Category: VOIPSA
-
/
Special "Still Secure" podcast episode offers 2006 review and 2007 predictions
Continue Reading: Special "Still Secure" podcast episode offers 2006 review and 2007 predictionsRight before the holidays I had sent in to Alan Shimel a contribution for a special episode 26 of his “Still Secure After All These Years” podcast. In this episode, he asked a number of us in security field to give their thoughts on major issues of 2006 and predictions for 2007. Mine were predictably about VoIP…. but many others ran across the whole field of information security.
Kudos to Alan for pulling it all together and producing the episode. Makes for interesting listening.
Technorati tags: voip security, security, podcasts -
/
Blue Box Podcast #48 out with our predictions for 2007, VoIP security news, etc. – and the frustrating audio issues in post-production
Continue Reading: Blue Box Podcast #48 out with our predictions for 2007, VoIP security news, etc. – and the frustrating audio issues in post-productionEarlier this week I uploaded Blue Box Podcast #48, where Jonathan and I go beyond just talking about the news to also review the “top VoIP security news stories of 2006” and also get into our predictions for 2007. My prediction #1 will be fairly obvious for anyone who has listened to the show for a while. We also cover the typical range of VoIP security stories, talk about OpenID for caller authentication and many more things.
This was a bit frustrating of a show to post-produce. Post-production is always a somewhat lengthy process, anyway, because I want the enhanced audio that you get from a wideband codec, which means that we use Skype. However, Skype creates its own challenges with voice that will simply fade away or get garbled. It’s fairly routine that we have to disconnect and reconnect a time or two within the space of the hour in which we are recording the show. (That’s actually apparent in this show where Jonathan’s voice is at a lower level and then suddenly is much louder. After the reconnect, he wound up with more volume.) If I could get the audio quality in a softphone without the fade outs,…
-
/
Mark Collier’s “VoIP Security Blog” gets a new makeover…
Continue Reading: Mark Collier’s “VoIP Security Blog” gets a new makeover…As I noted in my Voice of VOIPSA post today, Mark Collier (of hackingvoip.com fame) took some time in December to give www.voipsecurityblog.com a graphical makeover. He’s got a cute new header image and an updated picture of himself. Although, Mark, I really have to say… you are violating the security “code of dress”! Don’t you know that all good security people are supposed to wear black? Preferably a black turtleneck? Come on, now, you’re going against the motif!
Ah, well… in any event, if you haven’t checked out Mark’s blog, it’s a good one… even if he is wearing white. 🙂
Technorati Tags: security, mark collier, voip, voip security, voipsa, voipsecurity
-
/
Blue Box Podcast #47 is now live… VoIP security hype, governments blocking Skype, SANS and VoIP training, more…
Continue Reading: Blue Box Podcast #47 is now live… VoIP security hype, governments blocking Skype, SANS and VoIP training, more…Blue Box Podcast #47 is now available for download. In this show, Jonathan and I talk about some of the recent articles and reports hyping VoIP security, recent comments from SANS about the need for better VoIP security training, moves by the Indian government to block Skype and other VoIP services and much, much more. Tons of listener comments in this show… probably the most we’ve ever had. See the show notes for all the links and info.
Technorati Tags: skype, voipsecurity, voip, voip security, voipsa
-
/
Ken Camp: “I’ve been Blueboxed”
Continue Reading: Ken Camp: “I’ve been Blueboxed”(Originally posted at http://dyork.livejournal.com/257414.html)
Finally getting caught up on content recorded for Blue Box, I finished up on Monday night the interview I did with Ken Camp out at Internet Telephony in San Diego and posted the interview today. Ken responded with his post: “I’ve been Blueboxed“, which gave me a laugh because I don’t think I’ve ever seen the show name used as a verb before!
