Category: VoIP Security
-
/
My “Black Bag Security Review” hits IT Conversations’ Top 10 Downloads for March 2008…
Continue Reading: My “Black Bag Security Review” hits IT Conversations’ Top 10 Downloads for March 2008…I was rather surprised but pleased to see that my “Black Back Security Review” was on the list of the “Top Ten IT Conversations Shows for March 2008“. My “surprise” was mostly because that particular talk is over a year old and was given at the ETel 2007 show back at the end of February 2007.To be honest, I was not actually aware (or didn’t remember, anyway) that the IT Conversations Network had distributed my talk but I’m guessing they did so with a number of the ETel sessions.
Unfortunately, they don’t include the slides, which I put up in the Blue Box posting and also just generally made available on SlideShare. Without the slides, I suppose it works perfectly fine.. I’ve just never listened to it that way. It was still one of the most fun presentations I’ve ever given. Also took a ton of time to prepare. 243 slides in 14 minutes… 🙂 (I did write up some notes about the presentation and the style, etc.)
Anyway, it’s cool to see people discovering that session again. Nice surprise!
Technorati Tags: voip, voip security, dan york, etel
-
/
My presentations at VoiceCon this week…
Continue Reading: My presentations at VoiceCon this week…I’m down in Orlando this week for VoiceCon Orlando and will be part of three sessions. Tomorrow, I’m moderating a panel at 8am on VoIP security and on Thursday I’m moderating a panel on open source telephony. On Wednesday, I’ll be part of a keynote panel with Irwin Lazar on “Social networking and enterprise communication”, which should be quite fun. I’ll include below the full descriptions of the various sessions. If you are attending VoiceCon and want to connect, please do contact me.Session Title: Top VOIP Security Threats
Date: 3/18/2008
Time: 8:00 AM
Room: Osceola B
Session Description: There’s been a lot of concern about voice over IP security, but have there been many actual exploits? This session will inform you about the state of VOIP security. You’ll learn about generalized IP attacks that have affected IP telephony systems deployed on IP networks, and you’ll also find out what VOIP-specific attacks have actually been observed “in the wild”–and what to expect in the future.
KEY QUESTIONS: * What are the most serious voice-oriented attacks that are actually being carried out? What potential attacks haven’t occurred yet but probably will before long? * How do you protect your VOIP systems against… -
/
I’ll be down at VoiceCon Orlando in March 2008…
Continue Reading: I’ll be down at VoiceCon Orlando in March 2008…FYI, I will be down at VoiceCon Orlando on March 17-20, 2008. I’m moderating two panel sessions (see the schedule). First, up, bright and early at 8am on Tuesday, March 18th, I’ll be moderating a panel on “Top VoIP Security Threats“. This should be a fun one as it has VOIPSA Chair Dave Endler, Mark Collier of SecureLogix and Sachin Joglekar of Sipera Systems. I know all three of the guys, particularly Dave and Mark who have both worked on VOIPSA matters, and this session should be a good bit of fun. I’m planning on making it a rather interactive session. 🙂At the other end of the show, on Thursday, March 20th, at 11:45am, I’ll be moderating a panel “Open Source for Enterprise Voice: How Much, How Soon?“. This would should be interesting because it has Bill Miller from Digium (makers of Asterisk), who I know well, and M Raza from 3Com… and then Tony Pereira from Nortel! 3Com’s presence on the panel isn’t particularly surprising given their relationship with Digium, but it will be interesting to see Nortel’s view on the matter.
