Posts categorized "VoIP Security"

Brief interview in 101st Telecom Junkies podcast episode to update VoIP Fraud/Hacker case

telecomjunkies.pngEarlier this week I had a fun moment joining a cast of characters to help the Telecom Junkies podcast celebrate crossing over 100 episodes. In the 101st episode, now available for listening, host Jessica Gdowski invited 7 of her previous guests back to give brief updates. So I joined Martha Buyer, Mark Fletcher, Hank Levine, John Lyon, Dave Spofford, and Allan Sulkin for the ~20 minute show.

In my case, I've been a guest on the show three times previously, most notably in August 2007 with "Interview with a VoIP Hacker" where we interviewed Robert Moore shortly before he was heading to prison.

Moore was part of the VoIP fraud case masterminded by Edwin Pena and discussed on another Telecom Junkies episode back in July 2006. I was also on another Junkies episode in November 2007 about VLAN Hopping.

In this 101st episode recorded this week I gave a brief update on the Pena/Moore case (Pena recently pled guilty) and then talked about VoIP and Unified Communication security issues. It was literally just a few minutes, but I was glad to join briefly and help Telecom Junkies celebrate. 100 podcast episodes is indeed a milestone to celebrate! Congrats!

If you found this post interesting or useful, please consider either subscribing to the RSS feed or following me on Twitter or

I'll be out at ITEXPO this week in L.A.

itexpo-logo-1-1.jpgIf any of you are heading out to ITEXPO tomorrow through Thursday in Los Angeles, I'll be there on Wednesday. As I note on a Voxeo events page, I'll be speaking twice, pretty much back to back:

9:30 – 10:15am, Exploring Applications in the Cloud

11:00 – 11:45am, SIP Trunking and Security

The first is a panel discussion that should be quite interesting. The second is another version of the VOIP / SIP Security talk that I've been giving at Ingate's SIP Trunking Seminars for the past few years (and that always seems to be popular). More details and session abstracts on the events page I set up.

I'm looking forward to catching up with many friends at the show, including Andy Abramson, who I haven't seen for a while.

If you will be out there, please do say hello.

If you found this post interesting or useful, please consider either subscribing to the RSS feed or following me on Twitter or

Heading down to ITEXPO in Miami on Feb 2-4...

ITEXPO-East-logo-1.jpgWill you be down in Miami at ITEXPO February 2-4? If so, please feel free to drop me a note and perhaps we can connect somewhere there.

I'll be arriving Monday afternoon and then on Tuesday, February 3rd, I'll be donning my VOIPSA VoIP Security hat to participate in a SIP Trunking Workshop sponsored by Ingate Systems on "SIP Trunking And Security". These workshops are always fun to do and as they are free to anyone attending ITEXPO (even just with an exhibit pass), they are usually well-attended. I'll be bringing my recording gear, too, and the talk will eventually go out in my Blue Box Podcast feed so you will be able to hear it later.

Speaking of recording... I'll have my video gear, too, and so if you have some new product or service in the "emerging communications" space that you think I might be interested in recording for my "Emerging Tech Talk" video podcast... well... pitch me. :-) I know I'll be recording a number of videos down there and I would certainly consider doing some more.

Wednesday evening I'll be driving back to Orlando and in Voxeo's office on Thursday and Friday so if you're in the Orlando area, please feel free to let me know as well.

If you found this post interesting or useful, please consider either subscribing to the RSS feed or following me on Twitter or

Technorati Tags: , , , ,

"Discover Best Practices for Secure Unified Communications" - a webinar I'll be giving tomorrow

Cross-posted from Voice of VoIPSA:

What are you doing tomorrow, Tuesday, October 28, 2008, at 1pm US Eastern time? If you are around, you are welcome to join a free webinar I'll be giving on "Best Practices for Secure Unified Communications".

From time-to-time, you'll notice that those of us working with VOIPSA will take part in seminars/webinars offered by members of VOIPSA and we definitely enjoy doing so. For instance, as readers of the blog know, I've been speaking at Ingate's SIP Trunking seminars for quite some time now. We're generally open to speaking at anyone's event or webinar - as long as they understand that there is no endorsement of the company/vendors's products/services and that we are there to provide an industry-neutral point-of-view.

mitel-logo.jpgSo tomorrow at 1pm US Eastern I'll be speaking as part of Mitel's "Discovery Series" where they invite in guest speakers from the industry. You can join the webinar for free at Mitel's site. They asked me to speak about the threats/risks to voice over IP and unified communications and talk about best practices for protecting them. Here's the abstract:

Discover Best Practices for Secure Unified Communications

Presented by: Dan York, Voice Over IP Security Alliance (VOIPSA) October 28, 2008, 1:00 PM EDT / 10:00 AM PDT / 5:00PM GMT

With the emergence of Voice-over-IP and Unified Communications, companies now have incredible opportunities to provide a rich communication experience to employees located in a single location or distributed globally. But how does a company do this in a secure manner? How is the confidentiality and integrity of corporate conversations protected? How can a company be sure that its IP phone systems and IP trunks will always be available for usage? What are the issues around protecting SIP trunks or using hosted services?

In this webinar, VoIP Security Alliance Best Practices Chair Dan York will discuss the threats and risks to Voice-over-IP, the tools that are out to test (or attack) VoIP system and solutions and best practices for protecting your systems. He'll also address concerns around SIP trunking, Spam for Internet Telephony (SPIT) and the move to push voice out into hosted/cloud computing environments and the associated concerns. Come prepared to learn about securing your VoIP system, to ask questions about your deployments and to leave with tips and resources to protect and defend your systems.

