Slashdot Mirror

← Back to Stories (view on slashdot.org)

Russian FSB Can Reportedly Tap Skype Calls

Posted by Soulskill on from the in-soviet-russia-skype-calls-on-you dept.

An anonymous reader writes "Previous reports of a Microsoft provided backdoor to Skype has been unconfirmed. However, there are now reports that Russian federal security service FSB is able to tap call and locate users. 'FSB and the Internal Affairs Ministry (MVD) have been capable to wiretap and locate Skype users for some years already, reported Vedomosti on Thursday [Google translation of Russian original]. The newspaper is citing experts on information security. "Special services have been capable for several years not only to wiretap but also to locate a Skype user. That's why, for instance, employees of our company are forbidden to discuss business-related topics on Skype," General Director of Group-IB, Ilya Sachkov, says to Vedomosti. "After Microsoft acquired Skype in May 2011, it updated the software with technology allowing legitimate wiretapping," says Maksim Emm, Director of Peak Systems.'"

96 of 136 comments (clear)

  1. Ah, the consequences of closed-source by staltz · · Score: 5, Insightful

    The Skype P2P protocol has always been an issue to worry about. It's hard to break/understand, and I've seen research papers that just scratched the surface of the protocol.

    I never doubted that really smart minds (like Russians) would eventually crack it and exploit it. This would never happen with an open-source protocol.

    1. Re:Ah, the consequences of closed-source by iggymanz · · Score: 4, Interesting

      no one with a smart mind cracked it, microsoft just rolled over for the russian government

    2. Re:Ah, the consequences of closed-source by Pi1grim · · Score: 3, Insightful

      Ofcource if I worked for FSB and was unable to tap into Skype, I'd start spreading FUD about how well I can tap into it. To make them more over to less secure means of communication.
      Anyway, I hope this will lead to boost in developing a solution with good crypto. Like jingle or SIP with encyption and it's wide adoption. Not that it's happening anytime soon, but a man can dream...

    3. Re:Ah, the consequences of closed-source by LordLimecat · · Score: 3, Funny

      Since when has "knowing what youre talking about" been a requirement to post on slashdot?

    4. Re:Ah, the consequences of closed-source by gl4ss · · Score: 3, Interesting

      they're acting as if they were a phone company and russkies are probably asking them to comply as if they were one.. to provide taps.
      and they're just locating the ip address of course. it's not like their tap is made of magic sauce.

      +they would spread fud about it anyways.
      the big problem with it if you're discussing sensitive things is plain and simply that it has centralized control.

      SECOND OPTION: it's entirely possible the russkies are tapping them on client side. if not by other means then by bugging the headsets. that would certainly explain how they know EXACTLY where the call is taking place since they're spying the site in person. it's fsb/kgb after all.

      --
      world was created 5 seconds before this post as it is.
    5. Re:Ah, the consequences of closed-source by benjfowler · · Score: 3, Informative

      Microsoft regularly rolls over for the Chinese government too.

      Microsoft has never met a dictator or despot they didn't like.

    6. Re:Ah, the consequences of closed-source by pipatron · · Score: 1

      I think this would just move them over to more secure means of communication, not less. A stupid move. It won't be fun for them when the crooks all route their communication through a couple of global Tor nodes.

      --
      c++; /* this makes c bigger but returns the old value */
    7. Re:Ah, the consequences of closed-source by fustakrakich · · Score: 5, Insightful

      Microsoft has never met a dictator or despot they didn't like.

      Nor has any other business approaching the size of Microsoft. In fact, nobody can get that big without 'assistance' from the authorities. Despotism is big business, the rewards are well worth the collateral damages.

      --
      “He’s not deformed, he’s just drunk!”
    8. Re:Ah, the consequences of closed-source by K.+S.+Kyosuke · · Score: 3, Funny

      Microsoft has never met a dictator or despot they didn't like.

      What about Steve Jobs? *ducks*

      --
      Ezekiel 23:20
    9. Re:Ah, the consequences of closed-source by sabt-pestnu · · Score: 1

      the rewards are well worth the collateral damages. ... unless you happen to be the collateral, of course.

      "If you sup with the devil you need a long spoon."

