[VOIPSEC] FYI - audio for my ETel "story" presentation on VoIP security now up as a Blue Box podcast

dan_york at Mitel.com dan_york at Mitel.com
Tue Mar 6 18:32:59 CST 2007 

VOIPSEC readers,

Last week out at O'Reilly's Emerging Telephony conference in San 
Francisco, I had a 15-minute general session to talk about VoIP security 
issues and I tried a very different style of presenting.  Instead of the 
usual slideware going through the threats, tools, best practices, etc., I 
instead told a story about a fictitious "SysAdmin Steve" who suddenly 
became responsible for a VoIP system that was installed in an insecure 
manner... and of course to make it interesting he had to deal with a 
disgruntled internal employee, etc., etc.  In any event, the audio and 
slides are now available as a Blue Box Special Edition podcast at:

  http://www.blueboxpodcast.com/2007/03/blue_box_se_15_.html

My goal was really to try to make the VoIP security issues we deal with 
more accessible and relevant to someone who is just working on VoIP.  Too 
often I've heard it said that we in the security industry are either too 
paranoid, hung up on theoretical attacks or otherwise exaggerating the 
reality.  This was one attempt to bring it down to a more "realistic" 
scenario.  You can judge for yourself how successful I was or was not.

Given that the presentation style was a bit different (243 slides in 15 
minutes), I had a number of questions about the presentation and also some 
feedback about the content itself.  I responded to that over on my 
"Disruptive Telephony" blog at:

  http://www.disruptivetelephony.com/2007/03/etel_black_bag_.html

As I said in both places, feedback (positive or negative) would definitely 
be welcome.  A large part of VOIPSA's overall mission is to educate people 
about the reality of the threats to and solutions for VoIP security.  To 
do that most effectively, we need to be trying many different things... 
this was my little experiment.

Enjoy,
Dan

-- 
Dan York, CISSP
Dir of IP Technology, Office of the CTO
Mitel       http://www.mitel.com
dan_york at mitel.com +1-613-592-2122
PGP key (F7E3C3B4) available for 
secure communication

More information about the Voipsec mailing list