Just FYI, we’re going to be upgrading this site to WordPress 2.5 sometime in the next couple of days. There should be no noticeable impact to the site but if you land here sometime and the site looks a bit strange, it may be because we’re in the middle of the upgrade. (We do not expect to have any issues moving the theme we use to WP 2.5, but we don’t know.)
Over on his VoPsecurity.org site, Peter Thermos is now running a poll asking the question: what do you see as the top VoIP threats for 2008?
Why not fill it out? It’s completely anonymous and, being self-selected it’s not overly scientific, but hey, it could be an interesting snapshot of the people who have found his site.
Technorati Tags:
voip, voip security
Earlier this week, the team at Digium released four new security vulnerabilities:
The solution is, predictably, to upgrade to the latest version of whichever stream of Asterisk you are using.
Technorati Tags:
asterisk, asterisk security, security, voip, sip, sip security, voip security
If you are interested in listening in to today’s session here at IETF about “Reducing Unwanted Communications Using SIP” (RUCUS) which I’ve mentioned previously, I’ve posted information about how to participate in IETF remotely. The RUCUS session takes place from 1300-1500 US Eastern time today.
Streaming audio should be available on ietf71-ch4.
Jabber group chat should be available as well, but I don’t know yet in which chat room it will be. There isn’t yet a chat room on the IETF server for ‘rucus’. I’ll update this post once I know where the chat room is.
UPDATE: A request is in to create the ‘rucus@jabber.ietf.org’ room. If that room isn’t created in time, we’ll use the SIPPING room at ’sipping@jabber.ietf.org’. We’ll announce on the streaming audio which one we are using.
Technorati Tags:
ietf, spit, spam, rucus, voip security
buy viagra
buy viagra online
viagra online
discount viagra
order viagra
cheap viagra
generic viagra
generica viagra
viagra buy
viagra price
order viagra online
viagra generic
viagra pill
where buy viagra
buy viagra cheap
viagra order
get viagra
buy online viagra
online viagra
viagra sale online
where to buy viagra
cheapest viagra
purchase viagra
cheap viagra online
viagra buy online
buying viagra
buy viagra on
generic viagra canada
prescription viagra
buy viagra norway
generic viagra pack
buy viagra in nevada
buy viagra now online
viagra online buy
find viagra online
buy cheap viagra online
cheap generic viagra
buy cheap viagra
generic viagra online
viagra sale
generic viagra cheap
buy viagra on line
where buy generic viagra
viagra online bestellen
viagra prescription online
generic online viagra
low price viagra
cheapest viagra price
buy generic viagra
viagra uk
viagra online prescription
cheap est viagra
viagra soft tab
viagra discount
viagra cheap
where to buy viagra on line
buying viagra online
buy viagra now
purchase viagra online
viagra pharmacy
natural viagra
buy viagra in canada
viagra paypal
viagra on line
viagra 100mg
viagra without prescription
cheapest place to buy viagra online
generic Cialis
buy cialis
buy cialis online
cialis online
online cialis
order cialis
cheap cialis
discount Cialis
generic cialis price
cialis prescription
buy cialis generic
cialis online discount
cheapest cialis
buy discount cialis
purchase cheap cialis online
order cialis online
cialis for sale
cialis price
purchase cialis
cialis online pharmacy
buy Cheap Cialis
cialis story
generic cialis online
best cialis price
cheapest cialis generic
order generic cialis
low cost cialis
buy cialis generic online
levitra
buy levitra
cheap levitra
levitra online
buy levitra online
order levitra
order levitra online
cialis levitra
generic levitra
online levitra
buy cheap levitra
discount levitra
levitra sale
buy generic levitra
levitra online pharmacy
levitra price
purchase levitra
cheap levitra online
levitra story
levitra on line
levitra prescription
levitra cheap
best price for levitra
buy xanax
buy phentermine
buy lasix
tramadol
buy tramadol
buy tramadol online
tramadol online
cheap tramadol
order tramadol
tramadol hcl
ultram tramadol
tramadol prescription
online tramadol
tramadol sale
purchase tramadol
buy cheap tramadol
order tramadol online
overnight tramadol
tramadol cheap
tramadol pharmacy
discount tramadol
tramadol hydrochloride
tramadol 50mg
cheap tramadol online
generic tramadol
buy clomid
buy prozac
buy cipro
buy diflucan
buy acomplia
buy lexapro
buy flagyl
buy propecia
order propecia
cheap propecia
propecia online
order propecia online
buy propecia online
generic propecia
compare propecia
propecia without prescription
propecia prescription
propecia pill
discount propecia
online propecia
cheapest propecia
get propecia
propecia order
propecia price
propecia uk
propecia cost
propecia sale
purchase propecia
buy cheap propecia
propecia sale online
buy online propecia
online pharmacy propecia
online prescription propecia
buy generic propecia
buying propecia
buy propecia now
buy fosamax
buy kamagra
buy clomid online
buy prozac online
buy cipro online
buy diflucan online
buy acomplia online
buy lexapro online
buy flagyl online
As I mentioned previously (here and here), the “RUCUS” BOF about voice spam at IETF 71 in Philadelphia is one of great interest with its focus on voice spam, a.k.a. “SPam for Internet Telephony” or “SPIT”. Unfortunately BOF co-chair Hannes Tschofenig ran into a problem with his domain and had to move the page to a new URL: http://www.shingou.info/bof-rucus.html
If you saved the URL or sent it on to someone, you’ll need to update to using the new URL. If you didn’t visit the RUCUS page before, please do check it out - and feel free to join the RUCUS mailing list. Of course, if you can, please do join us in person in Philadelphia!
