEC public mailing list 
• Wrap-up of the show
• 40:01 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis:  Blue Box #78: Cisco IP phone vulnerabilties, WiFi handset insecurity, IETF security-related news, VoIP security news, listener comments and more

Welcome to Blue Box: The VoIP Security Podcast #78, a 40-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 17MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was originally recorded on February 25, 2008. Yes, that was two months ago... we know!

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 
• new comment line +1-415-830-5439
• Special Edition #23 with Sonus Networks
• Squawk Box podcast about voice phishing – also this article Vishing: The Latest, and Greatest, Security Concern
• Cisco: Cisco Unified IP Phone Overflow and DoS Vulnerabilities and Dustin Trammell’s coverage
• ZDNet: Design flaw in wireless VoIP handsets endanger the enterprise followed by Cisco confirms vulnerability in 7921 WiFi IP phone
• Voice of VOIPSA: Slides about P2PSIP security new available
• Voice of VOIPSA: RUCUS mailing list & BOF
• Voice of VOIPSA: End-to-end VoIP security using DTLS-SRTP
• Also a whole bunch on SIP Identity
• SIP Torture Tests for IPv6 now out in RFC 5118
• SIP Usage Scenarios Similar to SPIT
• SPEERMINT Security BCPs
• SIP Identity Baiting Attack
• Concerns around Applicability of RFC 4474
• VoIP Hopper 0.9.9 released (site ) – Thanks to Frank Leonhardt for the info.
• VoIP News: Is Someone Listening to Your VoIP Calls? (linked to from ZDNet )
• ZDNet: Cracking GSM
• TMCnet- Practicing Safe OCS
• TMCnet- Security Attack of the Day (Tom Cross starts blogging for TMCnet)
• Speaking of Tom, Techtionary.com Releases SIP Security Checklist
• Voice of VOIPSA: SIPTap Author forms VoIP Security Company (by Craig Bowser!)
• Voice of VOIPSA: Underpowered Hardware
• Project Spider – about SPIT
• CBC: Bell recovers stolen data on 3.4 million customers
• Comment (email) from Larry Farmer
• Comment (email) from Shlomo Dubrowin
• Comment (email) about SE #23
• Review of the last week's traffic on the VOIPSEC public mailing list 
• Wrap-up of the show
• 40:01 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis: Interview with Bob Bradley of Sonus Networks

Welcome to Blue Box: The VoIP Security Podcast Special Edition #23, a 19-minute interview with Bill Bradley, Product Line Manager for Security Solutions at Sonus Networks.  Recorded at Fall VON in Boston at the end of October 2007.

Download the show here (MP3, 9MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

In this Special Edition, I sat down with Bob Bradley, Product Line Manager for Security Solutions at Sonus Networks to talk about their products and how they protect VoIP and other traffic. In particular we discussed the Sonus Network Border Switch including how it fits into network installations and how it is different from other similar products on the market.  We also covered some general issues around SIP security and talked about the company in general.

I will candidly admit that I was not very aware of Sonus' solutions prior to this podcast, but since this time I've found their products running in a range of places I had not noticed them before.  I believe you all will find this a useful introduction to an interesting company and useful solutions.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis: Interview with Bob Bradley of Sonus Networks

Welcome to Blue Box: The VoIP Security Podcast Special Edition #23, a 19-minute interview with Bill Bradley, Product Line Manager for Security Solutions at Sonus Networks.  Recorded at Fall VON in Boston at the end of October 2007.

Download the show here (MP3, 9MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

In this Special Edition, I sat down with Bob Bradley, Product Line Manager for Security Solutions at Sonus Networks to talk about their products and how they protect VoIP and other traffic. In particular we discussed the Sonus Network Border Switch including how it fits into network installations and how it is different from other similar products on the market.  We also covered some general issues around SIP security and talked about the company in general.

I will candidly admit that I was not very aware of Sonus' solutions prior to this podcast, but since this time I've found their products running in a range of places I had not noticed them before.  I believe you all will find this a useful introduction to an interesting company and useful solutions.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there.

Thank you for listening and please do let us know what you think of the show.

Synopsis:Blue Box #68: Top 14 VoIP Vulnerabilities, Asterisk security, VoIP hacker, IMS, P2P, Skype, industry moves, VoIP security news, listener comments and more...

Welcome to Blue Box: The VoIP Security Podcast #68, a 46-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 


• 01:03 - Programming notes:
  
  • New comment line – 206-350-7280
  
  
  • Slight web site changes
  
  
  • Books from Peter Thermos and Ari Takanen – anniversary show promotion
  
  
• 03:27 - NetworkWorld: Top 14 VoIP Vulnerabilities – and also this comment in reply


• 07:08 - blog.spywareguide.com: Bubbles… for Kids! (spyware that propagates via Skype IM)


• 09:25 - Voice of VoIPSA: What would your security roadmap for Asterisk be? and 3Com to sell/support Asterisk


• 18:11 - Voice of VOIPSA: VoIP Hacker Goes to Jail pointing to Information Week interview with Robert Moore which is similar to the Telecom Junkies interview I did earlier with Robert Moore.