    10. Re:Ah, the consequences of closed-source by camperdave · · Score: 3, Informative

      Microsoft regularly rolls over for the Chinese government too.

      Microsoft has never met a dictator or despot they didn't like.

      Microsoft has never met an entity with a boatload of cash they didn't like.

      FTFY

      --
      When our name is on the back of your car, we're behind you all the way!
    11. Re:Ah, the consequences of closed-source by unixisc · · Score: 1

      This would never happen with an open-source protocol.

      Why not? If a protocol was open source, writing backdoors into it would be even easier. I mean, how many people know how to inspect code and remove the parts that are malicious?

    12. Re:Ah, the consequences of closed-source by SpzToid · · Score: 2

      For the most part, at least during the Jobs era, Apple products were beyond the reach of most 3rd-worlders, so catering to despotic countries wasn't an issue. In fact, so much so, it was not part of the Apple business model. (Apple products were this justly marketed as 'aspirational', and this model is working well over the long-term for Apple).

      --
      You can't be ahead of the curve, if you're stuck in a loop.
    13. Re:Ah, the consequences of closed-source by Anonymous Coward · · Score: 2, Insightful

      No, see, K. S. Kyosuke was saying that Steve Jobs was a dictator or despot that Microsoft did not like. Not that Apple had also never met a dictator or despot that they did not like.

    14. Re:Ah, the consequences of closed-source by Anonymous Coward · · Score: 3, Informative

      Why not? If a protocol was open source, writing backdoors into it would be even easier. I mean, how many people know how to inspect code and remove the parts that are malicious?

      You obviously do not understand open source. If a protocol or software gets big enough that a lot of people use it, it will also get a lot of developers looking at it. If a backdoor is written in, eventually someone will find it and report/patch it.

    15. Re:Ah, the consequences of closed-source by Kingkaid · · Score: 2

      As someone who has been in telecoms a while.. trust me it has been cracked for years. The difference is M$ gave a legit way to wiretap, whereas before everyone just did it improperly.

    16. Re:Ah, the consequences of closed-source by Beorytis · · Score: 1

      Much nicer AC reply than the "Whoosh!" I was expecting.

    17. Re:Ah, the consequences of closed-source by RabidReindeer · · Score: 3, Interesting

      This would never happen with an open-source protocol.

      Why not? If a protocol was open source, writing backdoors into it would be even easier. I mean, how many people know how to inspect code and remove the parts that are malicious?

      Not many, I'm sure. But even one is sufficient. And unlike closed-source, that one person may pop up any time, anywhere in the world, including places where it's not possible for interested governments to muzzle him in time to raise the alert.

      One of the reasons WHY open-source is so popular is that things like that can occur, hence open-source people are more likely to pay attention to how secure the stuff they're using is. And conversely, paranoid people will prefer open-source.

      The best time to worry about security is before you need to. Afterwards, it may be too late.

    18. Re:Ah, the consequences of closed-source by Luckyo · · Score: 2

      They're not caring all that much about medium sized crime syndicates that can afford to channel their stuff through TOR. There are different methods to get those.

      Spying on skype is about spying on big and small players who use it, such as large international conglomerates, as well as very small people who have no access to technical expertise necessary for TOR.

      You're essentially making the infamous wrench mistake in assuming that technological problems and solutions are the only ones that exist in the world of security, when they are but the small part of the whole.

    19. Re:Ah, the consequences of closed-source by Samantha+Wright · · Score: 1

      Leave Microsoft's customers out of this!

      --
      Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
    20. Re:Ah, the consequences of closed-source by bruce_the_loon · · Score: 3, Informative

      Yeah, MS rolled over for the Russian government six years before they bought Skype. Good future planning on Balmer's part.

      The reading comprehension skills here astound me.

      --
      Trying to become famous by taking photos. Visit my homepage please.
    21. Re:Ah, the consequences of closed-source by Anonymous Coward · · Score: 1

      Apparently, Microsoft changed the way certificates are generated in a software patch shortly after taking over Skype. It used to be the case that certificates where generated locally on the client. They changed that to centrally generated certificates on MS servers which should enable them to sell(?) the ability to tap Skype calls.

      Would anyone happen to know if you could somehow override that?

