Re: Skype (quick question)

[Secure This <lists () securethis net>]

If I remember correctly there is a Chinese language based rip off of 
Skype. Each time Skype update their program these guys seem to quickly 
be able to crack it and continue update their own software.

Skype is more business friendly now - you can run your own server, but 
the points below are still valid.

Kenton Smith wrote:
> A quick Google search will likely turn up all sorts of things. But from my previous research here are two things with 
> which to be concerned.
>
> 1. While it uses AES encryption, Skype is very proprietary and thus the way they've implemented AES is unknown. Just because they 
> use it doesn't mean it works if they've implemented it incorrectly.
> 2. Skype is a P2P application. Therefore it is possible that your call is being routed through many other computers along the way. 
> This isn't normally the case, and of course it is encrypted (see above), but the fact that your call is going through an unknown 
> third party system should be cause for concern. If they're using a weak encryption implementation and it is going through another 
> person's computer it would be trivial to eavesdrop on a conversation.
>
> Kenton
>
> ----- Original Message ----
> From: Richard J. Piedrahita <piedrahitar () frontiernet net>
> To: security-basics () securityfocus com
> Sent: Friday, February 8, 2008 2:11:31 PM
> Subject: Re:Skype (quick question)
>
> Hi:
>
> Has 
> anyone 
> heard 
> of 
> any 
> security 
> concerns 
> regarding 
> the 
> use 
> of 
> Skype?  
> If 
> any 
> anyone 
> knows 
> of 
> any 
> real 
> or 
> potential 
> security 
> issues, 
> could  
> you 
> let 
> me 
> know 
> by 
> responding 
> to 
> this 
> message 
> please?
>
> Many 
> thanks, 
> Rick.
>
>
>
>
>
>
>
>       Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail.  Click on Options in Mail and switch to New Mail today or register for free at http://mail.yahoo.ca 
>