Category: VoIP Security
-
/
Mark Collier’s “VoIP Security Blog” gets a new makeover…
Continue Reading: Mark Collier’s “VoIP Security Blog” gets a new makeover…As I noted in my Voice of VOIPSA post today, Mark Collier (of hackingvoip.com fame) took some time in December to give www.voipsecurityblog.com a graphical makeover. He’s got a cute new header image and an updated picture of himself. Although, Mark, I really have to say… you are violating the security “code of dress”! Don’t you know that all good security people are supposed to wear black? Preferably a black turtleneck? Come on, now, you’re going against the motif!
Ah, well… in any event, if you haven’t checked out Mark’s blog, it’s a good one… even if he is wearing white. 🙂
Technorati Tags: security, mark collier, voip, voip security, voipsa, voipsecurity
-
/
Quoted in VoIP News: “How Secure are your VoIP Calls?”
Continue Reading: Quoted in VoIP News: “How Secure are your VoIP Calls?”As I wrote over at Voice of VOIPSA, I was quoted in an article out today at VoIP News: How Secure Are Your VoIP Calls? The Voice of VOIPSA post has my (generally positive) reaction.
Technorati Tags: voip, voip security, voipsa, voipsecurity
-
/
Blue Box Podcast #47 is now live… VoIP security hype, governments blocking Skype, SANS and VoIP training, more…
Continue Reading: Blue Box Podcast #47 is now live… VoIP security hype, governments blocking Skype, SANS and VoIP training, more…Blue Box Podcast #47 is now available for download. In this show, Jonathan and I talk about some of the recent articles and reports hyping VoIP security, recent comments from SANS about the need for better VoIP security training, moves by the Indian government to block Skype and other VoIP services and much, much more. Tons of listener comments in this show… probably the most we’ve ever had. See the show notes for all the links and info.
Technorati Tags: skype, voipsecurity, voip, voip security, voipsa
-
/
Ken Camp: “I’ve been Blueboxed”
Continue Reading: Ken Camp: “I’ve been Blueboxed”(Originally posted at http://dyork.livejournal.com/257414.html)
Finally getting caught up on content recorded for Blue Box, I finished up on Monday night the interview I did with Ken Camp out at Internet Telephony in San Diego and posted the interview today. Ken responded with his post: “I’ve been Blueboxed“, which gave me a laugh because I don’t think I’ve ever seen the show name used as a verb before!
Technorati Tags: blue box, bluebox, security, ken camp, voip, voip security, voipsa, voipsecurity
-
/
Techtionary.com provides animated “SIP Essentials” tutorial…
Continue Reading: Techtionary.com provides animated “SIP Essentials” tutorial…(Originally posted at http://dyork.livejournal.com/256998.html)
Tom Cross over at Techtionary.com dropped a note to let me know that his team had released a ‘fastcast’ on the topic of “SIP Essentials”. Not having a clue what a “fastcast” was, I found the answer in Tom’s news release:
Fastcasts are fast-track audio/video animated 10-60 second advertorials for web, webseminar, PC and iPod formats.
Not sure how much traction the word will really get, but there you have it. Tom’s SIP tutorial looked quite interesting in the bit that I explored, with sections on:- SIP Basics
- SIP Trunking
- SIP QoS
- SIP Firewalls and Security
- SIP Applications
- SIP TCO-Total Cost of Ownership
- Integrated/Converged Access
- Key VoIP Options – IAS, Hosted, Managed
- SIP Total Tutorial with Future Outlook
Tom’s making it available at no cost right now so I’d recommend people check it out.