Blue Box listener Frank Leonhardt clued us in to the fact that VoIP Hopper 0.9.9 was released back on February 19th. VoIP Hopper is a tool that allows you to “hop” between the data a voice VLANs (or any other VLANs) that was written primarily because the authors were tired of hearing people say that VLANs were a true security mechanism (Hint: They’re NOT!). We’ve written about it before and talked about on a Blue Box episode and a Telcom Junkies show and it is indeed an interesting test tool. Per the release notice, this version 0.9.9 has these new features:
- CDP Generator! VoIP Hopper can generate CDP packets in order to discover the Voice VLAN ID, as any IP Phone based on CDP would do. In this CDP spoof mode, VoIP Hopper will send two CDP packets in order to decipher the VVID, then it will iterate between sleeping for 60 seconds, and sending another packet. Not only is this faster than CDP sniffing, but it can also help bypass any mechanisms that rely on CDP for permitting access to the Voice VLAN.
- Voice VLAN Interface Delete: VoIP Hopper can delete the created Voice
Interface- MAC Address Spoof, then exit: VoIP Hopper can change the MAC Address of
an interface offline and exit, without VLAN Hopping.
You can visit the VoIP Hopper site to learn more.
Technorati Tags:
voip, security, voip security, voip security tools, voip hopper, vlans
Want to learn more about the voip security aspects of peer-to-peer SIP? As I mentioned in the VOIPSEC mailing list last week, researchers from Huawei and the University of California recently released an Internet-Draft called “P2PSIP Security Analysis and Evaluation” which dives into an analysis of security issues in P2PSIP. It’s a good overview and one I’d strongly recommend to folks. (Note - you may want to read “P2PSIP Concepts” first to understand the language being used.)
Beyond the Internet-Draft, though, the researchers announced yesterday that their slides are now available (PPT) that go into the issues. These are being prepared from presentation at the upcoming IETF 71 meeting March 10-14 in Philadelphia, so if you are attending the event you’ll be able to hear the presentation yourself.
Peer-to-peer SIP is a fascinating area of current research and it’s good to see work like this being put into exploring the security aspects. Note - the researchers are looking for feedback so if you have comments on what you read, their contact information is in the Internet-Draft.
Technorati Tags:
SIP, IETF, security, voip security, SIP security, p2p, p2psip, peer-to-peer
Blue Box Podcast #76 is now available discussing Cisco, Skype and BT
vulnerabilities, when SIP looks like SPIT, VoIP security threat
predictions and the FBI forgets to pay their bills, plus listener
comments and more…
Jonathan and I recorded the show on January 22nd and I’m now *almost*
caught up with 1 main show still in the production queue (and about
10 special editions!)
Technorati Tags:
bluebox, blue box, voip, voip security, security
As mentioned previously, there is a new session planned for IETF 71 in March called “Reducing Unwanted Communications Using SIP“, a.k.a. “RUCUS”.
The RUCUS mailing list is now open for subscriptions and we encourage anyone interested in looking at how we address the issue of voice spam, aka “Spam for Internet Telephony” aka “SPIT” to join into the conversation.
We would ask you to please read the group description prior to joining so that you understand what we are trying to do. The primary goal of this session in March in Philadelphia is to look to understand the architecture necessary to address the issue and identify the pieces of that architecture that may already be there or may need to be put in place.
Technorati Tags:
rucus, spit, spam, voice spam, voip, voip security, security, ietf, standards
Blue Box Special Edition #23 is now available for download. In this podcast I sat down with Bob Bradley from Sonus Networks to talk about their products and solutions, how they secure customers networks and how they are different from other similar products in the market. I believe you’ll find it an interesting and useful introduction to the company.
Technorati Tags:
voip, voip security, blue box, sonus
Welcome to the group weblog of the Voice over IP Security Alliance