    22. Re:Ah, the consequences of closed-source by rastos1 · · Score: 1

      it will also get a lot of developers looking at it.

      Sometimes I stare at some code for hours, debug it and still have no idea how it works. And I wrote it.

    23. Re:Ah, the consequences of closed-source by Anonymous Coward · · Score: 1

      Define "undetectable backdoor": Do you mean not able to be detected when in use, or not able to be detected when looking at the source?

    24. Re:Ah, the consequences of closed-source by mikechant · · Score: 1

      You obviously do not understand open source. If a protocol or software gets big enough that a lot of people use it, it will also get a lot of developers looking at it. If a backdoor is written in, eventually someone will find it and report/patch it.

      And further to that, there will also typically be a handful of uber-devs who get to accept or reject patches - getting a rogue patch past one of these people, who know the code better than anyone in the entire world, is going to be near impossible.

    25. Re:Ah, the consequences of closed-source by BigLonn · · Score: 1

      posibly true, also food for thought, so is there skype replacement? Anyone??

    26. Re:Ah, the consequences of closed-source by ufoolme · · Score: 1

      Serious journalists stopped using Skype around the time of Arab spring, I always took this to mean it had already been easily broken. Think about it this way, if you control the network that's one thing, if you control the isp that's another level with lots of options but now if you control the entire countries infrastructures that is a completely different ball game. I wonder how well blackberry runs in Russia.

  2. Closed source. Closed standards by Albanach · · Score: 3, Insightful

    And therein we learn the lesson about closed source software and proprietary methods. If folk had adopted something based on SIP, XMPP, IAX or any other open and documented protocol, we'd be able to communicate using a tried and tested security mechanism.

    For something like communications, if you're totally and absolutely reliant upon a third party then you also need to have total and absolute trust in that third party or you should consider all your communications using them to be public.

    1. Re:Closed source. Closed standards by Technician · · Score: 2

      SIP is end to end P-P once a connection is established.

      If you need to hide your IP for a Skype session, use a SIP to Skype gateway.

      http://www.dslreports.com/forum/r26518054-SIP-to-Skype-Skype-to-SIP-new-method

      If I Skype you, my IP will resolve to the gateway address. Skype me at skype2ipp, then enter my user name when prompted.

      --
      The truth shall set you free!
    2. Re:Closed source. Closed standards by Pi1grim · · Score: 1

      If only anybody made that stack of rawhide software, frameworks and standarts into usable software...
      I mean I can set up a xmpp client with OTR or GPG encryption, haven't tried doing that with SIP, but take Skype users. For most of them comprehencing what needs to be done is akin to building a fusion reactor out of household items...
      As for the corporations: all of them gladly uses XMPP standart for their own ends, but only Google bothered to abandon the walled garden ideology and enabled XMPP federation on their servers. Don't see Facebook or MS playing ball on that field. Facebook is even trying to "embrace, extend, extinguish" the email system, so there is very little hope in them enabling XMPP federation.

    3. Re:Closed source. Closed standards by Technician · · Score: 2

      Encrypted SIP may be more secure, but does nothing to hide your IP address. A recently mentioned encrypted SIP client is Jitsi.
      https://jitsi.org/
      Not sure if it if capturing keys for a man in the middle attack is difficult. A MIM attack by Russia should only be possible when crossing a Russian server. US and Carnivor abilities is unknown.

      --
      The truth shall set you free!
    4. Re:Closed source. Closed standards by elucido · · Score: 1

      Even if it were open source it could still be tapped. Just maybe not as easily.

    5. Re:Closed source. Closed standards by mjwalshe · · Score: 1

      And the the government TLA (FSB in this case) says ok phone company "gime" wit more or less Judaical oversight dependent on your country - its part of the deal of being a phone company.

  3. How shocking! by Rosco+P.+Coltrane · · Score: 4, Insightful

    Closed source software with obscure network protocol, now owned by a corporation whose main concern isn't the users' best interest, turns out to be not so nice after all. News at 10...

    The best way to do use Skype for anything more important than saying hello to your grandmother for free on the internet is not to use Skype. Everybody with half a brain has known that for many years.Duh...

