Skype

3.4629186602953 (1672)
Posted by bender 04/30/2009 @ 18:14

Tags : skype, voip, telecommunication, technology

News headlines
mocoNews - T-Mobile Germany "Reconsidering" VoIP Strategy; Skype ... - Washington Post
When the iPhone application for voice over IP provider Skype was released in late March, T-Mobile Germany vowed to block the app, both physically and contractually. But it looks like the carrier is rethinking its entire approach to VoIP, according to...
Yuuguu to add screen-sharing with Skype calls to its service - TechCrunch
by Mike Butcher on May 15, 2009 Yuuguu, the remote desktop / screen-sharing collaboration service which integrates all the main instant messaging platforms is to complete the pack by adding Skype. It officially launches next Tuesday....
Buzz Out Loud 975: Beauty is in the eye of the Boholder 1000 - CNET News
Even though we got the iPhone late, our mobile data plans are terrible, we can't watch Hulu, we've always had ridiculous bandwidth caps, and we can't get Skype-In phone numbers (or use Skype on the iPhone), we all get to use direct debit payment with...
How to Hack the iphone to Use slingplayer and Skype Over 3G - Gizmodo.com
Skype and slingplayer over 3G is just one of them. Luckily, we've got a comprehensive guide to easily jailbreak your iphone 3G (or ipod touch). Follow it. Welcome back! If you're just interested in using Skype, slingplayer and Fring's voip over 3G...
Ask Rick 051: Skype for Seniors, The Trouble with Works, Saving ... - Telegraph.co.uk
My mother's oldest friend, a granny in her 70's, has heard about Skype and is desperate to see her grandchildren. She is not at all computer literate (has never had one) and suffers from MS, so has a fairly short fuse for things going wrong....
What's Skype really worth? - FierceVoIP
Skype's valuation has been a hot topic since eBay CEO John Donahoe announced in mid-April that the ubiquitous VoIP, IM and video chat company would be spun off in an IPO in 2010. Skype cofounders Niklas Zennstrom and Janus Friis reportedly raised...
OPINION: Brains Behind Skype Ready to Strike Again - Wireless Week
By Maisie Ramsay No wonder ebay CEO John Donahoe says Skype's $2 billion valuation by analysts is too low: ebay paid $2.6 billion for it in 2005 and took a $1.43 billion charge on it two years later. So right out of the box, Skype cost ebay $4.03...
Update All Your Social Networks at Once with Ping.fm - Washington Post
After signing up for an account (Ping.fm is currently in beta), you'll be able to post your updates via e-mail, SMS, instant message, your phone's browser, Skype, and even an iGoogle gadget. On the Dashboard page (which I found a little overwhelming at...
mocoNews - Skype Co-Founders Are Launching Venture Fund, Looking ... - Washington Post
Skype cofounders Niklas Zennström and Janus Friis are no strangers to the venture world. In addition to Skype, which they sold to eBay (NSDQ: EBAY) for $4.1 billion, they also started Kazaa, a P2P file-sharing program that they sold to Sharman Networks...
Skype calling from a conventional phone - but not as we know it - TelecomTV
A French provider called Manifone is providing a Skype gateway service which lets its users call Skype users using so-called alias phone numbers. As TechCrunch writes, the only wonder is why Skype itself hasn't thought of it already....

Skype

Skype logo2.svg

Skype (IPA: ) is a software application that allows users to make telephone calls over the Internet. Calls to other users of the service and to free-of-charge numbers are free, while calls to other landlines and mobile phones can be made for a fee. Additional features include instant messaging, file transfer and video conferencing.

Skype was written by Estonia-based developers Ahti Heinla, Priit Kasesalu and Jaan Tallinn, who had also originally developed Kazaa. The Skype Group, founded by Swedish-born entrepreneurs Niklas Zennström and Janus Friis, has its headquarters in Luxembourg, with offices in London, Tallinn, Tartu, Stockholm, Prague, and San Jose.

One of the initial names for the project was "Sky peer-to-peer", which was then abbreviated to "Skyper". However some of the domain names associated with "Skyper" were already taken. Dropping the final 'r' left the current title "Skype", for which domain names were available.

Skype has experienced rapid growth in popular usage since the launch of its services. The company was acquired by eBay in September 2005 for $2.6 billion. EBay has written Skype down to $1.7 billion on its books and announced a public stock offering for 2010 to spin Skype off as a separate company.

