Category: VOIPSA
-
/
At Fall VON this week… speaking on Thursday
Continue Reading: At Fall VON this week… speaking on ThursdayI’m in Boston this week at Fall VON. I’ll be speaking on Thursday at 12:45 on (predictably) ” Strategies for Solving Security”. If any readers are at VON, feel free to drop a note. I’m always interested in connecting with readers.
Technorati Tags: conferences, fallvon, voip security, voipsa, von
-
/
Heading out to Astricon 2007 next week to talk on VoIP security…
Continue Reading: Heading out to Astricon 2007 next week to talk on VoIP security…Well, I just confirmed my travel schedule – I’m going to go have a bit of fun out at AstriCon 2007. AstriCon, for those who aren’t aware, is pretty much the premiere event for Asterisk developers. I’m scheduled to speak on Thursday about (surprise!) VoIP security. My talk is an “industry perspective” in my capacity as a board member of the VOIP Security Alliance and won’t be specifically Asterisk-focused, although I will include a few pieces about what you need to think about with Asterisk and the holes that Asterisk still needs to fill (like, oh, SRTP, which I know is coming). I know Mark Spencer and a good bit of the Digium crowd, so it will be fun to hang out with them (especially given my new independent status).
If any of you reading will be out there, please do feel free to drop me a line so that we can connect.
P.S. After AstriCon, I’ll be heading over to the Podcast and New Media Expo in Ontario, CA. If any of you will be there, please do drop a note as well.
-
/
Great overview of SIP security now posted on Blue Box site…
Continue Reading: Great overview of SIP security now posted on Blue Box site…Over on Blue Box, I uploaded on Friday what I consider one of the best overviews about SIP security that we’ve done: Blue Box Special Edition #20. I recorded the interview out at VoiceCon San Francisco in August and it’s with Cullen Jennings who is a Distinguished Engineer at Cisco Systems, but more relevant to SIP is one of the Area Directors for the Real-time Applications and Infrastructure (RAI) area within the IETF. Basically all of the proposals for RFCs relating to SIP roll up under the RAI area. Cullen’s also quite interested in and knowledgeable about security and in fact several of the security-related RFCs related to SIP include Cullen as one of the authors (as do a number of the current proposed Internet-Drafts).
So he knows his stuff… and being a frequent presenter, he’s also good at distilling complex things down into more simple descriptions, so it was an enjoyable interview that I think you will also find quite educational. If you’re working with SIP, or considering it, I’d highly recommend you listen to the show.
Technorati tags: SIP, SIP security, VoIP, VoIP security, security, cullen jennings, dan york -
/
FYI – I’m speaking at Ingate SIP Trunking Seminar Series Sept 11 in LA (concurrent with Internet Telephony Expo)
Continue Reading: FYI – I’m speaking at Ingate SIP Trunking Seminar Series Sept 11 in LA (concurrent with Internet Telephony Expo)FYI, for those of you attending the Internet Telephony Conference & Expo in Los Angeles on September 10-12, I’ll be participating in a panel session that is part of Ingate’s SIP Trunking Seminar Series. I expect it will surprise no one to learn that I’ll be on the panel about “Enterprise Security and VoIP” wearing my VOIP Security Alliance hat. My particular session is Tuesday, September 11, 2007, from 9:30-11:00 am. (And yes, I guess it is appropriate in a way to be talking about security on 9/11!) More details and the schedule are available online.
The sessions are free and open to anyone to attend. Simply fill out the pre-registration form.
Technorati tags: sip, sip security, sip trunking, ingate, ingate systems, voipsa, voip, voip security, dan york -
/
Blue Box Podcast #56 posted, beginning a series of VoIP security tutorials
Continue Reading: Blue Box Podcast #56 posted, beginning a series of VoIP security tutorialsI posted Blue Box Podcast #56 tonight and with it Jonathan and I are beginning a series of mini-tutorials on subjects related to VoIP security. In this show, we talked about voice encryption. In the next show (already recorded) we will talk about signaling encryption. The idea is to cover some basic ground so that people not familiar with the area can have a basic understanding.
Just glad to get that one up – tomorrow I’m going to work on #57 to see if I can get it online for Wednesday. We’re trying hard to get back on a weekly schedule. (#56 was intended to go up last week.)