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  4. OMG, you can tap data sent over a wire by alen · · Score: 1

    shouldn't be too hard to trace all packets coming out of an ISP's network in Russia and decode them? or at least decode enough packets for part of a call

    and how many fiber connections go into russia from foreign countries? for all we know the FSB has tapped them all and is reading all the data
    the NSA was doing something like this a decade ago with Narus appliances

    1. Re:OMG, you can tap data sent over a wire by Anonymous Coward · · Score: 2, Insightful

      You say "decode" as though it is trivial.

      You should read up a bit on encryption.

  5. Re:A reminder. by Rosco+P.+Coltrane · · Score: 2

    Oh yeah, because Russia today is so much more desirable and has completely stopped all its spying activities.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  6. Russian Front Side Bus? by Anonymous Coward · · Score: 1

    Am I the only one who mentally interpreted the headline as: "Russian Front Side Bus Can Reportedly Tap Skype Calls"?

    1. Re:Russian Front Side Bus? by houghi · · Score: 1

      Yes.

      --
      Don't fight for your country, if your country does not fight for you.
    2. Re:Russian Front Side Bus? by VoidCrow · · Score: 1

      No ^^

    3. Re:Russian Front Side Bus? by SpzToid · · Score: 1

      Uncertain. I suggest you check your power source, and reboot just to be sure. o|o

      --
      You can't be ahead of the curve, if you're stuck in a loop.
  7. Re:A reminder. by RabidReindeer · · Score: 5, Insightful

    Soviet Union was disbanded in the 90's

    And????

    Russia still remains. The KGB is now the FSB. Russia is more open, but it's still not the USA.

    And speaking of the USA, you do realize that Project Echelon and similar efforts have been busily tapping into communications in the Land of the Free for longer than there was a Skype?

  8. Maybe they should tell the French? by Eunuchswear · · Score: 3, Funny

    Would save a lot of trouble.

    --
    Watch this Heartland Institute video
  9. Re:A reminder. by Nerdfest · · Score: 4, Insightful

    You speak of the US as if they wouldn't do exactly the same thing (and almost certainly are). This is why there should be an open implementation that supports proper security.

  10. Why? by mrbill1234 · · Score: 2

    Why would someone with something to hide use Skype?

    Seriously - if you've got something to hide, use something to which you have the source and can control the encryption used.

    1. Re:Why? by Xemu · · Score: 2

      Why would someone with something to hide use Skype?

      Seriously - if you've got something to hide, use something to which you have the source and can control the encryption used.

      or use skype steganography

      http://www.economist.com/news/science-and-technology/21571120-tinkering-skype-can-allow-people-send-undetectable-messages-speaking

      --
      Tell your friends about xenu.net
    2. Re:Why? by AHuxley · · Score: 1

      Think of a person doing work in another part of the world with security clearance back home.
      They use encryption for work, are very secure in all their data handling at home and clean when travelling.
      That person becomes a target of the CIA, FSB, MI6...
      Personal calls might give insight into life outside marriage/work ...that extra person sharing deepest desires and needs/wants/weaknesses/faith/cult.
      Drugs, debt, stress, parties, music, hobbies, lifestyle failures/happiness, addictions to a type of adult material..
      Over time the person of interest makes a "new" amazing friend, when alone they get a deal - sell out and stay safe or be exposed.

      --
      Domestic spying is now "Benign Information Gathering"
  11. Special services by ls671 · · Score: 3, Insightful

    Special services have been capable for several years not only to wiretap but also to locate a Skype user.

    Special services have been capable for several years not only to wiretap but also to locate cellular phone and landline users.

    --
    Everything I write is lies, read between the lines.
  12. Jitsi by Hatta · · Score: 1

    Jitsi provides ZRTP encrypted voice chat. It's free, open source, and cross platform. Why use Skype?

    --
    Give me Classic Slashdot or give me death!
    1. Re:Jitsi by LordLimecat · · Score: 2

      Because everyone else uses skype.

      People who dont get this are the same people who dont understand why facebook is more popular than Diaspora.

    2. Re:Jitsi by Hatta · · Score: 1

      There are two people in every conversation. If one uses Jitsi and one uses Skype, why should they settle on the insecure option?

      --
      Give me Classic Slashdot or give me death!
    3. Re:Jitsi by alen · · Score: 1

      yeah, because google puts your data into al bore's social security lockbox and won't ever use it for marketing

    4. Re:Jitsi by dkf · · Score: 2, Funny

      Why the hell would I want a Skype account?

      Because otherwise people won't talk to you. That's nice at first (very nice!) but after a while it leads to you not getting paid any more, which is very much not nice. The issue? People who communicate are better at making contacts and better at winning business. Over the longer term, this is a very important effect.

      But at least there's one thing. If the FSB listen into my skype conversations, the joke will be on them. In particular, those meetings are so incredibly boring that they'll lose the will to live! (It's bad enough for me, and I'm supposed to be interested in what's going on in them.)

      --
      "Little does he know, but there is no 'I' in 'Idiot'!"
    5. Re:Jitsi by dkf · · Score: 2, Informative

      If one uses Jitsi and one uses Skype, why should they settle on the insecure option?

      They'll choose Skype because that's the one that the person who isn't a tech expert already has working. Unless you're really keen on doing more free tech support...

      --
      "Little does he know, but there is no 'I' in 'Idiot'!"
    6. Re:Jitsi by Hatta · · Score: 1

      If it's anything remotely important, a little tech support is a small price to pay for security.

      --
      Give me Classic Slashdot or give me death!
    7. Re:Jitsi by bill_mcgonigle · · Score: 3, Insightful

      aka "The Path to Idiocracy". It's true, though, and it should be an object lesson that technically sound software needs to be trivially easy to install and configure as well if it's to do much societal good.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    8. Re:Jitsi by LordLimecat · · Score: 1

      You wouldnt, if you have noone you care about talking to. If you do, you can either use skype, or accept the fact that you arent going to convince them to use Jitsi.

    9. Re:Jitsi by LordLimecat · · Score: 2

      Its not idiocracy, it just seems that way because youre technically minded.

      Just the other day I was trying to answer several questions about hacking, viruses, computer security, etc for a family member, and I realized (for the millionth time) just how hard it is to convey the framework that a non-techie would need in order to begin understanding a lot of this stuff.

      And in order for everyone to decide to use a more secure option, everyone needs to realize that the current option is really really bad and what the better option is. Getting that information out to a wide userbase there takes a TON of work.

    10. Re:Jitsi by riondluz · · Score: 1

      Agreed. And a working solution might be to consider trading the issue of net-neutrality w/the telcos in exchange for them allowing end-users to run their own servers/services.

      This way everyone can have their own XMPP and give accounts to those they want to 'talk' to.
      Installing something like "Deb-Secure", end-users could run their own 'face-book' webapps and have fine-grained controls over what gets shared - no advertising; and over SSL/TLS - less DPI.

      Decentralization has always been found to be a good antidote to most problems in computing and communication - my .02

      --
      resist propaganda
    11. Re:Jitsi by riondluz · · Score: 1

      As I've posted elsewhere, and advocated forever, the 1st distro to offer a combined client/server platform that runs only with encryption (gpg), TSL/SSL, etc... will win the day.
      Non-techies won't have to know all the details of why their home machines are safer; only that they are using the best security has to offer.
      With easy-2-use gui's for configuration of their services/servers and a dydns addresss, they would have complete granularity over what they share and how.
      Nice pipe dream of mine.

      --
      resist propaganda
    12. Re:Jitsi by LordLimecat · · Score: 1

      Using GPG requires others who have GPG keys that are integrated with your keychain. That takes work. You also need to educate the userbase on how to differentiate unsigned, signed, and tampered with email. Ditto SSL.

      As always, the hardest problems in computing are the human ones.

  13. Re:A reminder. by isopropanol · · Score: 1

    http://en.wikipedia.org/wiki/Secure_Real-time_Transport_Protocol

  14. Re:Well, for completeness. by fustakrakich · · Score: 1

    Nothing confirms a story like an official denial.

    --
    “He’s not deformed, he’s just drunk!”
  15. Re:A reminder. by Nerdfest · · Score: 1

    ... and I'll throw this out there as well.

  16. Re:A reminder. by PPH · · Score: 1

    "The greatest trick the Devil ever pulled was convincing the world he didn't exist." -- Keyser Soze

    --
    Have gnu, will travel.
  17. Re:It's "of" not "to"... by pipatron · · Score: 1

    In Soviet Russia, American grammar... does not apply. Or something like that.

