Synopsis: Blue Box #74: 2008 Crystal Ball Edition, Asterisk and Trixbox vulnerabilities, top 10 lists, VoIP security trends for 2008 and more....

Welcome to Blue Box: The VoIP Security Podcast #74, a 44-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 20MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 
• new comment line +1-415-830-5439
• SE 22 with Jonathan Rosenberg
• Asterisk AST-2007-027: Database matching order permits host-based authentication to be ignored
• Voice of VOIPSA: Trixbox contains ‘phone home’ code to retrieve arbitrary commands to execute
• trixbox CE audit tool official statement and fixes
• Audit Tool Change Plan
• Audit tool ‘fix’ being pushed out tonight
• ComputerWorld: VoIP vulnerabilities increasing, but not exploits
• CRN: Top 9 VoIP Threats and Vulnerabilities (Sipera PR strikes again) – points to CRN article: VoIP Threats, Vulnerabilities Abound which is based on press release Sipera VIPER Lab Reveals Top 5 VoIP Vulnerabilities in 2007
• Voice of VOIPSA: Pointers to any audi methodology for forensic analysis of VoIP systems?
• TMC.net: SIP and Security: Just Do It Right!
• PAETEC, Alcatel-Lucent Deploy Industry Leading Disaster Recovery VoIP Solution
• Feature: top stories of 2007 and trends for 2008
• No comments this week.
• Review of the last week's traffic on the VOIPSEC public mailing list 
• Wrap-up of the show
• 43:57 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis: Blue Box #74: 2008 Crystal Ball Edition, Asterisk and Trixbox vulnerabilities, top 10 lists, VoIP security trends for 2008 and more....

Welcome to Blue Box: The VoIP Security Podcast #74, a 44-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 20MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long! 
• new comment line +1-415-830-5439
• SE 22 with Jonathan Rosenberg
• Asterisk AST-2007-027: Database matching order permits host-based authentication to be ignored
• Voice of VOIPSA: Trixbox contains ‘phone home’ code to retrieve arbitrary commands to execute
• trixbox CE audit tool official statement and fixes
• Audit Tool Change Plan
• Audit tool ‘fix’ being pushed out tonight
• ComputerWorld: VoIP vulnerabilities increasing, but not exploits
• CRN: Top 9 VoIP Threats and Vulnerabilities (Sipera PR strikes again) – points to CRN article: VoIP Threats, Vulnerabilities Abound which is based on press release Sipera VIPER Lab Reveals Top 5 VoIP Vulnerabilities in 2007
• Voice of VOIPSA: Pointers to any audi methodology for forensic analysis of VoIP systems?
• TMC.net: SIP and Security: Just Do It Right!
• PAETEC, Alcatel-Lucent Deploy Industry Leading Disaster Recovery VoIP Solution
• Feature: top stories of 2007 and trends for 2008
• No comments this week.
• Review of the last week's traffic on the VOIPSEC public mailing list 
• Wrap-up of the show
• 43:57 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.