[Dshield] Question on Skype

Craig craig at reswob.net
Fri Feb 17 16:48:09 GMT 2006

I don't know much about Skype other than what I've heard since I've 
started a VoIP project.  Skype has had it's share of vulnerabilities 
lately.  I believe the latest version has patched all that have been 
found (or rather all that have been publicly disclosed).  A good place 
to start learning about VoIP security is a podcast I've been listening 
to for the past couple of months:  http://www.blueboxpodcast.com/.  I've 
learned a LOT from these guys.  Also, the Voice over IP Security 
Alliance (http://www.voipsa.org/) has some good information as well as a 
mailing list. 

Skype is more of a peer to peer technology and VoIP generally doesn't 
like NAT, so there are a couple of issues for you to consider.

Craig L. Bowser
VOIP Security Engineer
SRA International, Inc.
craig.bowser1 at us.army.mil
The secret of success is sincerity. Once you can fake that you've got it made. - Jean Gieraudoux

Richard Roy wrote:
> I now have several remote users and they are interested in using skype
> as their main method of communication.  I am not a user of it at all,
> and as such I am rather unfamiliar with it.  Their main page seems to
> give some info about it, but I was wondering what the response would be
> from the security minded folks at dshield.  Is it secure? I realize that
> once it hits a public line it is no longer encrypted, but when it is ip
> to ip and over the internet is it secure?  I see it uses Rijndael
> encryption, but I thought I remembered reading some time ago that this
> type of encryption could be cracked theoretically.  Am I confusing this
> with something else.  Please point me in the right direction.  I do not
> want the users to have a false sense of security.
> We are planning a corporate move to voip by year end anyhow, so this
> just might be temporary.  Thanks.  Just trying to stay informed.
> Richard Roy
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of your own couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list