SkypeIn allows Skype users to receive calls on their computers dialed by regular phone subscribers to a local Skype phone number; local numbers are available for Australia, Brazil, Chile, Colombia, Denmark, Dominican Republic, Estonia, Finland, France, Germany, Hong Kong, Hungary, Ireland, Italy, Japan, Mexico, New Zealand, Poland, Romania, South Korea, Sweden, Switzerland, the Netherlands, the United Kingdom, and the United States. A Skype user can have local numbers in any of these countries, with calls to the number charged at the same rate as calls to fixed lines in the country. Some jurisdictions, including France and Germany, forbid the registration of their telephone numbers to anyone without a physical presence or residency in the country.

Video conferencing was introduced in January 2006 for the Windows and Mac OS X platform clients. Skype 2.0 for Linux, which was released on March 13, 2008, also features support for video conferencing. Skype for Windows, starting with version 3.6.0.216, supports "High Quality Video" with quality and features (e.g. full-screen and screen-in-screen modes) similar to that of mid-range videoconferencing systems. Skype conferences currently support up to 25 people at a time, including the host.

The word 'Skypecasting' is a portmanteau of 'Skype' and 'broadcasting'. Its original usage referred to recording Skype voice over IP voice calls and teleconferences. The recordings would be used as podcasts, which allow audio or video content to be syndicated over the Internet. Skype launched a "Skypecasts Beta" service in 2006 where it remained in beta until its end in September 2008. Skypecasts hosted public conference calls, up to 100 people at a time. Unlike ordinary Skype p2p conference calls, Skypecasts support moderation features suitable for panel discussions, lectures, and town hall forums. Skype operated a directory of public Skypecasts. On August 26, 2008, Skype announced that Skypecasts would be discontinued beginning September 1, 2008. 1 September 2008 at 12:00 GMT, Skypecasts were shutdown without any concrete explanation.

Skype does not provide the ability to call emergency numbers such as 911 in the USA and Canada, 000 in Australia, 112 in Europe, or 999 in the UK. The FCC has ruled that, for the purposes of the section 255 of the Telecommunications Act, which pertains to accommodation of disabilities, Skype is not an "interconnected VoIP provider". As a result, the US National Emergency Number Association recommends that all VoIP users have an analog line available as a backup.

As of December 31, 2007 Skype had 276 million user accounts. Users may have more than one account, and it is not possible to identify users with multiple accounts.

It was reported that 17,186,245 concurrent Skype users were online as of March 23, 2009.

As of January 2009, Skype is available for Android and over 100 Java enabled mobile phones. As of January 2009, Skype is adding about 30 million subscribers a quarter.

The volume of international traffic routed via Skype is significant, it has become the largest international voice carrier. . Computer-to-computer traffic between Skype users in 2005 was 2.9% of international carrier traffic in 2005 and about 4.4% of the total international traffic of 264 billion minutes in 2006. In 2008, about 8% of cross-border calls were carried by Skype.

Skype incorporates some features which tend to hide its traffic, but it is not specifically designed to thwart traffic analysis and therefore does not provide anonymous communication. Some researchers have been able to watermark the traffic so that it is identifiable even after passing through an anonymizing network.

SkypeNOW! is a service that Skype offers in South Africa to customers with Vodafone mobile service, which can enable Vodafone users to engage in Skype international voice calls wirelessly.

Skype uses a proprietary Internet telephony (VoIP) network, called the Skype protocol. The protocol has not been made publicly available by Skype and official applications using the protocol are proprietary and closed-source. The main difference between Skype and standard VoIP clients is that Skype operates on a peer-to-peer model (originally based on the Kazaa software) rather than the more usual client-server model. The Skype user directory is entirely decentralized and distributed among the nodes of the network—i.e., users' computers—which allows the network to scale very easily to large sizes (currently about 240 million users) without a complex centralized infrastructure costly to the Skype Group. The disadvantage of this approach is that Skype offers no interoperability with SIP-based VOIP networks.

Many networking and security companies claim to detect and control Skype's protocol for enterprise and carrier applications. While the specific detection methods used by these companies are often private, Pearson's Chi-Square Test and stochastic characterization with Naïve Bayesian Classifiers are two approaches that were published in 2007.

Skype uses an array of different audio compression methods including G.729 and SVOPC. Skype added a Skype-created codec called SILK to Skype for Windows 4 and other Skype clients. SILK is intended to be "lightweight and embeddable".

