I work for a SMB automotive manufacturer based in the US. In the process of
planning for a new project for which we
will have a number of people traveling international, there was a proposal to
use Skype to save on long distance phone
charges when they travel to Europe and Mexico. Skype kind of concerns me as an
unknown quantity. They do have some
security information, including one security evaluation report, listed on their
site <http://www.skype.com/security/>.
They claim to use 256-bit AES "in order to actively encrypt the data in each
Skype call or instant message." Has this
claim been substantiated by any neutral third-parties?
I see that a Chinese company claims to have "cracked" the Skype protocol
<http://www.voipwiki.com/blog/?p=16>
<http://www.voipwiki.com/blog/?p=31>. Does anyone see any security risks
coming out of this?
What about hosted VOIP services like NewCross Technologies
<http://www.newxt.com/> and Pandora Networks
<http://www.pandoranetworks.com/> that use open protocols (ie. SIP)? Has
anyone used any of these? What security
features should I look for in choosing one?
-------------------
Andrew Stewart
astewart@notre1.com
(205) 585-2980 - cell
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
