Slashdot Mirror

← Back to Stories (view on slashdot.org)

Skype Security and Privacy Concerns

Posted by Zonk on from the conversations-can-hurt dept.

CDMA_Demo writes "Scott Granneman at Security Focus is discussing the security and privacy issues thanks to eBay's acquisition of Skype. Says the help section on Skypke's website: 'Skype uses AES (Advanced Encryption Standard), also known as Rijndael, which is used by U.S. Government organizations to protect sensitive, information. Skype uses 256-bit encryption, which has a total of 1.1 x 1077 possible keys, in order to actively encrypt the data in each Skype call or instant message. Skype uses 1024 bit RSA to negotiate symmetric AES keys. User public keys are certified by the Skype server at login using 1536 or 2048-bit RSA certificates.' Scott Granneman debates that since Skype is owned by eBay and is closed source, we have no way of verifying this claim. Further, from the article: 'At the CyberCrime 2003 conference, Joseph E. Sullivan, Director of Compliance and Law Enforcement Relations for eBay, had this to say to a group of law enforcement officials: 'I know from investigating eBay fraud cases that eBay has probably the most generous policy of any internet company when it comes to sharing information.' This raises interesting questions about how Skype and eBay together will try to avert cyber criminals from using security flaws in either system to their advantage.'"

3 of 128 comments (clear)

  1. Good encryption or not.. by lightyear4 · · Score: 4, Informative


    Good encryption or not, I'd be more worried about the recent moves of the FCC to allow law enforcement virtual wiretap access. Our freedoms have eroded enough as of late, and it is disconcerting to say the very least. Here is the relevant link from the article and from the eff

  2. Re:Where's the DCMA? by generic-man · · Score: 3, Informative

    Dear Asm,

    I can assure that the Dutch Country Music Association is not involved with this acquisition.

    (Perhaps you mean DMCA)

    Sincerely,
    Kimo von Oelhoffen
    President, Dutch Country Music Association

    --
    For more information, click here.
  3. Re:Skype also opens up port 80 and 443 by default by moro_666 · · Score: 3, Informative

    since when is opening a tcp/ip port a security hole ?
    it's only a hole when your application listening on
    the port is buggy and hackable not when the port is
    opened up lol

    if every open port is a serious security hole for you
    , you should see a doctor. and by the way, if you want
    your ports to be closed or otherwise specially handled,
    get a firewall (a simple iptables setup will do), that's
    what they are for...

    you can't rely on applications not opening a port, almost
    every networking application that has to receive data from
    unknown external hosts (e.g. your chat friends) opens ports.
    even msn does it ... do you feel hacked now ?

    [oops, writing this note just made an outgoing tcp/ip socket]
    [from my machine, i'm all hacked & cracked now, damn u!]

    --

    I'd tell you the chances of this story being a dupe, but you wouldn't like it.