Voice of VOIPSA

FYI, for those of you attending the Internet Telephony Conference & Expo in Los Angeles on September 10-12, I’ll be participating in a panel session that is part of Ingate’s SIP Trunking Seminar Series.  I expect it will surprise no one to learn that I’ll be on the panel about “Enterprise Security and VoIP” speaking on behalf of VOIPSA.  My particular session is Tuesday, September 11, 2007, from 9:30-11:00 am.  More details and the schedule are available online.

The sessions are free and open to anyone to attend.  Simply fill out the pre-registration form. If you are going to be there at the show, please do drop me a note, as I’m always interested in meeting readers or others interested in VoIP security.

There were a number of new tools released at the recent BlackHat and DEFCON conferences that I’ve just finished adding to the VoIPSA Security Tools List.

First, during the BlackHat Voice Services Security track, Himanshu Dwivedi & Zane Lackey spoke about attacks against H.323 and IAX. They released a number of tools including H225regreject, IAXHangup, IAXAuthJack, and IAX.Brute. Now you can easily launch many of the same attacks (as well as a few new ones) that you’ve known and loved from attacking SIP against both H.323 and IAX.

Next, Zane Lackey & Alex Garbutt debuted their RTPInject tool during the BlackHat turbo-talk track. It’s essentially a nice, pretty, easy to use GUI version of the RTP audio injection attack that I demoed last year at EUSecWest using the rtpinsertsound and rtpmixsound tools.

At DEFCON, Ian G. Harris released a tool called INTERSTATE which is a stateful protocol fuzzer for SIP.

Finally, I released my new RTP steganography tool, SteganRTP, at DEFCON. It uses steganographic data embedding techniques to create a covert channel in an RTP session’s audio payloads which it uses to transport it’s own custom communications protocol. The protocol provides user chat, file transfer, and remote shell access (if enabled).

All of the tools mentioned above can be found via the VoIPSA Security Tools List.

Were you unable to get to VON Europe ‘07 in Stockholm, Sweden back in June to hear the panel session on “The Real Risks of VoIP Security“?  Well now you can hear it.  Blue Box Special Edition #19 is now available for download.

In this session, our own Martyn Davies is the moderator and the panelists are Ari Takanen of Codenomicon, Cullen Jennings of Cisco and Akif Arsoy of Verisign.  Readers of the VOIPSEC mailing list will have seen posts from Ari at various times and it’s hard to escape Cullen in the world of IETF standards!  Rather than just going through endless slides, the panel engaged in a conversation based on questions from Martyn and then the audience.   It was a lively session with lots of good questions, interaction from all three of the panelists and Martyn with the audience… and Cullen making the kind of statement “that everytime someone from Cisco makes a statement like this we make ourselves subject to attack” (you’ll have to listen to understand that teaser

I think you’ll find it both enjoyable and educational.  Thanks to Martyn for producing the recording and for Ari, Cullen and Akif for agreeing to have it distributed.  Thanks also to Carl Ford, Jeff Pulver and the rest of the VON team for allowing us to record and distribute the session.

Jonathan and I welcome any and all comments about these special editions.  You can leave them here on the VOIPSA weblog, on the Blue Box weblog, sent to blueboxpodcast@gmail.com or called in to our comment lines at +1-206-350-2583 or sip:bluebox@voipuser.org.

Over on the Blue Box site, I just posted about two VoIP security presentations that are now available with the audio synchronized with slides courtesy of a new “slidecasting” interface created by SlideShare.net. The two presentations are:

• the 15-minute “story” I did of “SysAdmin Steve” and the troubles he face (audio was first available as Blue Box SE#15)
• the 90-minute workshop that Jonathan, Shawn and I did covering VoIP security threats, tools, best practices and more (audio was first available as Blue Box SE#16)

I’m intrigued by the slidecasting interface because to me it allows people who could not attend to experience the presentation in a manner close to what attendees saw.  Anyway, any feedback you all have would be welcome.

Blue Box Special Edition #18 is now available for download. This episode features Martyn Davies interviewing first Rod Hodgman from Covergence and then Jeff Carr from Borderware about the role of the Session Border Controller (SBC).  In each interview, he discusses the company, their products, the role of SBCs and poses the question “Do SBCs break SIP?”  Each of the interviewees also discussed a user of their products and provides other information about their company.  More information and pictures are available in the episode show notes.

Blue Box Podcast #56 was posted yesterday with a look at the recent Skype worm, a comparison of ZFone and PKI, McAfee’s Sage Journal, VoIP security news and more. With this show, Jonathan and I also began a series of mini-tutorials we will be doing on VoIP security issues. In this episode we talked about voice encryption - why it is important and what the major methods are. Next time we’ll talk about call signaling encryption. See the detailed show notes for a full description of what was discussed.

Careful observers of this site may have noticed a new sidebar block titled “VOIPSA Member Blogs”.  This is something we decided to do for members of the VOIPSA Technical Board of Advisors and other folks involved with VOIPSA.  Please do check out those other weblogs, and if you are a TBA member with a blog who missed my original message about this sidebar, please do contact me and we’ll be glad to add your weblog.

UPDATE: The list has been fixed. There was a server connectivity issue that caused the software to think a number of addresses were no longer reachable. All users have now been re-subscribed so you can safely ignore that message.

---

If any of you are subscribers to the VOIPSEC mailing list, you may have received a message this morning indicating that your subscription has been disabled due to excessive bounces and providing a link you could go to in order to re-enable your subscription… which didn’t work.We are aware of the issue and are looking into what is happening. We’ll post here when we have an update. (And no, we don’t think it had anything to do with the Blackberry outage!

Blue Box Podcast #55 was posted today with a look at recent vulnerabilities in IP phones, VoIP security news and a feature section about the IETF meeting and the discussion there around SRTP key exchange, ZRTP, etc.  A great amount of listener comments and much more.  See the detailed show notes for a full description of what was discussed.

Question for folks reading this weblog: what do you think of the way I just re-ordered the sidebar of this blog? The “Recent Posts” section was up at the top before and while that was useful, I thought it might be more helpful to have the list of categories and contributors up near the top on the first screen of information people see. What do you think? Did you use the “Recent Posts” to quickly see what was here? Or did you just scan down the page? (or read this site in an RSS reader?) Any comments or opinions would be appreciated. I can re-order it in whatever fashion we wish.