Skype = backdoor?

If you’re a Skype user, and many of us are (including me), you may be interested in this presentation by Philippe Biondi and Fabrice Desclaux. Be forewarned, it’s long and detailed, so here are the take-aways in the conclusion:

First the "Good Points"

  • Skype was made by clever people
  • Good use of cryptography

Then the "Bad Points"

  • Hard to enforce a security policy with Skype
  • Jams traffic, can’t be distinguished from data exfiltration
  • Incompatible with traffic monitoring, IDS
  • Impossible to protect from attacks (which would be
    obfuscated)
  • Total blackbox. Lack of transparency.
  • No way to know if there is/will be a backdoor
  • Fully trusts anyone who speaks Skype.

ZDNet explores the presentation more than I will but only a bit more than I did. Jan in Malaysia explores the safety of Skype password systems.  Googling Skype and backdoor returns a fair number of hits. I’d recommend Googling the news for more details.

Posted in ICT