    --
    c++; /* this makes c bigger but returns the old value */
  18. caveat emptor by snarkh · · Score: 1

    This is a report in a newspaper citing unspecified sources. Moreover, it is in FSB's interest to have people believe that they are more capable/powerful then they really are. A large grain of salt is definitely in order.

    1. Re:caveat emptor by mikechant · · Score: 1

      Moreover, it is in FSB's interest to have people believe that they are more capable/powerful then they really are.

      You don't state why, but I'm guessing for intimidation/control purposes. Which is certainly a point.

      However:
      It is also in the FSB's interest to have people underestimate their powers so they will be incautious, using systems they believe are secure which the FSB can crack..

      It is also in the FSB's interest to have people have a roughly correct idea of their capabilities, because when their real capabilities leak out (as is fairly inevitable), people will neither be horribly shocked at their intrusiveness or surprised as to how weak their capabilities are, so they will avoid unwanted criticism and attention.

    2. Re:caveat emptor by snarkh · · Score: 1

      > You don't state why, but I'm guessing for intimidation/control purposes.

      Correct.

      > It is also in the FSB's interest to have people underestimate their powers so they will be incautious, using systems they believe are secure which the FSB can crack.

      I doubt it. Perhaps for NSA it is true, but most of FSB's power is based on raw force and intimidation, not any particular competence.

      And people who are really serious about security would use more secure systems in any case.

  19. Re:A reminder. by Anonymous Coward · · Score: 2, Funny

    Your government would NEVER LIE TO YOU!

    The denial is strong in this one.

  20. Re:so? by Dr_Barnowl · · Score: 1

    People do use Skype for business reasons. Skype sells products for business reasons. I use Skype for business reasons (but my business is basically public knowledge anyway, so no need to steal it). Does the business version come without the back door? Didn't think so.

    One of the major sticking points with ECHELON for many was not that it was used to spy on middle school gossip, but that it was used to pass corporate intelligence to favoured "partners of the state".

    It's only a matter of time before the back door itself becomes one of those pieces of intelligence as well.

  21. Next! by Impy+the+Impiuos+Imp · · Score: 1

    This is why the anti-trust watchdogs have backed off in the US -- MS agreed to build in backdoors for spying in its OS.

    I had suspected it, but proof was hard to come by.

    I predict antitrust problems for Google Chrome/Android products in a few years.

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    1. Re:Next! by ebno-10db · · Score: 1

      I predict antitrust problems for Google Chrome/Android products in a few years.

      Nah, they've already rolled over. It's not a violation of "do no evil" to piss on the Constitution as long as the Government tells you it's ok.

  22. Rather the FSB than the NSA by ebno-10db · · Score: 1, Insightful

    As an American I'm less bothered about the FSB doing it that than the NSA. Seriously, for my personal stuff, what does the FSB care? I'm much more concerned about the NSA (and if it can be done, I'm sure they are). For similar reasons I use Kaspersky on my personal computers. The FSB doesn't care about my bank account or the web sites I visit. The NSA/CIA/FBI maybe another story. Not that I'm terribly interesting, but having once looked at a web site that was slightly to the left of the Democratic party, I'm probably on some automated terrorist watchlist somewhere.

    1. Re:Rather the FSB than the NSA by mjwalshe · · Score: 1

      You know Kaspersky is best buds with FSB. If you have interesting tastes in websites and have high security I am sure they would consider using that as leverage to get you to act as an agent for them.

    2. Re:Rather the FSB than the NSA by ebno-10db · · Score: 1

      You know Kaspersky is best buds with FSB.

      My point exactly - if I'm going to be spied on I'd rather have it be done by some outfit that has no real interest in me and no real power over me. I also "trust" them in the sense that I doubt they're going to mess w/ my bank account or something (unless they're doing charity and want to make a deposit).

      If you have interesting tastes in websites and have high security I am sure they would consider using that as leverage to get you to act as an agent for them.

      True, but I have no security clearance and the most interesting website I read is Slashdot. Now that's sad.

