Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Your opinion on Skype

from [Roger A. Grimes] Network Security [Permanent Link]
Subject: RE: Your opinion on Skype
Date: Tue, 30 Aug 2005 18:48:46 -0400 
I heard this to. When you exit Skype, it does stay active on the task
bar and I supposed can route calls. It's part of the official FAQ. Skype
is a peer to peer app and it can route calls for other people while
you're using it. The security issue here is that because you aren't sure
who is involved, if someone ever develops a Skype buffer overflow from a
malformed Skype packet, we're in trouble.

But I also tested it and ran Ethereal while it remained in the
taskbar...and in my limited testing (a few days, one computer, one
location, Windows Firewall installed, behind hotel NAT box I'm sure), I
didn't record a single Skype packet that wasn't from me to the person I
was calling (I was using Skype Out a lot).

My guess is that Skype does do the P2P thing...it's a security
risk...like any software. You have to decide is the risk is worth the
benefits. In my case, my cell phone doesn't work outside of the country
and Skype Out lets me make 2 cent phone calls to anyone.  I'm accepting
the risk, but waiting the mail lists closely.  And my travel laptop
doesn't have secrets on it. At work, there should be valuable stuff you
need to protect more. 

Roger

************************************************************************
***
*Roger A. Grimes, Banneret Computer Security, Consultant 
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, CHFI, TICSA
*email: roger@banneretcs.com
*cell: 757-615-3355
*Author of Honeypots for Windows (Apress)
*http://www.apress.com/book/bookDisplay.html?bID=281
************************************************************************
****



-----Original Message-----
From: Shawn Merdinger [mailto:shawnmer@gmail.com] 
Sent: Tuesday, August 30, 2005 11:36 AM
To: Chandrashekhar Mullaparthi
Cc: security-basics@securityfocus.com
Subject: Re: Your opinion on Skype

Hi Chandrashekhar,

On 8/22/05, Chandrashekhar Mullaparthi
<chandrashekhar.mullaparthi@t-mobile.co.uk> wrote:

On a Windows machine, even if you shutdown Skype it is still running 
in the background acting as a "super node" relaying calls for people 
who are behind very restrictive networks.


Can you please expand on this observation?  Did you see this after the
Skype application is MINIMIZED to the tray or actually shut down; that
is, the application is killed and not listed in the Windows processes?

Thanks,
--scm
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Radar page change location, Andy Cuff
Next by Date:  Re: University Degree or CISSP, Kelly Martin
Previous by Thread:  RE: FW: Your opinion on Skype, Joe George
Next by Thread:  Re: Your opinion on Skype, Shawn Merdinger
Indexes:  [Date] [Thread] [Top] [All Lists]