Synopsis: Blue Box #86: Dan and Jonathan provide an update on what's happened in the year since Blue Box #85 and talk a bit about what's next

Welcome to Blue Box: The VoIP Security Podcast #86, a 19-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.

Download the show here (MP3, 9 MB) or subscribe to the RSS feed to download the show automatically.

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long!
• Dan and Jonathan discuss what has happened in the past year and why there have not been new shows.
• Discussion of what some of the main issues in VoIP security have been over the past year.
• Mention that fugitive Edwin Pena was extradited back to the US and arraigned in New Jersey court last Friday
• Mention of the recent traffic on the VOIPSEC public mailing list
  
• Wrap-up of the show
  
• 19:38 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post or via e-mail to blueboxpodcast@gmail.com. Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows. You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

If you found this post interesting or useful, please consider either subscribing to the RSS feed or following BlueBox on Twitter.

FYI, if you use Twitter, you can now find out when new shows are out and/or interact with Jonathan and I by following us at:

http://twitter.com/blueboxpodcast

And yes, new shows are on the way. I've been a wee bit busy with a recent job role change and Jonathan's had some crazy times on his end as well... but soon... real soon...

Last week at the Emerging Communications Conference (eComm) 2009 in San Francisco, a remarkable event happened: Jonathan Zar, Martyn Davies, and I (Dan York) all wound up at the same place at the same time. Over the 3.5 years since we started Blue Box back in October 2005, Jonathan and I have met at events, Martyn and I have met and Jonathan and Martyn have met. But the three of us had never been together at the same place.

Now the particular place we met was a "Dev Dinner" hosted by (my employer) Voxeo after the end of eComm - and we had some great conversations along with the food. Martyn produced his camera and we did record the actual event:

Alas, it was too noisy there for us to do any actual recording, but it was great to have all three of us there. For those who may not recall the history, Martyn was one of our earliest listeners and is the person who provided both the image that we use for Blue Box (in iTunes, in the MP3 file, etc.) and also the music that we use for the intro and outro. He's also guest-hosted several times and contributed a couple of interviews over the years.

P.S. And yes, Jonathan and I will be getting some more shows out...

Technorati Tags: bluebox, blue box, danyork, dan york, jonathan zar, martyn davies, ecomm, ecomm09

My session will be 11:15-12:30 on Wednesday, February 3rd, and if you do attend please feel free to come up and introduce yourself (or drop me a note in advance to let me know to look out for you). I'll be bringing my recording gear, too, and the talk will eventually go out in my Blue Box Podcast feed so you will be able to hear it later.

P.S. If you are attending ITEXPO and your company makes a product or provides a service related to VoIP security, please feel free to let me know and perhaps we can schedule an interview to go out as a Blue Box Special Edition.

Technorati Tags: danyork, itexpo, miami, voipsa, voip security, sip trunking, sip, sip security, security

Alan is working on a new solution but in the meantime you may want to grab the OPML file for the Security Bloggers Network (you should then be able to import this into most feed readers). There are a lot of great security blogs out there.

Stay tuned for more information - once Alan has another solution in place I'll post an update.

MANY THANKS to the couple of you who contacted me on Saturday to let me know about this!

So I fixed the web site yesterday morning so that "www.blueboxpodcast.com" pointed over to TypePad, where I host this site, and that all seems to be back in action. If you type in "blueboxpodcast.com" without the "www", it was going to a generic GoDaddy page but I've set up the forwarding now so that this should now redirect you to www.blueboxpodcast.com once the DNS propagation occurs.

What is still dead, though, is the RSS feed... which is rather annoying since that is what podcast subscription tools like iTunes use! In working through the issues this morning, it appears to be the issue that

Feedburner is not using the updated DNS information.

So it appears that I'm waiting for FeedBurner to update its DNS. I've tried all sorts of options in the FeedBurner settings, including the "Resync Feed" but nothing works because it seems that it is unable to get to the new site (because of DNS).

I've filed a help request in the FeedBurner Google Group (which appears to be the only way to get help). Hopefully FeedBurner will age out its DNS info soon and the feed will be back in action.

What I find strange, though, is that I'm 99% sure that all the DNS records had a TTL of 1 hour (and I'm 100% positive the new ones do). So my question to FeedBurner is - if that is the case, why aren't they respected the TTL settings of the domains?

I'll update this post once I have more information.

Technorati Tags: feeds, rss, feedburner, google, dns, bluebox

Jonathan Zar joined me a week later on Blue Box Podcast #2 and we've been going ever since. We've now produced over 112 episodes, had close to 245,000 downloads of our various shows, met some amazing people, learned a lot along the way... and hopefully helped you all learn a lot out there as well.

