Our apologies for the outage of both this blog and the main VOIPSA web site over the last weekend – and many thanks to all of you who wrote in to let us know. We recently moved the site to a new hosting provider and unfortunately it seems that in the initial move they missed moving over the domain name. That has now obviously been fixed and we’re back in action. Thanks again to those who let us know.
I’m very pleased to say that the response has been great to my request for new contributors to this site and over the past few days I’ve given author credentials to nine new authors. They represent a great range in experience and geography. A couple are seasoned VoIP/communication security professionals who have been around VOIPSA circles for a while and in a couple of cases have written books on the topic. (Some I’ve written about here or interviewed on Blue Box.) Others have been involved in security or VoIP but haven’t really had a profile in “VoIP security”, per se. And there are a couple who are brand new to the field but have some great passion to contribute.
I’m also pleased that we’ve added a couple of Europeans so that Martyn Davies is no longer holding down the fort as the only non-US regular contributor. We’ve also added our first contributor from India (or for that matter anywhere in Asia). While the vast majority of VoIP security issues have no relation to geography, there are of course laws and regulations that come up in different regions, as well as regional news items, and so it is nice to have a wider geographical distribution.
Thanks again to all who responded (and we’re still open to others) and we look forward to the additional posts they may bring over time.
Our whole goal with this site is to create conversations around VoIP / communications / UC / SIP security regarding what the issues are, what the “real” dangers are (as opposed to those sometimes hyped in the mainstream media), what the solutions are, etc. so that in the end we will all have safer and more secure communication systems.
Thanks to all of you – both writing and reading – for joining in that conversation.
If you found this post interesting or helpful, please consider either subscribing via RSS or following VOIPSA on Twitter.
Yes, indeed, the VoIP Security Alliance has joined the Twittersphere with:
http://twitter.com/voipsa
Feel free to follow us there if you are a Twitter user. The primary reason we are on Twitter is so that Twitter users can follow whatever blog posts we post here on the Voice of VOIPSA blog. We’ve noticed over time on other sites (and in our own actions) that some folks prefer to be notified of new blog posts via Twitter versus a RSS feed. So now you have that choice. Subscribe via RSS or via Twitter. We’ll respond to tweets as well, of course, but our primary goal is to provide another way to consume VOIPSA content.
If you are on Twitter, please do feel free to follow us. Thanks.
Are you interesting in writing about VoIP security? In providing updates on security news? Product reviews? Threat analyses? Notes about recent security advisories?
Would you like your writing to appear on this blog?
As you have probably noticed, the frequency of our posting here in recent months has dropped a bit. It’s definitely not for lack of content… anyone subscribing to a Google Alert on “voip security” or subscribing to the VOIPSEC mailing list will know that there are definitely ongoing VoIP security issues. But we collectively haven’t been writing all that often about those issues here on this blog. Many reasons… but mostly that those of us who have been writing for the three years since we started this blog have just been finding ourselves insanely busy and not able to make the time to write here frequently. A couple of folks have moved into roles where they no longer work directly with VoIP security. Others have started their own blogs or just gone on to other things.
So we are looking to recharge the “Voice of VOIPSA” writing corps a bit. Our goal all along has been to make this site a portal for news and analysis about “VoIP security” in whatever form that may take. We are looking for people who might be willing to write short notes about news stories related to security of VoIP, Unified Communications, etc. We are also looking for people interested in writing longer pieces like some of the deep analyses we have posted here in the past.
VOIPSA’s overall mission is to raise the level of discussion about communication security issues in the IP space – and we’re looking for anyone who would like to help us in doing that through this blog.
The only major requirement we have for writers here is that any pieces must be vendor-neutral, i.e. we are not looking for people to write here about how their company’s product will solve all your security woes. We’re not a marketing site for either VoIP or security vendors. However, we do welcome posts from people at those companies that talk about the general state of the industry. We also welcome posts from folks who may not be at any company in the space but are just passionately interested in the topic.
If you are interested in writing for Voice of VOIPSA, please send me an email expressing your interest and providing some background about your connection to VoIP security. If you write at an existing weblog, even on a completely different topic, it would be helpful if you sent along that link as well.