Skype security is a secure communication; encryption cannot be disabled, and is invisible to the user. Skype reportedly uses non-proprietary, widely trusted encryption techniques: RSA for key negotiation and the Advanced Encryption Standard to encrypt conversations. Skype provides an uncontrolled registration system for users with absolutely no proof of identity. This permits users to use the system without revealing their identity to other users. It is trivial, of course, for anybody to set up an account using any name; the displayed caller's name is no guarantee of authenticity. A third party paper analyzing the security and methodology of Skype was presented at Black Hat Europe 2006. It analyzed Skype and found a number of security issues with the current security model.

Skype 1.4, running on a Linux desktop.

Skype 2.7, running on Mac OS X.

Skype 2.2, running on a Windows Mobile 6 device.

Skype 4 in Default View running on Windows Vista.

Skype 1.0.2 running on iPhone (Also available for iPod Touch).

In an interview with Kurt Sauer, Chief Security Officer Skype, he said, "We provide a safe communication option. I will not tell you whether we listen or not." Skype's client uses an undocumented and proprietary protocol. The Free Software Foundation (FSF) is concerned by user privacy issues arising from using proprietary software and protocols and has made replacement for Skype one of their high priority projects. Security researchers Biondi and Desclaux have speculated that Skype may have a backdoor since Skype sends traffic even when it is turned off and because Skype has taken extreme measures to obfuscate their traffic and functioning of their program. Several media sources have reported that at a meeting about the "Lawful interception of IP based services" held on 25 June 2008, officials at the Austrian interior ministry said "it is not a problem for them to listen in on Skype conversations". Austrian broadcaster ORF citing minutes from the meeting have reported that "the Austrian police are able to listen in on Skype connections". Skype declined to comment on the reports.

In the United States, the FCC has interpreted the Communications Assistance for Law Enforcement Act as requiring digital phone networks to allow wiretapping in the presence of an FBI warrant, in the same way as traditional phone service. Skype is not yet compliant with the act and has, so far, stated that it does not plan to comply. According to the ACLU, the Act is inconsistent with the original intent of the Fourth Amendment to the U.S. Constitution; more recently, the ACLU has expressed the concern that the FCC interpretation of the Act is incorrect. A number of individuals involved in publicly disclosing this information have been placed under investigation.

Since September 2007, users in China trying to download the Skype software have been redirected to the site of TOM, a joint venture between a Chinese wireless operator and Skype, from which a modified Chinese version can be downloaded. The TOM client participates in China's system of internet censorship, monitoring text messages between Skype users in China as well as messages exchanged with users outside the country. Niklas Zennström, then chief executive of Skype, told reporters that TOM "had implemented a text filter, which is what everyone else in that market is doing. Those are the regulations." He also stated: "One thing that’s certain is that those things are in no way jeopardising the privacy or the security of any of the users." In October 2008, it was reported that TOM had been saving the full message contents of some Skype text conversations on its servers, apparently focusing on conversations containing political issues such as Tibet, Falun Gong, Taiwan independence, the Chinese Communist Party, milk powder, the 2008 Sichuan earthquake, and democracy. The saved messages contain personally identifiable information about the messages' senders and recipients, including IP addresses, usernames, land line phone numbers, and the entire content of the text messages, including the time and date of each message. This information was also saved for Skype users outside China who were communicating with a TOM-Skype user. Due to a server misconfiguration, these log files were for a time accessible to the public.

On February 2009 Eurojust started working on lawful interception of Skype and VoIP.

There have been a multitude of complaints about Skype's poor customer support. As of April 2009, Skype does not provide a way to contact customer support, offering indirect assistance through its web portal only.

To the top



Skype Limited

Skype Limited is a Luxembourg based company developing and operating a well-known, popular VoIP computer telephony program. Founded in 2003 by Niklas Zennstrom and Janus Friis, it was purchased by eBay in 2005.

Skype was founded in 2003 by Niklas Zennstrom and Janus Friis, whose main intention was to develop a piece of software which would revolutionise telephone calls. Allowing users to speak to each other via computers promotes the use of the Voice over Internet Protocol and the use of computers in the technologically advancing world. Users are able to talk for free, an incentive to future and present members.

