Skype Security and Privacy Concerns

← Back to Stories (view on slashdot.org)

Skype Security and Privacy Concerns

Posted by Zonk on Thursday September 22, 2005 @10:11AM from the conversations-can-hurt dept.

CDMA_Demo writes "Scott Granneman at Security Focus is discussing the security and privacy issues thanks to eBay's acquisition of Skype. Says the help section on Skypke's website: 'Skype uses AES (Advanced Encryption Standard), also known as Rijndael, which is used by U.S. Government organizations to protect sensitive, information. Skype uses 256-bit encryption, which has a total of 1.1 x 10⁷⁷ possible keys, in order to actively encrypt the data in each Skype call or instant message. Skype uses 1024 bit RSA to negotiate symmetric AES keys. User public keys are certified by the Skype server at login using 1536 or 2048-bit RSA certificates.' Scott Granneman debates that since Skype is owned by eBay and is closed source, we have no way of verifying this claim. Further, from the article: 'At the CyberCrime 2003 conference, Joseph E. Sullivan, Director of Compliance and Law Enforcement Relations for eBay, had this to say to a group of law enforcement officials: 'I know from investigating eBay fraud cases that eBay has probably the most generous policy of any internet company when it comes to sharing information.' This raises interesting questions about how Skype and eBay together will try to avert cyber criminals from using security flaws in either system to their advantage.'"

3 of 128 comments (clear)

Isn't that the way ... by gregduffy · 2005-09-22 10:13 · Score: 5, Insightful

[since it] is closed source, we have no way of verifying this claim

isn't that the way with all closed source software?
Rub those elbows by MonGuSE · 2005-09-22 10:31 · Score: 5, Insightful

Joseph E. Sullivan, Director of Compliance and Law Enforcement Relations for eBay, had this to say to a group of law enforcement officials: 'I know from investigating eBay fraud cases that eBay has probably the most generous policy of any internet company when it comes to sharing information.

Another words we help you guys out in law enforcement alot when we shouldn't so please don't step in and bother us when you should. Its a win, win we can both screw the little people at the same time.
Re:Is there even a coherent thought here? by Anonymous Coward · 2005-09-22 10:34 · Score: 5, Insightful

Ok, well let me try to spell this out:

Company A says they encrypt -- good for privacy. If anyone had data collected, it will be encrypted and thus a bit more meaningless. We cannot verify if Company A is telling the truth. Maybe there's encryption, maybe there's not. Not good for absolute privacy.

Company B readily shares information with others. Not good for privacy at all.

Company B purchases Company A -- so B, with its reputation to piss away your privacy now has a product that may or may not protect your privacy.

With the way B has conducted business, it may be implied that A isn't trustworthy, regardless of wheter they do encryption or not...simply because at the hands of B, your data isn't sacred.

Almost like a Microsoft buying Claria or something.