Technorati Tags: blue box, bluebox, security, ken camp, voip, voip security, voipsa, voipsecurity
-
/
Confirmed to speak at O’Reilly’s Emerging Telephony conference, Feb 27 – Mar 1, 2007, San Francisco
Continue Reading: Confirmed to speak at O’Reilly’s Emerging Telephony conference, Feb 27 – Mar 1, 2007, San Francisco(Originally posted to http://dyork.livejournal.com/254735.html)
Just confirmed late last week that I’ll definitely be speaking at O’Reilly’s Emerging Telephony Conference (aka “ETel”) this coming February 27 – March 1, 2007 in San Francisco. The topic I will be speaking on will, of course, be VoIP security. Two sessions, actually… one a 15-minute plenary session providing an overall view of VoIP security and then the second a 90-minute workshop going into much more detail, providing info about security tools, best practices and much more. Both, of course, will be later put out as part of Blue Box. Should be a lot of fun, and given that it’s in the SF area, I’ll probably be able to pull Jonathan Zar in as well, which would be cool. Now I just need to put up a picture, bio and session abstracts…
As I’ve said to a number of folks, ETel 2006 was one of the very best out of all the conferences that I attended all year. No real trade show… just conference sessions full of the “alpha geeks” that O’Reilly conferences tend to attract. People really on the bleeding edge of trying out new and different things with telephony. They had… -
/
VoIP News in Australia picks up on VOIPSA Best Practices…
Continue Reading: VoIP News in Australia picks up on VOIPSA Best Practices…(Originally posted to http://dyork.livejournal.com/251845.html)
I do not know precisely why, but the Australian VoIP media seems to pick up a lot of good news items about VoIP security, if you take a look at any Blue Box episode, you’ll often see that many of the news items we talk about come from Down Under. I don’t know why, but they seem to have security as a partial focus. It’s great to see and they are a very good source of news. One site there, VoIP News, is also the only one I’ve really seen to write a post about the VOIPSA Best Practices Project. We weren’t really expecting people to write about it on news sites… the launch is really more low-key and we didn’t do any active PR beyond blog posting and sending to email lists. Now, when we have the finished product that will be a different story.
Of course, to finish one must first start.. hopefully later today… just in time for me to start travelling for a week!
In the meantime, it’s great to see this VoIP News site writing about us… I’ve seen several subscriptions already today from Australia.Technorati Tags:…
-
/
VOIPSA best practices mailing list growing fast…
Continue Reading: VOIPSA best practices mailing list growing fast…(Originally posted at http://dyork.livejournal.com/250011.html)
Publicity helps, of course. Start talking about something and the people start signing up. Overnight the VOIPSA “best practices” mailing list has grown from 26 to 65 subscribers, with more subscription notices coming in each time I look at my email. This certainly reflects the way I distributed the word… I’m sure many people, myself included, route the VOIPSEC mailing list into a folder where they read it when they can. Or at least they read other messages before that of a “mailing list”. So I expect I’ll continue to see subscriptions coming in over the next couple of days.
As the mailing list administrator, I naturally receive the subscription notifications and I have to say that there are some pretty impressive people and companies among those who have subscribed. I think we now have one or more representatives of basically all of the major IP-PBX vendors, a good number of security vendors, univerisites, US government agencies, a few financial institutions (good to have, given the natural security paranoia of banks)… plus a whole host of people that are using various Gmail, Yahoomail, etc. addresses that give nothing away about their identity. (I would… -
/
VOIPSA “VoIP Security Best Practices” project to launch this week
Continue Reading: VOIPSA “VoIP Security Best Practices” project to launch this week(Originally posted to http://dyork.livejournal.com/249531.html)
Cross-posting from Voice of VOIPSA where I posted this earlier today:
I am pleased to announce that the VOIPSA Best Practices project will be kicking off this week. As noted in the project description, the goal is to gather into one document the core set of “best common practices” that can be used to address the threats to VoIP that were outlined in the VoIP Security Threat Taxonomy project. I’m still making some changes to the wiki in advance of the formal project kickoff, but right now you can subscribe to the best practices email list if you would like to assist in the project. All are welcome, regardless of experience level. If you don’t want to join a mailing list, updates will be posted here on this blog from time to time.
I went into a bit more detail in a subsequent post to the VOIPSEC mailing list, mentioning, for instance, that people who think they will be interested in editing/commenting on the actual text should make sure they are registered in the VOIPSA wiki.
I’m excited to get the project underway… I’ve been trying to get it launched for the last month or… -
/
Click-to-Call, Google Maps, security – and the fundamental disruption to the carrier telephony space
Continue Reading: Click-to-Call, Google Maps, security – and the fundamental disruption to the carrier telephony space(Originally posted at http://dyork.livejournal.com/247741.html)Over on “Voice of VOIPSA“, Dustin Trammel wrote a long post called “Click-to-Harrass” that discusses “click-to-call” services and specifically the new Google Maps click to call capability. I wrote a comment that inadvertantly wound up being almost as long as Dustin’s article. Given that it had been a topic I was thinking about writing about here anyway, I decided to cross-post my comment here as well. Dustin,
Nice piece. TechCrunch also had a post yesterday speculating that Google had pulled Click-To-Call because of harrassment issues, although it seems to have just been a temporary service outage as the service is back running today (used it myself this morning).
The interesting thing, though, is that you can see the immense value to the consumer for this type of service. Over the past few days I’ve been testing it myself with calling various local businesses here in Vermont. I have to say it has worked great. Find them in Google Maps, click the “call” button, wait for the ring of my phone, press the “Talk” button on my wireless handset and… ta da… I’m connecting to the business. It is a little…