Slashdot Mirror

← Back to Stories (view on slashdot.org)

Research Group Pushes to Ban Skype

Posted by ScuttleMonkey on from the only-as-secure-as-you-make-it dept.

cowmix writes "Hot on the heals of Skype being purchased by Ebay, a research group called Info-Tech just put out a recommendation to its customers that all corporations should ban the use of Skype on their networks. The reports sites a laundry list of issues it feels plagues Skype, most of which will have a familiar ring (ie the normal anti-IM and P2P talking points). Will this cool Skype's rapid progress into the business arena?"

20 of 196 comments (clear)

  1. Not if by Cruithne · · Score: 4, Funny

    Will this cool Skype's rapid progress into the business arena?"

    Not if a first post on slashdot links to http://www.skype.com/

    1. Re:Not if by Cruithne · · Score: 5, Funny

      If you mod parent up, Skype will become more powerful than TFA could ever imagine...

    2. Re:Not if by Gentlewhisper · · Score: 5, Interesting

      Not to sound like a troll, but who the hell is this Info-Tech group?

      Likewise we have groups like "The Yankee Group" and what have you endorsing cheesy TCO studies for Windows and stuff.

      So the dog has spoken, at the end of the day the question remains, who the hell fracking cares?

      --
      Online backup with Mozy, sounds like Ozzie, but more!
    3. Re:Not if by farker+haiku · · Score: 5, Informative

      Well, I tried to find out how legit they were by reading some of their "white papers" like their guide to securing 802.11, but the cost was 450 dollars a year for membership. Heh.

      --
      Your sig(k) has been stolen. There is a puff of smoke!
    4. Re:Not if by Anonymous Coward · · Score: 5, Funny

      If they charge a lot of money for membership, they must be good!

    5. Re:Not if by Jaseoldboss · · Score: 4, Interesting

      One of the reasons:

      Enterprises using Skype risk a communication barrier with countries and institutions that have already banned the service.

      So follow our advice, ban it and create a communications barrier first?

      Seriously though, isn't Skype bad? Close source, uses your bandwidth for other users. If it becomes the dominant standard surely that leaves it open to being milked for all it's worth by eBay?

  2. Sounds Familiar by Anonymous Coward · · Score: 4, Interesting

    This seems to be happening frequently. There was a push to ban Skype in Aussie-land recently. Seems rather typical, but I doubt the bad press will have too much effect on Skype's momentum. Any business considering Skype as a solution would've disregarded such issues already.

  3. Half-truths by Anonymous Coward · · Score: 5, Interesting

    Skype is not standards-compliant true

    allowing it and any vulnerability to pass through corporate firewalls. false - true of any software

    Skype's encryption is closed source and prone to man-in-the-middle attacks. true - one has no cyptographic assurance that there is no MITM with Skype

    Enterprises using Skype risk a communication barrier with countries and institutions that have already banned the service. false

    Skype is undetectable, untraceable, and unauditable, putting organizations that are subject to compliance laws at risk. FUD

    The question of whether VoIP calls constitute a business record is a legal quagmire. Throwing Skype into the communications mix further clouds the issue.

    false - lots of businesses use VoIP

    1. Re:Half-truths by egjertse · · Score: 5, Informative
      Oh dear... Have you even used Skype?

      Only Linux/ALSA is supported.

      Windows, Linux and MacOS is supported. On Linux, Skype uses OSS, not ALSA. ALSA support is in the works.

      Audio is poor quality: only 8KHz 1 channel 8 bit sampling.

      Audio quality scales with available bandwith/cpu power. Skype dynamically switches codecs depending on the available resources.

      Encryption not turned on by default.

      Really? All Skype calls are encrypted end-to-end by default - Skype to PSTN calls are encrypted until it reaches the PSTN network.

      User interface uses harsh, unfriendly colours.

      Subjective. The Linux version can easily be themed through QT, as it is dynamically linked to your QT library.

      The ringing sound is kind of loud, and surprises you when you're not expecting it because you forgot to set your status to not interrupt you.

      Not only can you change the default ring tone, you can download free ringtones from the Skype website...

      So... What was the problem again?

      --
      ^]:wq!^M
  4. Did this research group forget something? by kihjin · · Score: 4, Funny

    Comments Armstrong, "The bottom line is that even a mediocre hacker could take advantage of a Skype vulnerability. If you are going to use Skype within enterprise, manage it as you would any other IT service: with policy and diligence."

    Armstrong, you misspelled Windows.

    --
    This slashdot-related signature is a stub. You can help kihjin by expanding it.
  5. Non-issue really by aussie_a · · Score: 5, Insightful

    Companies that are already banning peer-to-peer applications, such as instant messaging, should add Skype to its list of unsanctioned software programs

    Well no shit, sherlock. If a company feels that IM software (such as AIM or MSN) is a security risk, then of course they should consider Skype a security risk. It's called consistency. This is really a non-issue. New messaging program comes out (which in a way, is what Skype is), companies that ban other messaging programs add it to their ban list. Those that don't ban messaging programs, don't.

    This is pretty much a non-article. And it won't slow the proliferation of Skype in the business world, because I doubt companies that banned other IM programs, really needed Info-Tech to tell them to add Skype to the list (I'm sure Info-Tech is just doing it to be consistent as well).

