[Dshield] Question on Skype

Craig craig at reswob.net
Fri Feb 17 16:48:09 GMT 2006


I don't know much about Skype other than what I've heard since I've 
started a VoIP project.  Skype has had it's share of vulnerabilities 
lately.  I believe the latest version has patched all that have been 
found (or rather all that have been publicly disclosed).  A good place 
to start learning about VoIP security is a podcast I've been listening 
to for the past couple of months:  http://www.blueboxpodcast.com/.  I've 
learned a LOT from these guys.  Also, the Voice over IP Security 
Alliance (http://www.voipsa.org/) has some good information as well as a 
mailing list. 

Skype is more of a peer to peer technology and VoIP generally doesn't 
like NAT, so there are a couple of issues for you to consider.



Craig L. Bowser
VOIP Security Engineer
CISSP
SANS GSEC (Gold)
SRA International, Inc.
703-652-6912
craig.bowser1 at us.army.mil
-------------------------------
The secret of success is sincerity. Once you can fake that you've got it made. - Jean Gieraudoux



Richard Roy wrote:
> I now have several remote users and they are interested in using skype
> as their main method of communication.  I am not a user of it at all,
> and as such I am rather unfamiliar with it.  Their main page seems to
> give some info about it, but I was wondering what the response would be
> from the security minded folks at dshield.  Is it secure? I realize that
> once it hits a public line it is no longer encrypted, but when it is ip
> to ip and over the internet is it secure?  I see it uses Rijndael
> encryption, but I thought I remembered reading some time ago that this
> type of encryption could be cracked theoretically.  Am I confusing this
> with something else.  Please point me in the right direction.  I do not
> want the users to have a false sense of security.
>  
> We are planning a corporate move to voip by year end anyhow, so this
> just might be temporary.  Thanks.  Just trying to stay informed.
>  
> Richard Roy
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of your own couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
>
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
>
>
>   


More information about the list mailing list