Educause Security Discussion mailing list archives
Re: Skype risk assessment
From: David Gillett <gillettdavid () FHDA EDU>
Date: Fri, 14 May 2010 14:27:55 -0700
I'm somewhat annoyed that the designers of Skype decided up front that network policy and security were their enemy. It's an awkward place from which to start a conversation. On the other hand, it was discovered sometime last year that all Skype calls into and out of China are archived in case their government gets curious. As usual, notions of risk depend very much on what you consider to be the asset, and what the threat. As far as I can see, Skype's peer-to-peer mode amounts to users subsidizing their bandwidth. Since we get public funds, that's probably illegal on our campus (but I am not a lawyer and so far as I know our counsel has not advised us on this). In general, if the campus phone system isn't meeting someone's needs, we'd prefer that they talk to our tech group than that they just try to implement VOIP themselves piecemeal. We *do* have Skype sanctioned and supported to provide "video phone" service for deaf students. Oh yes -- it has a file-delivery function too, which since it's encrypted may serve as a stealth vector for malware. David Gillett, CISSP CCNP Sr Security Engineer Foothill-De Anza Community College District -----Original Message----- From: Alex Keller [mailto:alkeller () sfsu edu] Sent: Friday, May 14, 2010 13:51 To: SECURITY () listserv educause edu Subject: Re: [SECURITY] Skype risk assessment this BlackHat presentation may be of interest. it would seem that Skype employs some fairly sophisticated obfuscation techniques. looks like there is plenty to be concerned about. http://blackhat.com/presentations/bh-europe-06/bh-eu-06-biondi/bh-eu-06-bion di-up.pdf -- Alex Keller Systems Administrator Academic Technology, San Francisco State University Office: Burk Hall 153 Phone: (415)338-6117 Email: alkeller () sfsu edu
Current thread:
- Skype risk assessment Steve Werby (May 12)
- <Possible follow-ups>
- Re: Skype risk assessment Matthew Giannetto (May 14)
- Re: Skype risk assessment Alex Keller (May 14)
- Re: Skype risk assessment David Gillett (May 14)