Technorati tags: bluebox, voip security, voipsa, blue box, voip, security -
/
Shawn Merdinger – The Top 11 VoIP security issues you need to discuss with your vendor
Continue Reading: Shawn Merdinger – The Top 11 VoIP security issues you need to discuss with your vendorOver on the Voice of VOIPSA weblog, security researcher Shawn Merdinger is 2/3 of the way through a series of posts on the “top 11 VoIP security issues you need to discuss with potential vendors”. His posts are:
- Pucker Up – Intimate VoIP Phone Security Questions, Part 1 of 3 (1-5)
- Pucker Up – Intimate VoIP Phone Security Questions, Part 2 of 3 (6-8)
with the third post coming at some point soon to cover points 9-11. Shawn’s posts are definitely “required reading” for anyone working on or concerned about issues around VoIP security. He’s done a great job bringing into one place the many questions that you should be asking VoIP/IP telephony/IP communications vendors about the security of the systems you are considering (or have already deployed).
Technorati tags: voipsa, voip security, security, voip -
/
Ranting about how very wrong ComputerWorld.au is about enterprises avoiding IP telephony for teleworkers
Continue Reading: Ranting about how very wrong ComputerWorld.au is about enterprises avoiding IP telephony for teleworkersComputerWorld in Australia came out with an article today headlined “Enterprises must avoid IP telephony for teleworkers or face attack“. Given that I use a secure teleworker phone on a daily basis, I was immediately struck by the headline and felt compelled to write a response over on Voice of VOIPSA: “Why Computerworld.au is dead wrong about… “. I think you can gather my opinion from the title. It will be interesting to see if there is any response from ComputerWorld (I’ve emailed them the link).
The sad thing is that outside of the headline, the rest of the article was more or less okay. Just a bad headline…
Technorati tags: Voip security, voip, ip telephony, teleworker, security, computerworld -
/
ETEL – Black Bag Security Presentation, 243 slides, Lessig connection, errata… slides available
Continue Reading: ETEL – Black Bag Security Presentation, 243 slides, Lessig connection, errata… slides availableSo “the talk” finished around 11:15am this morning… I’ve just been straight out and unable to blog until now. The “Black Bag Security Review” was fun to do and I’ve been receiving a great amount of positive feedback and kind words from folks here. As you’ll see below, I’m going to include the slides here in Flash (I finally get a reason to experiment with SlideShare!). I’ll put a PDF up here as well once I get back to Vermont. It seems that after my laptop was reformatted, I never re-installed Acrobat to do PDF exports.
However, the slides aren’t really that much use without the audio, but I’ll be putting the audio up on Blue Box sometime in the next week or so and will post an update here with a link.
Had a couple of interesting questions and points of feedback about the talk (and things I noticed):
- Yes, there were actually 243 slides and yet it came in a hair under 15 minutes. This is a very different way of presenting than a “traditional” deadly PowerPoint presentation. More slides… minimal text… fast transitions. The point is to accent your story and leave the focus on you and what you are…
-
/
And so ETel begins…
Continue Reading: And so ETel begins…Today starts the first day of ETel, a.k.a. O’Reilly’s Emerging Telephony conference. ETel is not one of the giant conferences… unlike one of the VONs, Internet Telephony or VoiceCon there will probably only be 500-1000 people here. But that is part of the charm, really (and this is only the second year)… it’s a place for the VoIP alpha-geeks to network, promote their visions, combine their visions, socialize and otherwise just learn a heck of a lot from each other. The schedule is packed with great info… the speaker roster is a veritable “Who’s Who” of people playing in the “Voice 2.0” or “Telephony 2.0” (or <pick your cliche term>) space. All in all, it’s one conference I’ve been very much looking forward to. Just in town last night, I’ve already run into Alec Saunders, Brad Templeton, Bruce Stewart, Surj Patel… had dinner with Blue Box podcast co-host Jonathan Zar and security researcher Shawn Merdinger… I know Ken Camp is around, Andy Abramson, Om Malik and so many others… it should be a great and fun conference.
For my part, I am doing two sessions. First, today at 1:30pm Pacific, Jonathan, Shawn and I will be doing a 90-minute workshop…
-
/
Blue Box Podcast #50 finally hits the feed…
Continue Reading: Blue Box Podcast #50 finally hits the feed…Fans of Blue Box have to be aware that I’m a wee bit behind in posting episodes… so I was delighted to finally get Blue Box #50 uploaded yesterday. I still need to finish putting the show notes up there, but at least the show is out so that people can listen to it. Given that we recorded it January 17th, it has already aged a bit. Tonight or tomorrow I’m hoping to get #51 up… and then #52 has already been recorded as well… I’d like to get caught up before going out to ETel where I’m undoubtedly going to get more recordings for special editions.
Technorati tags: voip security, voip, security, bluebox, voipsa
