Security Basics mailing list archives
RE: Your opinion on Skype
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Tue, 30 Aug 2005 18:48:46 -0400
I heard this to. When you exit Skype, it does stay active on the task bar and I supposed can route calls. It's part of the official FAQ. Skype is a peer to peer app and it can route calls for other people while you're using it. The security issue here is that because you aren't sure who is involved, if someone ever develops a Skype buffer overflow from a malformed Skype packet, we're in trouble. But I also tested it and ran Ethereal while it remained in the taskbar...and in my limited testing (a few days, one computer, one location, Windows Firewall installed, behind hotel NAT box I'm sure), I didn't record a single Skype packet that wasn't from me to the person I was calling (I was using Skype Out a lot). My guess is that Skype does do the P2P thing...it's a security risk...like any software. You have to decide is the risk is worth the benefits. In my case, my cell phone doesn't work outside of the country and Skype Out lets me make 2 cent phone calls to anyone. I'm accepting the risk, but waiting the mail lists closely. And my travel laptop doesn't have secrets on it. At work, there should be valuable stuff you need to protect more. Roger ************************************************************************ *** *Roger A. Grimes, Banneret Computer Security, Consultant *CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, CHFI, TICSA *email: roger () banneretcs com *cell: 757-615-3355 *Author of Honeypots for Windows (Apress) *http://www.apress.com/book/bookDisplay.html?bID=281 ************************************************************************ **** -----Original Message----- From: Shawn Merdinger [mailto:shawnmer () gmail com] Sent: Tuesday, August 30, 2005 11:36 AM To: Chandrashekhar Mullaparthi Cc: security-basics () securityfocus com Subject: Re: Your opinion on Skype Hi Chandrashekhar, On 8/22/05, Chandrashekhar Mullaparthi <chandrashekhar.mullaparthi () t-mobile co uk> wrote:
On a Windows machine, even if you shutdown Skype it is still running in the background acting as a "super node" relaying calls for people who are behind very restrictive networks.
Can you please expand on this observation? Did you see this after the Skype application is MINIMIZED to the tray or actually shut down; that is, the application is killed and not listed in the Windows processes? Thanks, --scm
Current thread:
- FW: Your opinion on Skype Joe George (Aug 22)
- Re: Your opinion on Skype Chandrashekhar Mullaparthi (Aug 23)
- Re: Your opinion on Skype Shawn Merdinger (Aug 30)
- Re: FW: Your opinion on Skype cc (Aug 29)
- Re: FW: Your opinion on Skype Michael Puchol (Aug 30)
- RE: FW: Your opinion on Skype David Gillett (Aug 30)
- Re: FW: Your opinion on Skype Michael Puchol (Aug 30)
- <Possible follow-ups>
- RE: FW: Your opinion on Skype Joe George (Aug 30)
- RE: Your opinion on Skype Roger A. Grimes (Aug 30)
- Re: Your opinion on Skype Shawn Merdinger (Aug 31)
- Re: Your opinion on Skype Shawn Merdinger (Aug 31)
- Re: Your opinion on Skype Shawn Merdinger (Aug 31)
- Re: Your opinion on Skype Chandrashekhar Mullaparthi (Aug 23)