Hi guys,
I noticed alot of ppl are starting or are using skype. A very few of these people know, that their skype client sometimes acts as relay for other clients thus using your cpu and bandwith, also it sniffs around on your local network looking for other skype clients and much more... To me it actually feels like a very clever trojan vith voip and chat capabilities. In many big corporations skype is considered a security threat.
Conclusion
Good Points:
Bad points:
Here are some really nice reports on this matter for those interessted in details:
hxxp://sans.org/reading_room/whitepapers/voip/skype-practical-security-analysis_32918
hxxps://dpacket.org/articles/revealing-skype-traaffic-when-randomness-plays-you
I noticed alot of ppl are starting or are using skype. A very few of these people know, that their skype client sometimes acts as relay for other clients thus using your cpu and bandwith, also it sniffs around on your local network looking for other skype clients and much more... To me it actually feels like a very clever trojan vith voip and chat capabilities. In many big corporations skype is considered a security threat.
Conclusion
Good Points:
- Skype was made my clever people
- Good use of cryptography
Bad points:
- Hard to enforce a security policy with Skype
- Jams traffic, can't be distinguished from data exfiltration
- Incompatible with traffic monitoring, IDS
- Impossible to protect from attacks
- Total blackbox. Lack of transparency. No way to know if there is/will be a backdoor.
- Fully trusts anyone who speaks Skype.
Here are some really nice reports on this matter for those interessted in details:
hxxp://sans.org/reading_room/whitepapers/voip/skype-practical-security-analysis_32918
hxxps://dpacket.org/articles/revealing-skype-traaffic-when-randomness-plays-you