Thank you to all of you who have joined with us on this journey... whether you've listened to our show from the very beginning (and we know of a couple of you who have) or have only recently joined in... thank you!

And now... on to the next three years... :-)

Technorati Tags: blue box, bluebox, dan york, danyork, jonathan zar, security, voip, voip security, voipsa

Synopsis: Blue Box #85: Internet phone calls and terrorism, Georgia Tech report on Emerging Cyber Security Threats, phone jamming, 802.1X-REV, 802.1AE, VoIP security news and more

Welcome to Blue Box: The VoIP Security Podcast #85, a 32-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 15 MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long!
• Programming notes:
  • Three-year anniversary of Blue Box coming up on October 24th - any thoughts you'd like to share with us? (Please send them to us by October 23rd.)
• The Times: "Internet phone calls are crippling fight against terrorism" - and my response on the Voice of VOIPSA blog
• FierceVoIP: "UK crimefighting concern over VoIP calls, social networks" 
• BBC: Data powers behind the times 
  
• GA Tech Survey (PDF) (link about the GA conference )
• Dark Reading: Cellphone Botnets, Blackmailing VOIP & a Healthy Cybercrime Economy
• bMighty.com: Georgia Tech Security Report Scarier Than Its Football Team
• cNet: Botnets on cell phones in 2009?
• telecoms.com: Smartphone is a hotbed of security issues
  
• VNUnet: Security industry falling behind hackers
  
• AP: Phone Jamming in NH
  
• GigaOm: EEF Challenges Telco Immunity in Court 
  
• Information Week: New Protocols Secure Layer 2
• Voice of VOIPSA: Asking The Cisco Systems IPICS and JPS Raytheon ACU-2000 Experts: Questions 36-40
• Other Voice of VOIPSA articles
• snom technology AG: snom 820 combines mature VoIP technology with exclusive design
• IDC Finds Increasing Hype Around Unified Communications Is Affecting How Customers Select Telephony Systems and Services (interesting movement in the top vendors used  - Nortel out and IBM in)
• Peerless VoIP Peering
• Comment (IM) from Christian Wieser
• Review of the last week's traffic on the VOIPSEC public mailing list
  
• Wrap-up of the show
  
• 32:10 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Three years later... 84 main Blue Box episodes (with one more recorded) .... 26 Special Editions (with about 10 in the queue)... almost 250,000 downloads... we're still here and, with an admitted bit of a rough patch this summer, are still going along creating shows and enjoying what we do.

Jonathan and I are planning to record a 3-year show on this coming Friday, October 24th, and if you have any comments you would like us to include in that show, please do get them to us by the end of the day on Thursday, October 23rd. You can send them to us via:

• Email to blueboxpodcast@gmail.com
• Phone to +1-415-830-5439
• Phone via SIP to sip:bluebox@voipuser.org

The show started out 3 years ago as really an experiment in seeing whether or not podcasting could be used to reach out to very specific audiences... and it's been both fun, amazing and interesting to see how well it's done.

Thank you to all of you who have continued to listen and contribute over the years!

Technorati Tags: blue box, bluebox, voip, voip security, security, dan york, jonathan zar, voipsa

Synopsis:  Blue Box #84: New Cisco, Avaya, Nortel VoIP security vulnerabilities from VoIPShield, Skype in China, UCSniff and other new tools, news and more

Welcome to Blue Box: The VoIP Security Podcast #84, a 30-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long!
• Programming notes:
  • Three-year anniversary of Blue Box coming up on October 24th - any thoughts you'd like to share with us? (Please send them to us by October 23rd.)
• VoIPShield announces new vulnerabilities and http://www.voipshield.com/research.php
• http://www.theregister.co.uk/2008/09/30/voip_eavesdropping_tool/
• "Sipera Develops VoIP Spy Program - to Prove a Point" - http://www.voipplanet.com/trends/article.php/3776136
• SecureLogix Announces Free Availability of VoIP Security Tools
• NY Times: Surveillance of Skype Messages Found in China - http://www.nytimes.com/2008/10/02/technology/internet/02skype.html?_r=2&partner=rssnyt&pagewanted=print
• http://securitywatch.eweek.com/privacy/skypechina_breach_is_anyone_really_surprised.html
• http://www.informationweek.com/news/telecom/voip/showArticle.jhtml?articleID=210605439
• Skype CEO's blog post about the issue: http://share.skype.com/sites/en/2008/10/answers_to_some_commonly_asked.html
• http://www.itbusinessedge.com/blogs/top/?p=398
• http://www.voip-news.com/feature/google-phone-europe-growth-092408/
• http://www.itnewsafrica.com/?p=1269
• http://news.cnet.com/8301-1009_3-10052393-83.html
• http://www.broadbandreports.com/shownews/VoIP-Vulnerabilities-Being-Exposed-Today-98039
• http://www.itbusinessedge.com/blogs/top/?p=402
• http://voipsa.org/blog/2008/10/07/5th-emergency-services-workshop-to-be-held-oct-21-23-in-vienna/
• http://eon.businesswire.com/news/eon/20080924005342/en
• http://www.crn.com/security/210602442
• http://it.tmcnet.com/topics/it/articles/41236-infoblox-unveils-dns-firewall-address-dns-vulnerability-concerns.htm
• http://www.newswire.ca/en/releases/archive/September2008/29/c9005.html
• No comments this week.
  
