Top Ten Concerns to Skype Security

Top Ten Concerns to Skype Security
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Top Ten Concerns to Skype Security hi2005 10-18-2005
Posted by on October 18, 2005, 11:47 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
As a security professional, I adopt Skype as my primary IM due to its
encryption and firewall bypass. Although firewall bypass is the direct
experience, encryption is just claimed by Skype. Nothing more about the
encryption mechanism, such as the key generation, management and etc.
The following is the Top Ten Questions I want to know about Skype
security issues:

1. does Skype company de-encrypt/record my talk/chat?
2. besides the parties of the talk/chat, any body else can read/hear
the content?
3. how does Skype process the talk/chat traffic along the internet
route?
4. is the talk/chat content stored at somewhere else at the
internet?
5. how does Skype negotiate the session-key used to encrypt the
traffic?
6. what algorithm does Skype used to encrypt the talk/chat traffic?
(more detailed info than just AES)
7. how does Skype store the public/private key pairs of skype
client?
8. is there any means to identify the traffic at network layer?
(though Verso has succeeded in it, I mean what means Skype support)
9. is there any existing mechanism to account/audit the activities
of the skype client, or recommendation from Skype?
10. is there any country agents involved at the key management?

What's yours most of concern questions? want to know from Skype?
Welcome to <a href="http://hi2005.wordpress.com">my blog.</a>



Posted by Walter on November 2, 2005, 12:46 am
If you were  Registered and logged in, you could reply and use other advanced thread options
hi2005@gmail.com wrote:
> As a security professional, I adopt Skype as my primary IM due to its
> encryption and firewall bypass. Although firewall bypass is the direct
> experience, encryption is just claimed by Skype. Nothing more about the
> encryption mechanism, such as the key generation, management and etc.
> The following is the Top Ten Questions I want to know about Skype
> security issues:
> 6. what algorithm does Skype used to encrypt the talk/chat traffic?
> (more detailed info than just AES)
> 7. how does Skype store the public/private key pairs of skype
> client?

Are these two questions related to each other? If yes, the AES cipher is
an symmetrical one where you only need a private key. If skype uses an
asymmetrical cipher as well it would be nice if anyone outside there
could explain the function of this cipher (in skype). Maybe to negotiate
the symetrical key as SSL do it?

Walter


Similar ThreadsPosted
ICMP Type 8 Echo Request packet security concerns October 11, 2005, 5:39 am
SSH Tunnel Concerns .. July 5, 2004, 8:53 am
BBC links:Privacy Concerns over States/Corporations'Use of Personal Info December 23, 2006, 3:17 am
Using Skype from corporate network ... ? September 5, 2005, 12:26 am
Efficient products to block Skype June 27, 2007, 6:01 pm
Skype Based Remote Desktop & Netmeeting January 6, 2006, 2:55 am
Windows Reboots Triggered Skype Glitch August 20, 2007, 10:26 pm
Re: Deleting names from Skype login window dropdown list September 6, 2007, 1:17 am
Security Breaches Pandemic - Deloitte Touche 2006 Global Security Survey June 29, 2006, 12:42 am
New site dedicated to security conferences : www.security-briefings.com May 6, 2006, 11:16 am

The site map in XML format XML site map

Contact Us | Privacy Policy