Skype - exposed

Printable View

March 13th, 2006, 05:01 PM
karavay

Skype - exposed

Hey guys as the popularity of this messenger-voip communication software, grows I was thinking to investigate the security side of this software:

-Communication security
-Local security
-overall security issues

Please post any information u came across (security related) in regarding to this software!
March 13th, 2006, 05:18 PM
ByTeWrangler

Greeting's

Skype for windows V 2.x

Skype for windows V 1.x

Skype for Pocket PC 1.x

Skype for Mac OS X 1.x

Skype for Mac OS X 0.x

Skype for Linux 1.x

Skype for Linux 0.x

Try www.google.com
March 13th, 2006, 05:27 PM
J_K9

Skype's own Security Bulletins might be handy too. Don't forget to check out SecurityFocus either. ;)

Cheers,

-jk
March 13th, 2006, 05:44 PM
karavay

http://www.simson.net/ref/2005/OSI_Skype6.pdf - Security Overview
March 13th, 2006, 05:47 PM
SirDice

Skype Uncovered
March 13th, 2006, 06:11 PM
Sm0kinP0t

Skype claims to have a 128bits encryption, but there's p.o.c. that existing programs (like Cain&Abel - www.oxid.it ) can tap and intercept VoIP conversations.
This is an automated process done by the program, the user has to have no ability at all, no knowledge in spoofing and alikes to hijack and record the conversation...you can see how this could compromise a company on many aspects.

I would use it in day to day calls (their charge rates are really worth it), but never on a corporate enviroment.
March 13th, 2006, 06:33 PM
karavay

it uses RC5 to chiper its text chat communication but the key can be recoverd from outgoing UDP datagam... whats the point !!:) script kiddie protection :)
March 13th, 2006, 07:20 PM
karavay

how about local security where does it store passwords / conversation history / crypted or not?
March 14th, 2006, 11:09 AM
Digoy

Re: Skype - exposed

Quote:

Originally posted here by karavay
Hey guys as the popularity of this messenger-voip communication software, grows I was thinking to investigate the security side of this software:

-Communication security
-Local security
-overall security issues

Please post any information u came across (security related) in regarding to this software!

heres what i found:

http://articles.news.aol.com/busines...16153509990024

http://www.ctv.ca/servlet/ArticleNew...16?hub=SciTech

http://www.networkworld.com/community/?q=node/3375

http://www.strike-the-root.com/3/blow/blow6.html

http://www.smh.com.au/news/breaking/...151801336.html

http://www.skype.com/security/files/...evaluation.pdf

http://www.usatoday.com/printedition...kype17.art.htm

http://blogs.zdnet.com/ip-telephony/index.php?p=919

http://arik.baratz.org/wordpress/200...es-encryption/

http://www.voipplanet.com/trends/article.php/3567391

if you ask me this program probably have a much strong encryption
http://www.famatech.com/products/radmincs/ (not free)
but it doesnt use public servers like skype