The webinar will be recorded and posted for later viewing as well. I'll note that they also have a nice companion webinar to the one I'll be giving tomorrow in one that HP representatives recently have on network security as it relates to VoIP.

Anyway, if you are available tomorrow (Oct 28th) at 1pm please do feel free to join into the webinar. I'll post a note on this site, too, when it is available for later listening.

P.S. And yes, as a couple of people have asked, I do obviously have a closer association with this webinar than I do with some of the other vendors given that I worked at Mitel for 6 years and was their point person on VoIP security issues for much of that time. It will be fun to be speaking with them again.

Technorati Tags: , , , , , , , , ,

Blue Box Podcasts #83 and #84 now online - VoIP, SIP, Skype security...

blueboxlogo.jpgOver on Blue Box, I've now uploaded two recent episodes:

With that I am almost caught up with our main shows... and I still have a bunch of Special Editions to finish producing and post. I'm hoping to finish post-production on #85 tonight so that I can post it tomorrow. We'll see...

Technorati Tags: , , , , , , , , , ,

Slides from my ITEXPO security talk - SIP Trunking and Security in an Enterprise Network

Earlier this month out at ITEXPO in Los Angeles, I participated in the Ingate SIP Trunking seminars as I have been doing for the last year or so. My talk was "SIP Trunking and Security in an Enterprise Network". The slides are available for viewing or download from my SlideShare account and I'll also embed them here in this post.

I did record the presentation in both audio and video and hope to be making that available as a Blue Box podcast some time soon. I'll then sync the slides to the audio. Meanwhile... enjoy the slides!

Technorati Tags: , , , , , , , , ,

Heading out to Los Angeles this week for Communications Developer Conf / ITEXPO...

commdeveloperconference2008.jpgAs I note over in my Voxeo blog post, I'll be out at the Communications Developer Conference (co-located with ITEXPO) this week in Los Angeles. I will be speaking twice. First on Wednesday morning I'll be talking about SIP Trunking and security as part of the Ingate SIP Trunking workshops from 10:15-11:15am. Next, on Thursday, I'll be speaking about "Developing Voice Applications in the Cloud", a favorite topic of mine these days.

Voxeo will also have a booth and I expect to be there. I'm also doing some video interviews and other media work (actually on both sides of the camera). I'm looking forward to catching up with a good number of folks out at the show.

If you read this blog and are out there at either the Communications Developer Conference or ITEXPO, please do come by and say hello. I posted the schedule of talks over on Voxeo's blog site. You should be able to find out more about where precisely I am through either or

Technorati Tags: , , , , , , , , , , ,

Speaking at SpeechTEK next week in New York on voice application security... Sunday I'll be boarding a train bound for New York City where I'll be attending SpeechTEK for Monday through Wednesday. As I mentioned previously, on Tuesday, August 19th, I'll be giving a presentation on "Securing CCXML and VoiceXML Applications":
How secure are your speech applications? As the usage of both VoiceXML and CCXML continues to explode, and VoIP usage continues to grow dramatically, especially within enterprise environments, it is increasingly important that you ensure that applications and services are not open to attack. Learn about the potential vulnerabilities in a system using VoiceXML or CCXML, what you can do to secure these systems, and how you can develop a strong architecture.

It will be fun to expand my VoIP security commentary beyond my usual scope of networks and more into voice applications. I'm planning to record it (and have permission to do so) and potentially put it out as a Blue Box podcast.

At SpeechTEK there will also be a good number of us from Voxeo there. We'll have a booth (#804) and we've got some exciting announcements coming up... ;-)

If you are down at SpeechTEK, please do drop a note and let me know.

Technorati Tags: , , , , , , , , ,

Heading out to ClueCon 2008, Telephony Developer Conference, this week..

cluecon08logo-1.jpgThis afternoon I'll be heading to the airport to fly out to Chicago to be part of ClueCon this week. Haven't heard of ClueCon before? Here's the quick summary:
ClueCon - is an annual 3-Day Telephony User and Developer Conference bringing together the entire spectrum of Telephony from TDM circuits to VoIP and everything in between. The presentations and discussions will cover several open source telephony applications such as Asterisk/Callweaver, Kamailio (formerly OpenSER), Bayonne, YATE and FreeSWITCH.

Billed as the "Telephony Developer Conference" it primarily focuses on the whole world of open source telephony.

I'll be there as part of two panels. First, tomorrow I'll be joining fellow VoIP bloggers Andy Abramson and Thomas Howe on a "VoIP Roundtable" to talk about current industry themes and trends. Then on Thursday I'll be part of a "VoIP Security Roundtable" talking about... gee... can you guess?

It should be a fun event... I'm looking forward to catching up with Andy, Thomas, Moshe Yudkowsky, Jon Todd and several others. There are also some folks on the schedule with whom I have corresponded but never physically me, so that will be nice as well. If any of you reading this will also be there, please do feel free to drop me a note so that we can connect.

Technorati Tags: , , , , , , , , , , , , ,

Tracking iSkoot's security issue exposing Skype usernames and passwords

voipsalogo.jpgOver on the Voice of VOIPSA weblog, I have been tracking a security issue in the iSkoot program that was transmitting your Skype username and password in the clear. The post, its comments, and the corresponding links off of it make for some interesting reading.

It also shows the speed at which the blogosphere can react and potentially help sort things out. In the space of about 48 hours, a problem was found, confirmed, identified by the vendor and apparently will be fixed shortly. I'll be writing more about this later today over on the Voice of VOIPSA weblog, but for now I'll just say that it's great to see that the problem is being dealt with.

Technorati Tags: , , , , , , ,