• 19:14 - Converge!Digest: Defending the IMS Core (sponsored by Sonus)


• 20:56 - Processor: Getting Tough with P2P= which relates to Dan’s recent issues with using Skype at a hotel


• 26:36 - PC World: Attack of the Killer Bots


• 28:57 - News Releases
  • Sipera Secures $10 Million to Further Advance VoIP/UC Security=
  
  
  • Bandwidth.com Bands with Acme Packet (finally, security for SIP trunking!)
  
  
  • Radware Unveils Industry First Behavioral Server Protections as Part of its Full Spectrum Protection Technology
  
  
  • Alcatel-Lucent Bolsters its Security Solutions in Worldwide Reseller Agreement with CloudShield Technologies
  
  
  • Clavister Announces New Version of its IP-Based Security Operating System (see also press release )
  
  
  • ForeScout Continues Innovation Leadership with Latest Network Access Control Offering=
  
  
  
  
• 32:24 - 3Com bought by Bain Capital, Huawei


• 34:58 - Skype CEO out, eBay takes $1.4 million charge


• 37:08 - Nokia to buy Navteq


• 38:26 - Vonage loses patent trial
  


• 39:29 - Upcoming shows:
  
  
  
  • Oct 24-25, New York, USA, Interop
    
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON


• 39:58 - Comment (email) from Peter Thermos


• 42:15 - Comment (email) from Frank Leonhardt about Skype malware


• 42:24 - Comments (blog) about video edition #1


• 42:51 - Brief commentary from Dan about using TalkPlus to call a SIP URI from a cell phone


• 45:39 - Review of the last week's traffic on the VOIPSEC public mailing list 


• 46:00 - Wrap-up of the show
  


• 46:51 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-7280 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis:Blue Box #68: Top 14 VoIP Vulnerabilities, Asterisk security, VoIP hacker, IMS, P2P, Skype, industry moves, VoIP security news, listener comments and more...

Welcome to Blue Box: The VoIP Security Podcast #68, a 46-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 


• 01:03 - Programming notes:
  
  • New comment line – 206-350-7280
  
  
  • Slight web site changes
  
  
  • Books from Peter Thermos and Ari Takanen – anniversary show promotion
  
  
• 03:27 - NetworkWorld: Top 14 VoIP Vulnerabilities – and also this comment in reply


• 07:08 - blog.spywareguide.com: Bubbles… for Kids! (spyware that propagates via Skype IM)


• 09:25 - Voice of VoIPSA: What would your security roadmap for Asterisk be? and 3Com to sell/support Asterisk


• 18:11 - Voice of VOIPSA: VoIP Hacker Goes to Jail pointing to Information Week interview with Robert Moore which is similar to the Telecom Junkies interview I did earlier with Robert Moore.


• 19:14 - Converge!Digest: Defending the IMS Core (sponsored by Sonus)


• 20:56 - Processor: Getting Tough with P2P= which relates to Dan’s recent issues with using Skype at a hotel


• 26:36 - PC World: Attack of the Killer Bots


• 28:57 - News Releases
  • Sipera Secures $10 Million to Further Advance VoIP/UC Security=
  
  
  • Bandwidth.com Bands with Acme Packet (finally, security for SIP trunking!)
  
  
  • Radware Unveils Industry First Behavioral Server Protections as Part of its Full Spectrum Protection Technology
  
  
  • Alcatel-Lucent Bolsters its Security Solutions in Worldwide Reseller Agreement with CloudShield Technologies
  
  
  • Clavister Announces New Version of its IP-Based Security Operating System (see also press release )
  
  
  • ForeScout Continues Innovation Leadership with Latest Network Access Control Offering=
  
  
  
  
• 32:24 - 3Com bought by Bain Capital, Huawei


• 34:58 - Skype CEO out, eBay takes $1.4 million charge


• 37:08 - Nokia to buy Navteq


• 38:26 - Vonage loses patent trial
  


• 39:29 - Upcoming shows:
  
  
  
  • Oct 24-25, New York, USA, Interop
    
  • Oct 29-Nov 1, Boston, USA, Fall 2007 VON


• 39:58 - Comment (email) from Peter Thermos


• 42:15 - Comment (email) from Frank Leonhardt about Skype malware


• 42:24 - Comments (blog) about video edition #1


• 42:51 - Brief commentary from Dan about using TalkPlus to call a SIP URI from a cell phone


• 45:39 - Review of the last week's traffic on the VOIPSEC public mailing list 


• 46:00 - Wrap-up of the show
  


• 46:51 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-206-350-7280 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.