• Review of the last week's traffic on the VOIPSEC public mailing list
  
• Wrap-up of the show
  
• 30:26 - End of show 

NOTE: Long-time listeners will note that the show notes above are in a less descriptive form than usual. After almost three years of using one wiki for preparing for our shows, Jonathan and I switched to using a new system and are still working out some of the details that will speed the input into show notes.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis:  Blue Box #83: SIP and Asterisk vulnerabilities, voice biometrics, P2PSIP, Aircell blocking Skype, VoIP security news and more…

Welcome to Blue Box: The VoIP Security Podcast #83, a 39-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 18MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was recorded on September 4, 2008.

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long!
• Programming notes:
  • Three-year anniversary of Blue Box coming up on October 24th - any thoughts you'd like to share with us? (Please send them to us by October 23rd.)
• Remote DoS in reSIProcate
• Remote root shell in Trixbox
• Second route of VoIPShield Cisco/Avaya/Nortel vulnerabilities
• AST-2008-010 – IAX2 ‘POKE’ Resource Exhaustion
• AST-2008-011 – IAX2 Firmware Provisioning System
• Saunderslog: Squawk Box – July 10, 2008: Voice biometrics and VoiceVerified.com
• Saunderslog: Squawk Box – July 9, 2008: P2PSIP
• IETF: P2PSIP Security Requirements
• Voice of VOIPSA: “Aircell blocking VoIP on a plane” – part 1 , part 2 and an update
• Voice of VOIPSA: Shawn Merdinger’s series on “Asking The Cisco IPICS Expert” – Questions 1-5 – 6-10 – 11-15 – 16-20 – 21-25
• Voice of VOIPSA: Asterisk ‘hack’ to show blocked Caller-ID points to larger trust issues with SIP (and SpeechTEK speech)
• NetworkWorld: Georgia student arrested for hacking grades, VoIP
• CRN: Analysis: Hacking VoIP as easy as 1-2-3
• Ari Takanen starts blogging at InfoWorld
• InfoWorld: Motivation for VoIP Fuzzing
• TMCnet: How to keep your tech career afloat
• New analyst report: Security Threats Loom Over Unified Communications pointing to Light Reading report and article
• VoIP Companies to Fight For Market Share
• IEEE approves 802.11r standard
• Google Chrome – upgrading the web to be application-centric
• Items on my DisruptiveTelephony blog… Skype 5th birthday, Asterisk future, Digium/Nortel
• No comments this week.
  
• Review of the last week's traffic on the VOIPSEC public mailing list
  
• Wrap-up of the show
  
• 39:08 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis:  Blue Box Special Edition #26: Astricon 2007 presentation - "Hacking and Attacking VoIP Systems: What you need to worry about"

Welcome to Blue Box: The VoIP Security Podcast Special Edition #26, a 55-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 6MB) or subscribe to the RSS feed to download the show automatically. 

You may also listen to this podcast right now:

Show Content:

A year ago in September 2007, I (Dan York) spoke at Astricon 2007 in Arizona, USA, about "Hacking and Attacking VoIP Systems: What You Need To Worry About" My presentation covered a lot of the typical VoIP security threats, tools and best practices but also expanded a bit into specific security issues with Asterisk.  Please do keep in mind that it has been a year since this presentation and so some of the issues I mention have been addressed. (Astricon, for those who don't know, is an annual developer conference for those who work with the Asterisk open source telephony platform. Astricon 2008 is, in fact, coming up in about 3 weeks but I will not be attending this year.)

The slides for this talk are available from Slideshare:

(And yes, at some point I'll sync the audio with the slides.)

Production assistance on this Special Edition was provided by Michael Graves who had a very tough task given the poor quality of the recording that I gave to him!  Kudos to Michael for getting it to sound as good as it does.

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.

Synopsis:  Blue Box #82: Asterisk & Skype security vulnerabilities, new VoIP security tools, VoIP steganography, VoIP security news and much, much more...

