Anyone using Skype on FC11 ?

Patrick O'Callaghan pocallaghan at gmail.com
Mon Aug 31 14:30:46 UTC 2009 

On Mon, 2009-08-31 at 02:04 -0400, Gene Heskett wrote:
> On Monday 31 August 2009, Patrick O'Callaghan wrote:
> >On Sun, 2009-08-30 at 21:33 -0400, Gene Heskett wrote:
> >> Sorry Patrick, but our govco snoops have been bragging they have skype
> >> decoded now for about 2 years.
> >
> >If by "decoded" you mean "payload encryption broken routinely without
> >the use of keyloggers or Trojans", do you have a reference?
> >
> >> And I assume skype has been changing things too, but whatever one
> >> group can do, another group can undo.  Its just the
> >> nature of the internet for that to happen.
> >
> >That's a seductive generalization, but it *is* a generalization. It's
> >meaningless without more specificity. For example, crypto is entirely
> >based on one group doing something which another group cannot undo with
> >any realistic set of resources. Yes, crypto can be poorly implemented
> >(which is a big argument in favour of open source) but it can also be
> >extremely secure if done right. Is it done right in Skype? I don't know,
> >but to date I know of no evidence to suggest it has problems. I'd be
> >interested to hear if you have any.
> >
> >poc
> 
> Search on /. for skype & spooks.  Or if you are really confident, use it to 
> plan blowing something up on the 9/11/01 anniversary but plan to have your 
> plans interrupted.

So that would be "no, I don't have a reference to our govco snoops
bragging they have skype decoded". I did search on /. and found a number
of articles referring to rumours, both that Skype has a back-door, and
that the NSA is offering large sums to anyone who can break Skype. It
seems unlikely that both are true.

> Also, there is another attack that was discussed just in the last 36 hours or 
> so, where a compromised machine makes an mp3 out of your conversation, and 
> then mails it someplace.  Presumably a winderz box I imagine.  Hopefully us 
> linux folks have enough sense to not let that happen.

As I said, compromising the end-user's machine doesn't count. Also,
Skype-to-phone doesn't count either as you can just bug the phone
system.

> I used skype a few times when I was in upstate MI for a while, mainly cuz the 
> telco's up there think  long distance is worth 41 cents a damned minute, just 
> to call a business 7 miles down the road.
[...]

I use Skype every week to keep in touch with my family, now spread over
three continents. Could I get them all to install some other VOIP app?
Maybe, but none of them are technically minded and I just don't want the
hassle. Besides, we use other means to discuss our plans for World
Domination.

poc

More information about the fedora-list mailing list