Security Basics mailing list archives

RE: Your opinion on Skype

From: "Roger A. Grimes" <roger () banneretcs com>
Date: Tue, 30 Aug 2005 18:48:46 -0400

I heard this to. When you exit Skype, it does stay active on the task
bar and I supposed can route calls. It's part of the official FAQ. Skype
is a peer to peer app and it can route calls for other people while
you're using it. The security issue here is that because you aren't sure
who is involved, if someone ever develops a Skype buffer overflow from a
malformed Skype packet, we're in trouble.

But I also tested it and ran Ethereal while it remained in the
taskbar...and in my limited testing (a few days, one computer, one
location, Windows Firewall installed, behind hotel NAT box I'm sure), I
didn't record a single Skype packet that wasn't from me to the person I
was calling (I was using Skype Out a lot).

My guess is that Skype does do the P2P thing...it's a security
risk...like any software. You have to decide is the risk is worth the
benefits. In my case, my cell phone doesn't work outside of the country
and Skype Out lets me make 2 cent phone calls to anyone.  I'm accepting
the risk, but waiting the mail lists closely.  And my travel laptop
doesn't have secrets on it. At work, there should be valuable stuff you
need to protect more. 

Roger

************************************************************************
***
*Roger A. Grimes, Banneret Computer Security, Consultant 
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, CHFI, TICSA
*email: roger () banneretcs com
*cell: 757-615-3355
*Author of Honeypots for Windows (Apress)
*http://www.apress.com/book/bookDisplay.html?bID=281
************************************************************************
****



-----Original Message-----
From: Shawn Merdinger [mailto:shawnmer () gmail com] 
Sent: Tuesday, August 30, 2005 11:36 AM
To: Chandrashekhar Mullaparthi
Cc: security-basics () securityfocus com
Subject: Re: Your opinion on Skype

Hi Chandrashekhar,

On 8/22/05, Chandrashekhar Mullaparthi
<chandrashekhar.mullaparthi () t-mobile co uk> wrote:

On a Windows machine, even if you shutdown Skype it is still running 
in the background acting as a "super node" relaying calls for people 
who are behind very restrictive networks.


Can you please expand on this observation?  Did you see this after the
Skype application is MINIMIZED to the tray or actually shut down; that
is, the application is killed and not listed in the Windows processes?

Thanks,
--scm

Current thread:

FW: Your opinion on Skype Joe George (Aug 22)
- Re: Your opinion on Skype Chandrashekhar Mullaparthi (Aug 23)
  - Re: Your opinion on Skype Shawn Merdinger (Aug 30)
- Re: FW: Your opinion on Skype cc (Aug 29)
  - Re: FW: Your opinion on Skype Michael Puchol (Aug 30)
    - RE: FW: Your opinion on Skype David Gillett (Aug 30)
- <Possible follow-ups>
- RE: FW: Your opinion on Skype Joe George (Aug 30)
- RE: Your opinion on Skype Roger A. Grimes (Aug 30)
  - Re: Your opinion on Skype Shawn Merdinger (Aug 31)
    - Re: Your opinion on Skype Shawn Merdinger (Aug 31)