Voice of VOIPSA

The latest episode, SKP14, of the SkypePodcast focuses on security, so may be of interest to folks here.  Sasha (the host) also gives a mention to our own Dan York and the Bluebox podcast.

Sasha quotes Skype CSO Kurt Sauer justifying why Skype jumps around different IP ports, making it hard to detect or block:  “One of the reasons Skype is difficult to find is that the people who provide the carrier services [ISPs, telcos] are in competition with Skype,”

You can find the full version of this quote in a Techworld article.

Blue Box Podcast #32 is now available for download.  In this show, Jonathan and I provide a tutorial about ENUM, discuss the latest VoIP security news and address a range of other comments.  If you are not aware of ENUM and how it allows regular telephone numbers to be mapped to SIP URIs, you may find this very useful.

Blue Box Podcast #31 is now available for download. In this show, Jonathan and I spend a block of time discussing the recent Pena/Moore VoIP fraud case and another large block of time discussing the recent FCC decision around the application of CALEA to VoIP service providers. We also have our regular discussion of VoIP security news, comments from listeners and more.

Blue Box Podcast #30 is now available for download. This show features a 24-minute report from Martyn Davies about the 3rd Annual VoIP Security Workshop held recently in Berlin. Martyn provides his view on the major themes and provides brief segments of interviews he had with some of the speakers. Jonathan and I also discuss the latest VoIP security news, including, of course, the Pena/Moore fraud scam that is all over the networks. We also include the usual discussion of listener comments, review of the VOIPSEC mailing list and more…

Blue Box Podcast #29 is now available. In this episode, Jonathan and I cover a range of recent VoIP security news items, including several related to Skype, and also cover comments from listeners. The full show notes, list of links, etc. is all available from the episode web page.

P.S. As a teaser, I’ll mention that show #30 is now in post-production and will include Martyn Davies’ audio report from the 3rd Annual VoIP Security Workshop in Berlin that he blogged a bit about here, here and here. The show should be posted within the next couple of days. Stay tuned…

Blue Box Podcast #28 is now available with about a 14-minute interview with David Endler, Chair of VOIPSA, where he discusses such things as:

• The background on the creation of VOIPSA
• VOIPSA’s major accomplishments in its first year
• What’s next for VOIPSA
• New projects
• How people can help

Jonathan and I of course cover recent VoIP security news and have some great comments from listeners. Show notes and links to topics discussed are all available on the episode’s page.

I can see that the VoIP Developer conference in August has a couple of sessions led by VOIPSA members, namely Andrew Graydon and Bogdan Materna. I’m looking forward to this conference, should have some excellent material.

On the subject of conferences: as Dan York mentioned, the Berlin VoIP Security Workshop starts tomorrow; I’ll be attending, so I hope I bump into a few fellow VOIPSA people over the next couple of days. Stay tuned for a brief conference report here, and also an audio report on Dan’s Bluebox podcast.

Yesterday I uploaded Blue Box Podcast #27, which marks the first of several tutorials that Jonathan and I intend to do over the next few months. In this show we spent about 20 minutes discussing issues around VoIP eavesdropping, why it is different from the PSTN, what solutions are out there to help protect against it and more. We hope you enjoy that segment, as well as all our usual VoIP security news and commentary. Comments are definitely welcome if you have a different viewpoint or other information to add.

As noted earlier, we’ve been running a survey of members of the VOIPSA Technical Advisory Board asking about a number of VOIPSA-related topics. We’ll be posting more information here as we continue the analysis, but in the meantime, I did post a list of suggested podcast topics over on the Blue Box web site. If you have any additional suggestions please feel free to post them either here or in response to the Blue Box posting. Thanks to everyone in VOIPSA who participated - and Jonathan and I look forward to bringing you some of these topics in future Blue Box podcasts.

Blue Box podcast #23 is now available for listening. In this show, Jonathan and I discuss the latest VoIP security news including further items about Zfone, Bruce Schneier’s Wired News article, SIP attacks being slashdotted, university funding for VoIP security research and a couple of other telcom-related podcasts we have found. We also discussed a number of great comments we received from listeners and unveiled a new promotion to give away a copy of the new “VoIP Security” book from Syngress.