Ray
Thu May 05 13:52:52 CDT 2005
Take a look at your firewall logs using your computer as the source IP and
you'll see your little friend Skype is accessing computers continuously all
over the world. That traffic entering and leaving my corporate network is
not my definition of "safe and secure."
Ray
"Tom Pepper Willett" <tompepper@mvps.org> wrote in message
news:eSgW%23oWUFHA.2520@TK2MSFTNGP09.phx.gbl...
> I did much research before installing and using the most recent version(s)
> of Skype, and all the conclusions I found were that it is safe and secure.
>
> Tom
>
> "S. Pidgorny <MVP>" <slavickp@yahoo.com> wrote in message
> news:OKjOojVUFHA.2128@TK2MSFTNGP15.phx.gbl...
> | This is all based on rumour and as such sould be considered very
> | questionable until rpoven otherwise. From what I see now, Skype isn't
that
> | bad see the analysis at
> |
http://www1.cs.columbia.edu/~salman/skype/Skype_Analysis_1_3.pdf
> |
> | If somebody can compromise your computer, Skype won't be a preferred way
> to
> | grab information from the system. And it's not too complicated to write
> code
> | that will use microfone and send audio stream to the Internet.
> |
> | Cheers
> |
> | Slav
> |
> |
> | "cc" <anonymous@disscussion.microsoft.com> wrote in message
> | news:eh765nKUFHA.1152@tk2msftngp13.phx.gbl...
> | > Thank you. Svyatoslave.
> | > Do you mean that analogue signals has inherent insecurity problems
> without
> | > accessing to the internet?
> | >
> | > "the compromised system will send all audio from the room"--Do you
mean
> it
> | > is a method to test if the system is compromised?
> | >
> | > "S. Pidgorny <MVP>" <slavickp@yahoo.com>
> | дÈëÏûÏ¢ÐÂÎÅ:OjJmwCKUFHA.580@TK2MSFTNGP15.phx.gbl...
> | > I'm not certain about that, but I heard that there are tools that
allow
> to
> | > reconstruct conversation from a network capture - thus potential for
> | > eavesdropping exists even without the need to compromise the system.
On
> | the
> | > other hand, Skype has encryption.
> | >
> | > Converting to a bug: this bit does require a backdoor to the system.
> Once
> | > there, you can enable mike and dial yourself - the compromised system
> will
> | > send all audio from the room.
> | >
> | > VoIP opens the whole world of opportunities - and also reminds us
about
> | > inherent insecurities in traditional telephony, which is in many
casess
> | > considered a trusted communication channel, to my eternal wonder.
> | >
> | > --
> | > Svyatoslav Pidgorny, MS MVP - Security, MCSE
> | > -= F1 is the key =-
> | >
> | > "cc" <anonymous@disscussion.microsoft.com> wrote in message
> | > news:uA4UO09TFHA.2388@TK2MSFTNGP10.phx.gbl...
> | > > If the system is cracked, would the voice communications be
> eavesdroped?
> | > > What do you mean by "converting the system to an audio bug with
skype
> | > > client"?
> | > >
> | > > "S. Pidgorny <MVP>" <slavickp@yahoo.com>
> | > дÈëÏûÏ¢ÐÂÎÅ:uy4sZw8TFHA.2304@tk2msftngp13.phx.gbl...
> | > > No, nothing severe. Substantial prerequisites in terms of insecurity
> are
> | > > required to eavesdrop the communications or convert your system to
an
> | > audio
> | > > bug with skype client. I would say, it's equal to the traditional
> | analogue
> | > > phone.
> | > >
> | > > --
> | > > Svyatoslav Pidgorny, MS MVP - Security, MCSE
> | > > -= F1 is the key =-
> | > >
> | > > "cc" <anonymous@disscussion.microsoft.com> wrote in message
> | > > news:uWEO4o8TFHA.4056@TK2MSFTNGP15.phx.gbl...
> | > > > The use of Skype is completely based on internet. I wonder if the
> | > software
> | > > > is secure. Any severe security problems found in this software?
> | > > >
> | > > > Any technical comments would be much appreciated.
> | > > >
> | > > >
> | > >
> | > >
> | > >
> | >
> | >
> | >
> |
> |
>
>