Thanks for continuing to follow this site and after three years of blogging, we’re looking forward to continuing to provide you information and analysis about VoIP/communication security for the next three years… and beyond!
Technorati Tags:
voipsa, voip, voip security, voipsecurity, security, blogging
If you are a LinkedIn user (as I am), there is now a “UC Security” group that you can join. The description of the group is:
Unified Communications is blurring the boundaries between Voice, Video and Data networks. As such, security threats that used to be in islands are now easily traversing across the network boundaries. UC Security provides a forum for people to share the common security issues around UC.
I can see that several of the “usual characters” in our security circles are already members of the group.
As we mentioned back in July, there is also a VOIPSA group on LinkedIn which you are welcome to join as well.
I am still not personally entirely sold on the value of LinkedIn groups, but I do have to admit that some of the discussions have in fact been useful and interesting. If you are a LinkedIn user, you may want to check out these groups and join in the discussions (or at least promote the existence of the groups through having them on your LinkedIn profile).
Technorati Tags:
security, uc, unifiedcommunications, voip, voipsecurity, voipsa, linkedin
It appears that there is a new book out on VoIP security named, rather simply, “Voice over IP Security“. It’s from Cisco Press and written by a Patrick Park. I haven’t seen the book yet but ITworld has an interview with the author. Amazon.com of course has some user reviews as well.
Good to see additional books coming out into the field. It will be interesting to see how this compares to the others out there.
P.S. If you have the book and would be interested in writing a review for this site, please feel free to contact me.
Technorati Tags:
voip security, books, voip, cisco, security
Over the past three years, we’ve covered at great length the case of Edwin Pena and Robert Moore where Pena created a scheme where he apparently represented himself as a legitimate VoIP service provider – and then routed calls over other people’s networks. When last we left the story, Pena’s co-conspirator Robert Moore was sitting in jail while Pena was reportedly off somewhere in South American.
ComputerWorld now reports that Edwin Pena has been caught in Mexico and will be extradited back to the US. It will be interesting to see what, if any, new information turns up during his trial.
(Hat tip to Shawn Merdinger for passing along this link in the VOIPSEC mailing list.)
If you will be in Miami at ITEXPO February 2-4 you are welcome to attend a free “SIP Trunking And Security” session I (Dan York) will be doing as part of Ingate Systems’ SIP Trunking Workshops. The SIP trunking workshops are free to all attendees even if you only register for an exhibit pass.
My session will be 11:15-12:30 on Wednesday, February 3rd, and if you do attend please feel free to come up and introduce yourself (or drop me a note in advance to let me know to look out for you). I’ll be bringing my recording gear, too, and the talk will eventually go out in my Blue Box Podcast feed so you will be able to hear it later.
P.S. If you are attending ITEXPO and your company makes a product or provides a service related to VoIP security, please feel free to let me know and perhaps we can schedule an interview to go out as a Blue Box Special Edition.
Technorati Tags:
danyork, itexpo, miami, voipsa, voip security, sip trunking, sip, sip security, security
Our friend Craig Bowser recently pointed out that TMC will have a schedule of “Network Security” classes at the upcoming ITEXPO in Miami on February 4th. The three classes are:
The companies involved are Acme Packet, Sipera and VoIPShield Systems, all of whom we’ve mentioned at various times either on this blog on over on Blue Box. Anyway, if you are heading down to ITEXPO, you may want to check out these session.
P.S. And if you ARE heading down to ITEXPO, please do let me know as I’ll be down there, too.
Over in his “Security: Secrets and Hype” blog, our friend Ari Takanen has announced because “Fuzzing Is Still Widely Unknown“, he’s going to evolve his blog there a bit:
Therefore, as a part of my new year resolution to change this blog into more generic fuzzing blog, I will start by sharing my experiences in the current state of fuzzing market. Based on a recent study by Gary McGraw and other well known security gurus, all major product security teams apparently use fuzzing (my comments on it here). But most (even security specialists) still seem to misunderstand what fuzzing really is about. So, I will focus on that here also. Enter the world of fuzzing!
Ari has a wealth of information on the topic of fuzzing (and has written a book on the subject) and so it will be interesting to see where he takes the blog. We’ll see…
Technorati Tags:
security, fuzzing, ari takanen
Welcome to the group weblog of the Voice over IP Security Alliance