All in all it should be quite an interesting show. Lots of good sessions and, I’m…
-
/
IETF “RUCUS” BOF to be held about SPIT…
Continue Reading: IETF “RUCUS” BOF to be held about SPIT…Over on the Voice of VOIPSA blog today I posted about a new session has been approved for the IETF 71 meeting coming up in Philadelphia in March called “Reducing Unwanted Communications using SIP” a.k.a. “RUCUS”.Hannes Tschofenig, who submitted the proposal, has created a RUCUS web page and is looking for feedback. I’m planning to be at the RUCUS session at IETF 71 and would encourage others who want to talk about voice spam / SPIT to join in as well!Technorati Tags: rucus, spit, spam, voice spam, voip, voip security, security, ietf, standards
-
/
I’ll be speaking at Ingate’s SIP Trunking Seminars at IT Expo in Miami next week
Continue Reading: I’ll be speaking at Ingate’s SIP Trunking Seminars at IT Expo in Miami next weekIf any of you will be in Miami next week for Internet Telephony Expo, I will be speaking on VOIPSA’s behalf at Ingate’s SIP Trunking Seminar Series held in conjunction with IT Expo. Predictably, my session from 8:30-9:45am on Thursday, January 24th is titled “Seminar/myth 1: VoIP is not secure“.If you are going to be down at IT Expo, do check out the full schedule for Ingate’s SIP Trunking Seminar Series. They have a good range of speakers and the seminars are free.
If any of you are attending either IT Expo or the SIP Trunking Seminar Series, please do drop a note as I’m always interested in meeting readers.
Technorati Tags: sip, sip trunking, ingate, itexpo, conferences
-
/
Skype and secure SIP? (Why would I see this message?)
Continue Reading: Skype and secure SIP? (Why would I see this message?)Whenever I’m using Skype, I have the “Display technical call info” setting enabled so that I see technical stats about the calls I am on. Those windows tend to stay around after a call… and I noticed this one still around with an identity of “securesip”. (click on the image for a larger version) I’ve tried to replicate this with calls that I’ve recently made to see if I could get the window again, but can’t seem to do so. Anyone know why I might be seeing this?
I’m curious…
Technorati Tags: sip, skype, voip security
-
/
At Fall VON this week… speaking on Thursday
Continue Reading: At Fall VON this week… speaking on ThursdayI’m in Boston this week at Fall VON. I’ll be speaking on Thursday at 12:45 on (predictably) ” Strategies for Solving Security”. If any readers are at VON, feel free to drop a note. I’m always interested in connecting with readers.
Technorati Tags: conferences, fallvon, voip security, voipsa, von
-
/
Heading to New York today for Interop… speaking tomorrow on VoIP Security
Continue Reading: Heading to New York today for Interop… speaking tomorrow on VoIP SecurityIn a few hours I’ll be boarding a plane back to New York where I’ll be attending Interop New York this afternoon and tomorrow. If any of you reading this will be there, please do drop an email. Tomorrow, I’ll be on a panel at 2:45pm with Jonathan Rosenberg about “Voice-oriented Attacks”. (Side note to Interop: Please make it so that we can link to individual sessions instead of having to link to the entire list of “security”-related sessions!) If you aren’t aware of who Jonathan Rosenberg is, he works for Cisco and is a huge contributor to IETF efforts related to SIP and in fact was one of the co-authors of RFC 3261 which is the primary RFC defining SIP. He’s also the author of “The Hitchhiker’s Guide to SIP” which aims to help guide people through the maze of the many, many documents that now are part of “SIP”. More relevant to tomorrow’s session, he’s also the author of a series of NAT traversal protocols for SIP, namely STUN, TURN and now ICE. Eric Krapf, the moderator of the session, is aiming to make it a more interactive and discussion-focused session (i.e. no slideware-to-death)… we’ll see…
-
/
Heading out to Astricon 2007 next week to talk on VoIP security…
Continue Reading: Heading out to Astricon 2007 next week to talk on VoIP security…Well, I just confirmed my travel schedule – I’m going to go have a bit of fun out at AstriCon 2007. AstriCon, for those who aren’t aware, is pretty much the premiere event for Asterisk developers. I’m scheduled to speak on Thursday about (surprise!) VoIP security. My talk is an “industry perspective” in my capacity as a board member of the VOIP Security Alliance and won’t be specifically Asterisk-focused, although I will include a few pieces about what you need to think about with Asterisk and the holes that Asterisk still needs to fill (like, oh, SRTP, which I know is coming). I know Mark Spencer and a good bit of the Digium crowd, so it will be fun to hang out with them (especially given my new independent status).
If any of you reading will be out there, please do feel free to drop me a line so that we can connect.
P.S. After AstriCon, I’ll be heading over to the Podcast and New Media Expo in Ontario, CA. If any of you will be there, please do drop a note as well.
