Re: Skype (quick question)

[Kenton Smith <listsks () yahoo ca>]

A quick Google search will likely turn up all sorts of things. But from my previous research here are two things with 
which to be concerned.

1. While it uses AES encryption, Skype is very proprietary and thus the way they've implemented AES is unknown. Just 
because they use it doesn't mean it works if they've implemented it incorrectly.
2. Skype is a P2P application. Therefore it is possible that your call is being routed through many other computers 
along the way. This isn't normally the case, and of course it is encrypted (see above), but the fact that your call is 
going through an unknown third party system should be cause for concern. If they're using a weak encryption 
implementation and it is going through another person's computer it would be trivial to eavesdrop on a conversation.

Kenton

----- Original Message ----
From: Richard J. Piedrahita <piedrahitar () frontiernet net>
To: security-basics () securityfocus com
Sent: Friday, February 8, 2008 2:11:31 PM
Subject: Re:Skype (quick question)

Hi:

Has 
anyone 
heard 
of 
any 
security 
concerns 
regarding 
the 
use 
of 
Skype?  
If 
any 
anyone 
knows 
of 
any 
real 
or 
potential 
security 
issues, 
could  
you 
let 
me 
know 
by 
responding 
to 
this 
message 
please?

Many 
thanks, 
Rick.







      Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail.  
Click on Options in Mail and switch to New Mail today or register for free at http://mail.yahoo.ca