    3. Re:Rather the FSB than the NSA by mjwalshe · · Score: 1

      so a nice clean skin to act as a courier then :-)

  23. A solution? by spacemky · · Score: 1

    How could we guarantee no spying or eavesdropping via Skype? I think some sort of scrambling/de-scrambling/encryption program that sits at both ends of the Skype connection would do the trick. I'm surprised nothing like this already exists.

    --
    640YB ought to be enough for anybody.
    1. Re:A solution? by characterZer0 · · Score: 1

      If you are willing to go through that trouble, just use something else.

      --
      Go green: turn off your refrigerator.
    2. Re:A solution? by Mike+Frett · · Score: 1

      Exactly, and if you are using Windows then what is the point of making Skype 'secure' when it runs on an unsecured platform. Did everyones _NSAKEY Marble fall out of their memory?.

  24. I thought I read right here by doug141 · · Score: 2

    That the whole point of microsoft centralizing the skype servers after they bought it was to allow gov't taps.

  25. Re:A reminder. by moeinvt · · Score: 2

    Nobody can possibly be this ignorant. Are you a paid government troll by any chance?

    Project echelon has been widely reported on by a number of mainstream news sources. Do you think CBS news qualifies as a bastion of "tinfoil hattery"?

    http://www.cbsnews.com/8301-18560_162-164651.html

    The Church committee hearings in the late 1970s revealed extensive details about the multi-decade long MK Ultra program, including a trove of 20,000 related documents. Do Congressional hearings not count as "official reports"? It was also revealed that thousands of other documents related to the program had been destroyed.

    Are you so brainwashed on the government Kool Aid that you can't even exercise your critical thinking skills and make a cursory examination of widely available and mostly undisputed evidence?

    If you're so naive as to believe the absurdities published in official government reports, go stick your nose up a bureaucrat's ass. I'm sure it will smell like a rose garden to you.

  26. Hmmmm by DaMattster · · Score: 1

    Even more reason not to use Skype. Use an open source app like Jitsi. It does the same thing as Skype but is open source.

  27. Re:A reminder. by EvilSS · · Score: 2

    "And speaking of the USA, you do realize that Project Echelon and similar efforts have been busily tapping into communications in the Land of the Free for longer than there was a Skype?"

    --
    I browse on +1 so AC's need not respond, I won't see it.
  28. So can the FBI by elucido · · Score: 1

    Is this supposed to be a big surprise or big deal? It's not to anyone who knows about information security.

  29. I wonder.. by Adult+film+producer · · Score: 1

    if there is an audible clicking noise when they intercept a call in progress...

  30. Re:A reminder. by Sardaukar86 · · Score: 1

    "The greatest trick the Devil ever pulled was convincing the world he didn't exist." -- Keyser Soze

    Damn that Keyser Soze, it's obviously him we have to thank for that bloody phrase. Always, the mind of man seeks to dominate and enslave through whatever means possible.

    --
    ..Mullah or Pope, Preacher or Poet, who was it wrote: "Give any one species too much rope and they'll fuck it up"?
  31. Simple Black bag job: Skype, Google, *all* of them by TheRealHocusLocus · · Score: 1

    The strength of session keys does not matter. Forget difficulty of proprietary protocol reverse engineering, it is child's play.

    Key negotiation is where the gold is, and there is only one real security wall that exists today among symmetric security systems: the Public Key Infrastructures with their strong prime factorization wall.

    There are no other walls, only hurdles.

    If someone were to pass along one little flash drive with the Certificate Authority chain signing and actual operating SSL private keys to NSA, FSB, whomever, Skype security becomes invisible. Same goes for the private keys for Google, others' SSL certs used for webmail/simap/spop3.

    And I'm not talking about some dramatic ninja mission impossible burglary either. Suppose Skype, Google, et cetera were merely threatened with something awful, unthinkable --- unless they comply and hand over the keys. Once they do the pressure is off and everyone can go back to pretending everything is secure. And there are no direct corporate liabilities.

    Ain't no free security lunch. Only true security that could ever exist is point-to-point between trusting individuals who have exchanged keys in person.

