1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Why (not)avoid skype?

Discussion in 'Blogging' started by rorre, Nov 21, 2011.

  1. rorre

    rorre Newbie

    Joined:
    Aug 8, 2011
    Messages:
    16
    Likes Received:
    3
    Occupation:
    Magician
    Location:
    A long time ago in a galaxy far, far away...
    Hi guys,
    I noticed alot of ppl are starting or are using skype. A very few of these people know, that their skype client sometimes acts as relay for other clients thus using your cpu and bandwith, also it sniffs around on your local network looking for other skype clients and much more... To me it actually feels like a very clever trojan vith voip and chat capabilities. In many big corporations skype is considered a security threat.

    Conclusion
    Good Points:

    • Skype was made my clever people
    • Good use of cryptography

    Bad points:

    • Hard to enforce a security policy with Skype
    • Jams traffic, can't be distinguished from data exfiltration
    • Incompatible with traffic monitoring, IDS
    • Impossible to protect from attacks
    • Total blackbox. Lack of transparency. No way to know if there is/will be a backdoor.
    • Fully trusts anyone who speaks Skype.

    Here are some really nice reports on this matter for those interessted in details:
    hxxp://sans.org/reading_room/whitepapers/voip/skype-practical-security-analysis_32918
    hxxps://dpacket.org/articles/revealing-skype-traaffic-when-randomness-plays-you
     
    • Thanks Thanks x 1