Welcome to Blue Box: The VoIP Security Podcast #82, a 47-minute podcast  from Dan York and Jonathan Zar covering VoIP security news, comments and opinions.   

Download the show here (MP3, 21MB) or subscribe to the RSS feed to download the show automatically. 

NOTE: This show was originally recorded on June 21, 2008.

You may also listen to this podcast right now:

Show Content:

• 00:20 - Intro to the show, contact information and how to provide comments.  Welcome to all the new listeners - and to all those listeners who have been here for so long!
• Programming notes:
  • Note about the production team – new special editions coming soon.
  • Note about URLs for the media files
• AST-2008-008 – Remote Crash Vulnerability in SIP channel driver when run in pedantic mode
• AST-2008-009 – Remote crash vulnerability in ooh323 channel driver
• Skype-SB-2008-003 – Skype File URI Security Bypass Code Execution Vulnerability
• New version of SIPvicious


• Sipflanker – tool to find SIP devices with web GUIs




• Discussion about VoIP Steganography (pointed to by Craig Bowser)


• Geeks Are Sexy: New Technology Hides Messages in Internet Phone Calls – and Switched: Spies to Use Skype to Send Secret Messages? – and The Register


• FierceVoIP: VoIP Security and the Circle of Trust pointing to Government Computer News: Careful with the call



• The Register: ‘Untraceable’ phone fraudsters eye your credit card



• SearchUnifiedCommunications: Disaster and recovery in the VoIP/IPT RFP



• Secure Computing: Voice tools under enemy fire



• VNUnet: A good VoIP application is worth paying for



• Ofcom confirms VoIP providers must provide access to 999 and 112



• Bogdan Materna’s blog is live
• Realtime Community: The Essentials Series:
  Messaging and Web Security
  Volume III


• Global Knowledge: On-Demand Webinar on VoIP Security (hat tip to Thomas Lee )


• SearchSecurity: The threats to telcos and how they can repel them


• TMCnet: Balancing Issues in World of Telepresence


• Network World: VoIP Security Buying Guide
• Nortel and SecureLogix Team to Deliver Voice Security and Management Solutions to Worldwide Enterprise Market (see also this analysis )


• Sipera Partner Network Arms Resellers With Comprehensive UC and VoIP Security


• VIVOphone Deploys Paradial RealTunnel® to Solve NAT Traversal Challenges for VoIP Services


• Audiocodes joins the ranks of SBC vendors


• SearchSecurity: Securing the new network (interesting because it shows the layers of a defense in depth)


• The Hindu Business News: Serious about Security


• Shows:
  
  
  
  • IP Telephony University – June 23-24, Alexandria, VA
  
  
  • IPTComm 2008 – July 1-2, Heidelberg, Germany
  
  
  • The Last H.O.P.E. – July 18-20, New York
  
  
  • SpeechTek – August 18-20, New York
  
  
  
  
• Call for papers for Hack-in-the-box Malaysia ends June 30th



• SchmooCon 2008 videos available – several dealing with VoIP
• No comments this week.
  
• Review of the last week's traffic on the VOIPSEC public mailing list 


• Wrap-up of the show


• 47:09 - End of show 

Comments, suggestions and feedback are welcome either as replies to this post  or via e-mail to blueboxpodcast@gmail.com.  Audio comments sent as attached MP3 files are definitely welcome and will be played in future shows.  You may also call the listener comment line at either +1-415-830-5439 or via SIP to 'bluebox@voipuser.org' to leave a comment there. 

Thank you for listening and please do let us know what you think of the show.


]]>Synopsis: Blue Box #82: Asterisk & Skype security vulnerabilities, new VoIP security tools, VoIP steganography, VoIP security news and much, much more... Welcome to Blue Box: The VoIP Security Podcast #82, a 47-minute podcast from Dan York and Jonathan Zar...noSynopsis: Blue Box #82: Asterisk & Skype security vulnerabilities, new VoIP security tools, VoIP steganography, VoIP security news and much, much more... Welcome to Blue Box: The VoIP Security Podcast #82, a 47-minute podcast from Dan York and JonathaDan York and Jonathan ZarSynopsis: Blue Box #82: Asterisk & Skype security vulnerabilities, new VoIP security tools, VoIP steganography, VoIP security news and much, much more... Welcome to Blue Box: The VoIP Security Podcast #82, a 47-minute podcast from Dan York and Jonathan Zar...VoIP,IP,telephony,voice,over,IP,security,skype,telecommunicationshttp://www.blueboxpodcast.com/2008/08/blue-box-82-ast.htmlhttp://media.libsyn.com/media/lodestar/BBP-082-2008-06-21.mp3Copyright 2006 Dan YorkDan York and Jonathan Zarnonadult