    --
    <blink>down the rabbit hole</blink>
  32. Re:A reminder. by Sardaukar86 · · Score: 1

    Feb 10th 2013's yer last post. Took ya that long to "eat yer words" http://it.slashdot.org/comments.pl?sid=3417867&cid=42756893 eh, after this here http://slashdot.org/comments.pl?sid=3427183&cid=42849825 ? Hahahaha.

    Hi there, clue-free stalking APK chatbot! Pleased to see you're back in action.

    You do have an interesting obsession though. You spend a lot of effort and try very hard indeed to prove that people 'eat their words' when arguing with you.

    You'll never prove anyone a 'beaten opponent', because you cannot rebut a logical argument. Your opponents soon realise there's no value in debating with fools - especially those that mindlessly post lists by way of argument - and move on to more interesting things. To my great amusement, you seem to deal with this differently, instead hanging on to the issue like a little stone baby stuck somewhere deep inside your vagina.

    --
    ..Mullah or Pope, Preacher or Poet, who was it wrote: "Give any one species too much rope and they'll fuck it up"?
  33. Re:Eatin yer words != good nutrition, fool! by Sardaukar86 · · Score: 1

    Thanks for illustrating my point for me. :-)

    --
    ..Mullah or Pope, Preacher or Poet, who was it wrote: "Give any one species too much rope and they'll fuck it up"?
  34. Re:so? by Kalriath · · Score: 1

    It also means the FSB has access to the largest porn collection in the world, and they aren't sharing.

    --
    For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
  35. Re:Ya didn't answer the question troll by Sardaukar86 · · Score: 1

    Hahhahahahahahaa keep making my argument for me, you sad old manchild.

    --
    ..Mullah or Pope, Preacher or Poet, who was it wrote: "Give any one species too much rope and they'll fuck it up"?
  36. Re:Ya didn't answer the question troll by Sardaukar86 · · Score: 1

    Blah blah blah, obvious APK post is obvious, blah blah blah.

    --
    ..Mullah or Pope, Preacher or Poet, who was it wrote: "Give any one species too much rope and they'll fuck it up"?
  37. skype is listening by peawormsworth · · Score: 1

    Skype is an eavesdropping service. Im sure all users of it should know that. So what if the FSB can listen in. The bigger news is that Microsoft is tapping all your Skype calls... all the time. The encryption option has nothing to do with Microsofts ability to record everything. And why shouldnt they? Its a great way to build a valuable database of our most private moments. Skype is not regulated by telephone privacy protections laws the way a regular phone provider is. This is why some countries in the EU are trying to force Skype to register as a telephone service... to protect the people (somewhat). Clearly, if your using skype and assuming that there is any level of privacy like you get from regular telephones... you have not read the EULA and terms of service. Or not even bothered to read about the company on wikipedia.

  38. ZRTP by DrYak · · Score: 1

    Like jingle or SIP with encyption and it's wide adoption. Not that it's happening anytime soon, but a man can dream...

    Jingle and SIP with encryption is called ZRTP (it's just adding an encryption layer over the usual RTP channels used for voice/video chat). And is already supported in several software out-of-the-box (like Jitsi which if often talked about here. But also Twinkle, and others).

    For message, you have Off-The-Record, which works above almost any messaging channel. It's also supported by serveral software package out-of-the-box (Jitsi again, or Adium) or with a plugin (Pidgin).

    These are technologies which exist RIGHT NOW, that you can START USING TODAY, and using your EXISTING XMPP and SIP accounts.

    (Well, for obvious reason ZRTP is useless with SIP-to-PTSN gateways as the encryption last only to the gateway, not to the end-point.
    And ZRTP is useless with Facebook's XMPP gateway, as they don't support Jingle video/voice chat, but use a Skype plugin instead. But you can still use OTR: both endpoint will be able to chat to each other, while the thing which ends in facebooks servers looks like encrypter crap.
    But for anything else it's already doable).

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  39. Not FUD, in EULA by DrYak · · Score: 1

    Micro$soft may be providing backdoors now but prior? No way. This is FUD by the Russians.

    That's not FUD. Skype's EULA has been clear about it since even before being acquired by Microsoft.
    (Or at least it was back when I looked at it)

    They will comply with local legal requirement, including investigation assisting.

    For me that sounds that back-doors have always been a possibility should they be legally required to include them.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]