  6. Research? by ageitgey · · Score: 4, Insightful
    Reasons to ban Skype:
    • 3. Enterprises using Skype risk a communication barrier with countries and institutions that have already banned the service.
    Really? Are you serious? That's what you guys came up with? Should we ban blackberry pagers because not all employees have mobile email access and thus might face a communication barrier with those who do?
    --
    Uninnovate - Only the finest in engineering.
  7. The power of documentation? by aussie_a · · Score: 4, Funny

    Approximately 17 million registered Skype users are using the service for business purposes," says Armstrong. "Unless an organization specifies instances where Skype use is acceptable, and outlines rules for client-side Skype settings, that's 17 million opportunities for a hacker to invade a corporate network.

    Wait. So just by having a policy, Skype becomes unhackable? That's incredible. I never knew that a policy (no matter what the policy was) could work so well. Perhaps if all businesses developed a policy like "No computer shall have Windows installed on it" then the amount of hacking businesses suffer from would drop dramatically. All because someone created a document.

    Thanks Info-Tech. You just saved my business!

    P.S. I was being sarcastic. Although creating a policy banning Windows WOULD decrease the amount of hacking that occurs.

  8. Flawed analysis by d_jedi · · Score: 5, Insightful

    - Skype is not standards-compliant, allowing it and any vulnerability to
                  pass through corporate firewalls.

    And how would this be different if Skype was standards compliant?

            - Skype's encryption is closed source and prone to man-in-the-middle
                  attacks. There are also some unanswered questions about how well the
                  keys are managed.

    Ooh.. closed source is evil! By this logic, Info-Tech should recommend banning Windows (to the delight, I'm sure, of many /.ers)

            - Enterprises using Skype risk a communication barrier with countries
                  and institutions that have already banned the service.

    Is this a joke? I dunno about you, but I haven't seen any companies completely give up.. what's that thing?.. the telephone in favour of Skype..

    Skype is a useful tool. That's all I've got to say about that.

    --
    I am the maverick of Slashdot
  9. Info-Tech, No conflict of interest there... by aywwts4 · · Score: 5, Informative

    One of the services they offer are VOIP comparisons for 200 dollars, Of their twelve endorsed vendors Skype is nowhere on the list. http://www.infotech.com/Products%20and%20Services/ Vendor%20and%20Software%20Selection/VoIP.aspx

    Now lets not give this poor piece of press release any more credence then it deserves, It may be on yahoo's page but its only the equivalent of a company making a mock news story about themselves.

    --
    Web Developers: Celebrate to our roots! Animated Gifs and Tiled Backgrounds, dont let our history die!
  10. Re:Vast government powers by mmkkbb · · Score: 4, Insightful

    Countries don't ban Skype because of security issues; they ban it to prevent competition with the phone monopoly.

    --
    -mkb
  11. Re:Valid Points by Spoke · · Score: 4, Insightful

    All of the points in the article were valid points.

    Not even close to all of the points were valid points. Not even half of them made any sense! And you can't even call TFA an article, it's a friggin' press release.

    VOIP, closed source and NAT traversal are hardly anything that your typical business spends any time worrying about. In fact, VOIP, closed source software and NAT traversal is standard operating procedure for most companies (or at least 2 of 3 of them).

  12. Petty and un-ethical! by exaviger · · Score: 4, Insightful

    This sounds like a direct attack on skype

    Replace the word skype with virtually any other software and the article would still be valid.

    I feel sick when i read such articles and I feel even sicker when an article like this http://www.enterprisenetworkingplanet.com/netsp/ar ticle.php/3563226 gets relased at virtually the same time.

    I am not a conspiracy theory kind of guy, but why the sudden noise about skype's insecure desgin using the http protocol to work over NAT at the same time that Microsoft and Cisco find a way for SIP to work "securely" over NAT?

    Call me paranoid but I find this very weird!

  13. WTF... by Hymer · · Score: 4, Insightful
    from TFA :
    1. Skype is not standards-compliant, allowing it and any vulnerability to pass through corporate firewalls.
    2. Skype's encryption is closed source and prone to man-in-the-middle attacks. There are also some unanswered questions about how well the keys are managed.
    3. Enterprises using Skype risk a communication barrier with countries and institutions that have already banned the service.
    4. Skype is undetectable, untraceable, and unauditable, putting organizations that are subject to compliance laws at risk.
    5. The question of whether VoIP calls constitute a business record is a legal quagmire. Throwing Skype into the communications mix further clouds the issue.
    ...and what I think about them...
    1. Neither is MS Office (or several other MS products), Adobe Photoshop etc.
    2. So are several other encryppiton schemes... and a man in the middle attack is in fact easiest to make on a POTS, just connect a speaker to the wire.
    3. Use SkypeOut, POTS or a cell phone ?
    4. That seems to be the mantra now : encapsulate everything in HTTP
    5. Busuness record ? if it is not on paper or other approved medium it is not a valid record... and btw. VoIP on a Cisco CallManager is strictly speaking still just VoIP, so I presume that several large banks have the same problem ?
    No, I do not defend Skype, I do however attack Info-Tech's lack of sanity !!
  14. There are two simple reasons why Skype use is bad by aarku · · Score: 5, Informative

    And they are outlined in great length here.