Just one note of caution… once… -
/
Confirmed to speak at O’Reilly’s Emerging Telephony conference, Feb 27 – Mar 1, 2007, San Francisco
Continue Reading: Confirmed to speak at O’Reilly’s Emerging Telephony conference, Feb 27 – Mar 1, 2007, San Francisco(Originally posted to http://dyork.livejournal.com/254735.html)
Just confirmed late last week that I’ll definitely be speaking at O’Reilly’s Emerging Telephony Conference (aka “ETel”) this coming February 27 – March 1, 2007 in San Francisco. The topic I will be speaking on will, of course, be VoIP security. Two sessions, actually… one a 15-minute plenary session providing an overall view of VoIP security and then the second a 90-minute workshop going into much more detail, providing info about security tools, best practices and much more. Both, of course, will be later put out as part of Blue Box. Should be a lot of fun, and given that it’s in the SF area, I’ll probably be able to pull Jonathan Zar in as well, which would be cool. Now I just need to put up a picture, bio and session abstracts…
As I’ve said to a number of folks, ETel 2006 was one of the very best out of all the conferences that I attended all year. No real trade show… just conference sessions full of the “alpha geeks” that O’Reilly conferences tend to attract. People really on the bleeding edge of trying out new and different things with telephony. They had… -
/
“Hacking Exposed VoIP” book from McGraw-Hill has a podcaster review quote (mine) on front cover
Continue Reading: “Hacking Exposed VoIP” book from McGraw-Hill has a podcaster review quote (mine) on front cover(Originally posted at http://dyork.livejournal.com/253120.html)
If you look at the front cover of "Hacking Exposed VoIP" (either click on the small image to the right or follow this link), you will see a review quote from a certain someone:
If you are a security professional charged with protecting a network infrastructure that includes VoIP, you definitely must read this book! Failure to do so will seriously put your VoIP systems – and your network – at risk!"
-Dan York, Producer and Co-Host, Blue Box: The VoIP Security PodcastMcGraw-Hill left out the first part of what I sent them, namely "This is a dangerous book.". (UPDATE: The full quote is on the first page inside the book.) It is a dangerous book, really, because Dave and Mark have brought into one book an amazing amount of information that previously was only found through diligent searching of many places. I stand by my quote – security professionals responsible for the security of VoIP systems really do need to read this book!
On a different note, I have to wonder if this is the first time a review quote from a podcaster has appeared on a published book that does not have…
-
/
VoIP News in Australia picks up on VOIPSA Best Practices…
Continue Reading: VoIP News in Australia picks up on VOIPSA Best Practices…(Originally posted to http://dyork.livejournal.com/251845.html)
I do not know precisely why, but the Australian VoIP media seems to pick up a lot of good news items about VoIP security, if you take a look at any Blue Box episode, you’ll often see that many of the news items we talk about come from Down Under. I don’t know why, but they seem to have security as a partial focus. It’s great to see and they are a very good source of news. One site there, VoIP News, is also the only one I’ve really seen to write a post about the VOIPSA Best Practices Project. We weren’t really expecting people to write about it on news sites… the launch is really more low-key and we didn’t do any active PR beyond blog posting and sending to email lists. Now, when we have the finished product that will be a different story.
Of course, to finish one must first start.. hopefully later today… just in time for me to start travelling for a week!
In the meantime, it’s great to see this VoIP News site writing about us… I’ve seen several subscriptions already today from Australia.Technorati Tags:…
-
/
The Register- “VoIP – open season for hackers”
Continue Reading: The Register- “VoIP – open season for hackers”(Originally posted at http://dyork.livejournal.com/250114.html)
As I wrote about over on Voice of VOIPSA, the Register posted an article yesterday “VoIP – open season for hackers“. The article is mostly good PR by a security company promoting itself and doesn’t really seem to add anything brilliantly new to what we’ve already known in the VoIP security field… but the fact that it’s posted in the Register pretty much guarantees high visibility.
Another good reason for VOIPSA to get the Best Practices document done soon…Technorati Tags: security, voip, voip security, voipsa, voipsecurity
-
/
VOIPSA best practices mailing list growing fast…
Continue Reading: VOIPSA best practices mailing list growing fast…(Originally posted at http://dyork.livejournal.com/250011.html)
Publicity helps, of course. Start talking about something and the people start signing up. Overnight the VOIPSA “best practices” mailing list has grown from 26 to 65 subscribers, with more subscription notices coming in each time I look at my email. This certainly reflects the way I distributed the word… I’m sure many people, myself included, route the VOIPSEC mailing list into a folder where they read it when they can. Or at least they read other messages before that of a “mailing list”. So I expect I’ll continue to see subscriptions coming in over the next couple of days.
As the mailing list administrator, I naturally receive the subscription notifications and I have to say that there are some pretty impressive people and companies among those who have subscribed. I think we now have one or more representatives of basically all of the major IP-PBX vendors, a good number of security vendors, univerisites, US government agencies, a few financial institutions (good to have, given the natural security paranoia of banks)… plus a whole host of people that are using various Gmail, Yahoomail, etc. addresses that give nothing away about their identity. (I would…