Re: Skype (quick question)

A quick Google search will likely turn up all sorts of things. But from my previous research here are two things with which to be concerned.

1. While it uses AES encryption, Skype is very proprietary and thus the way they've implemented AES is unknown. Just because they use it doesn't mean it works if they've implemented it incorrectly.
2. Skype is a P2P application. Therefore it is possible that your call is being routed through many other computers along the way. This isn't normally the case, and of course it is encrypted (see above), but the fact that your call is going through an unknown third party system should be cause for concern. If they're using a weak encryption implementation and it is going through another person's computer it would be trivial to eavesdrop on a conversation.

Kenton

• Original Message ---- From: Richard J. Piedrahita <piedrahitar@frontiernet.net> To: security-basics@securityfocus.com Sent: Friday, February 8, 2008 2:11:31 PM Subject: Re:Skype (quick question)

Hi:

Has
anyone
heard
of
any
security
concerns
regarding
the
use
of
Skype?
If
any
anyone
knows
of
any
real
or
potential
security
issues,
could
you
let
me
know
by
responding
to
this
message
please?

Many
thanks,
Rick.

      Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail. Click on Options in Mail and switch to New Mail today or register for free at http://mail.yahoo.ca

• This message: [ Message body ]
• Next message: Dixon, Wayne: "RE: tiger message I don't understand"
• Previous message: Warren Myers: "Re: Gmail and https"
• Maybe in reply to: Ansgar -59cobalt- Wiechers: "Re: Skype (quick question)"
• Next in thread: Secure This: "Re: Skype (quick question)"
• Reply: Secure This: "Re: Skype (quick question)"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]