« Total Information Awareness is dead. Long live Total Information Awareness | Main | Who Is Controlling Your Bluetooth Phone? »

March 03, 2006

Skype potential vulnerabilities and lessons in cryptography

I'm not a Skype user, but after the mention in class of surveilling VoIP network data, I got curious about potential Skype vulnerabilities. Apparently, last fall, some security flaws were discovered that were corrected, but...

This article (from last November) explains why there might be more risks that haven't yet been discovered:

Skype is also “port agile”, meaning that if a firewall port is blocked, Skype will seek other open ports to establish a connection, Newton says.

As a result, Skype could provide a back door into otherwise secure networks for Trojans, worms and viruses, Newton says.

It could also provide a channel for corporate data to be freely shared among users without any security considerations, he says.

For anyone interested, could someone provide some explanation of "port agility" and more generally, how ports function on / across networks?

In my searching, I also found this article that gets into a good discussion of cryptography on the net and the lessons that Skype provides.

Is strong crypto worse than weaker crypto? Lessons from Skype

Apparently, "Skype has also done more to put crypto into the hands of the public, for use in person to person communications, than anybody." The author here seems to be arguing that Skype's encryption scheme is especially strong due to the fact that they developed their own protocol instead of using SIP. If Skype does somehow remain secure and gaining popularity, how does this effect protocol standards and open source methodologies?

Posted by xncroft at March 3, 2006 04:05 PM

Trackback Pings

TrackBack URL for this entry:
http://itp.nyu.edu/~rck2/cgi-bin/mt/mt-tb.cgi/53

Listed below are links to weblogs that reference Skype potential vulnerabilities and lessons in cryptography:

» Personal Loans from Personal Loans
Loans: Personal Loans [Read More]

Tracked on March 7, 2006 02:11 PM

» Personal Loans from Personal Loans
Loans: Personal Loans [Read More]

Tracked on March 7, 2006 02:13 PM

Comments

Post a comment




Remember Me?