Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SKYPE - What's the latest in terms of Risk...

From: Terry Gray <gray () WASHINGTON EDU>
Date: Thu, 20 Dec 2007 08:08:13 -0800
Wow... talk about a two-edged sword.

Does this product go in the "Be careful what you ask for" category?
Should we also become Clipper chip enthusiasts?

-teg

On Thu, 20 Dec 2007, Mike Corcoran wrote:


Scott Koger wrote:

As long as the application continues to use encryption
for the traffic, there is no way to inspect the traffic
(huge hole for unintended data leakage)


Not True, at least in general.  The new firewall from
PaloAlto Networks decrypts SSL traffic by doing a
man-in-the-middle attack, and allows  you to filter
even on encrypted traffic.  I don't know if there are
any issues with Skype's SSL implementation, but PaloAlto
gave me the impression that they could decode most if not
all SSL implementations.  They have not cracked ssh yet,
but they are working on it.  We plan to evaluate PaloAlto's
product early next year.

Mike
--
Mike Corcoran, Systems Security Engineer
Wright State University, CaTS
Voice:937-775-2431, Fax:937-775-4049
http://www.cats.wright.edu/
Previous By Date Next
Previous By Thread Next

Current thread: