Voice of VOIPSA

Blue Box Podcast #72 is now available for download. In this episode, Jonathan and I discuss the Asterisk vulnerabilities that came out at the end of November, the German government’s interest in installing spyware in order to record Skype calls and a number of other VoIP security news items as well as listener comments.

Technorati Tags:
voip, voip security, bluebox, blue box

Blue Box Podcast #69 is now available for download. In this 46-minute episode, Jonathan and I discuss the Linksys SPA-941 vulnerability mentioned in the VOIPSEC list, a potential SIP DDoS, a new release of SIPVicious, a suggested Asterisk security roadmap, other VoIP security news, listener comments and more.

Over on the Blue Box site, I’m pleased to announce that I uploaded Blue Box Video Edition #1, our very first experiment with adding a video component to the podcast.  In this 5-minute video, I was out at VoiceCon San Francisco last week and interviewed Sachin Joglekar from Sipera Systems about the SIP softphone exploit they first demonstrated at Black Hat.  Comments and opinions are definitely welcome.  Would you like to see more of these type of videos?

Click To Play

Blue Box Special Edition #18 is now available for download. This episode features Martyn Davies interviewing first Rod Hodgman from Covergence and then Jeff Carr from Borderware about the role of the Session Border Controller (SBC).  In each interview, he discusses the company, their products, the role of SBCs and poses the question “Do SBCs break SIP?”  Each of the interviewees also discussed a user of their products and provides other information about their company.  More information and pictures are available in the episode show notes.

Blue Box Podcast #56 was posted yesterday with a look at the recent Skype worm, a comparison of ZFone and PKI, McAfee’s Sage Journal, VoIP security news and more. With this show, Jonathan and I also began a series of mini-tutorials we will be doing on VoIP security issues. In this episode we talked about voice encryption – why it is important and what the major methods are. Next time we’ll talk about call signaling encryption. See the detailed show notes for a full description of what was discussed.

Blue Box Podcast #55 was posted today with a look at recent vulnerabilities in IP phones, VoIP security news and a feature section about the IETF meeting and the discussion there around SRTP key exchange, ZRTP, etc.  A great amount of listener comments and much more.  See the detailed show notes for a full description of what was discussed.

Blue Box Podcast #54 was posted about a week ago but with travel I didn’t cross-post it here… in this show, Jonathan and I talked a good bit about the new VoIP security tools list released by VOIPSA, the IETF meeting in Prague, Phil Zimmerman and ZRT, SPIT, the ETel conference and also talked a good bit about some articles circulating around about “how VoIP shouldn’t be used for teleworkers because of security”. Detailed show notes and links are available over on the Blue Box website.

Blue Box podcast #53 is now available covering a range of topics, including a listener’s suggestion for the Skype multiple login issue, Cisco’s IP phone security advisories, network neutrality, EU privacy legislation and, yes, we covered that wacky story about smokers being a threat to VoIP because we just had to… plus the usual listener comments, VOIPSEC review and other VoIP security news. Detailed show notes, links and more over at the Blue Box site.

At O’Reilly’s 2007 Emerging Telephony conference last week in San Francisco, I had the opportunity to give a 15-minute presentation to all attendees about VoIP security. Rather than doing the traditional slideware outlining the threats, tools, best practices, etc., I tried to do something very different and simply tell a story of what could happen if a VoIP system were installed in an insecure manner – and how to go about securing that system. I tried to make it interesting and humorous (something not often tied to VoIP security) and the feedback at the show was quite positive. The audio and slides are now available over at Blue Box and I’d definitely be interested in any feedback you all have about the presentation, either in content or style.

Another podcast to note… Canadian analyst Jon Arnold interviewed me for his Canadian thought leaders podcast series all about… gee… VoIP security! (Yes, okay, so I no longer live in Canada, but I did live there for most of 5 years and I still work for a Canadian company.) We had a great chat about VoIPSA, Blue Box, VoIP security in general and my views on some of the current vulnerabilities to VoIP. It runs about 19 minutes or so and you can get it from the link on Jon’s blog.