The auction site eBay began talks with Skype in September 2005. On 12th September 2005, it was announced that eBay would purchase Skype in a deal worth approximately USD$2.6bln, in up-front cash and eBay stock. The transfer of ownership began and eBay officially acquired Skype on 14th October 2005.

However, analysts were not impressed with eBay's move, saying: "I don't see a lot of point to eBay buying Skype" , or "If eBay were to make this sort of move it would basically be admitting that 'our core market is decelerating". At the time, eBay had been purchasing many companies in moves to boost its market position and increase its annual revenue. However, eBay stated that their intention was to implement Skype into their auction website to allow buyers and sellers to speak prior to bidding and to create a powerful internet environment. Speaking in 2005, eBay chief-executive Meg Whitman said: "Communications is at the heart of e-commerce and community".

Skype Technologies released their first product, Skype, originally as a simple computer-to-computer, or computer-to-telephone program. Support for paid services such as SkypeOut, SkypeIn and receiving voicemail messages allows the company to generate its revenue as well as making local and international telephone calls easier to perform via your computer, sometimes cheaper than other company's rates for similar services.

Skype Limited has locations around the world including Europe, Asia and the United States. Its headquarters are in Luxembourg.

Skype is available in 27 languages and currently has 100 million worldwide users.

Skype faces challenges from two main legal and political directions: challenges to its intellectual property and political concerns by governments wishing to control the telecommunications systems of the respective countries.

Skype's technology is proprietary and closed to outside review. It is unknown to what extent it can potentially intrude upon other parties' patents and copyrights. It is not unreasonable, therefore, to expect legal challenges from third parties concerning Intellectual Property issues.

In January, 2006, StreamCast Networks filed a complaint in U.S. District Court in Los Angeles, accusing Skype of stealing its peer-to-peer technology. The $4.1 billion lawsuit did not initially name eBay, Skype's parent company; however, the lawsuit was amended in a filing with Federal Court in the Central District of California on May 22, 2006, to include eBay and 21 other parties as defendants.

Streamcast seeks a worldwide injunction on the sale and marketing of eBay's Skype Internet voice communication products, as well as billions of dollars in unspecified damages.

On June 1, 2006, Net2Phone (the Internet telephone unit of IDT Corp.) filed a lawsuit against eBay and Skype accusing the unit of infringing U.S. patent 6,108,704 , which was granted in 2000.

For a brief period, SkypeOut was blocked in some regions of mainland China (notably Shenzhen) by the operator China Telecom for undisclosed reasons; it has been speculated that this may relate to SkypeOut's ability to take lucrative international and long-distance business away from the People's Republic of China's state-controlled telecommunications companies.

Skype is one of many companies (others include AOL, Google, Microsoft, Yahoo, Cisco) which have cooperated with the Chinese government in implementing a system of Internet censorship in mainland China. Critics of such policies argue that it is wrong for companies to assist in such policies, which might allow them to profit from censorship and restrictions on freedom of the press and freedom of speech. Human rights advocates such as Human Rights Watch and media groups such as Reporters Without Borders state that in their view, if companies stopped contributing to the authorities' censorship efforts the government could be forced to change.

In September 2005, the French Ministry of Research, acting on advice from the General Secretariat of National Defence, issued an official disapproval of the use of Skype in public research and higher education; some services are interpreting this decision as an outright ban. The exact reasons for the decision were not given.

In May 2006, the FCC successfully applied the Communications Assistance for Law Enforcement Act to allow wiretapping on digital phone networks. Skype is not yet compliant to the Act, and has so far stated that it does not plan to comply.

In December 2006, the Indian government announced it is preparing a crackdown on Internet telephony services, citing security risks and loss of revenue. The clampdown is targeted at outsourcers and other Indian IT businesses that use foreign-owned Internet telephony services, such as Skype and Yahoo!, to cut their phone bills and evade the six percent revenue share and 12 percent tax imposed on local services by the government. According to The Times of India, companies must reveal the names of licensed service providers they purchase bandwidth and Internet telephony minutes from. Companies will also have to undertake that they will not use the services of unlicensed Internet service providers.

Skype was abruptly blocked in the UAE for undisclosed reasons—Skype users in the United Arab Emirates are being blocked from the Skype.com site, which prevents them from buying minutes for use with SkypeOut and taking advantage of deeply discounted international calling rates. The blockage has been speculated to originate within Etisalat, the only ISP in the UAE.

The Sultanate of Oman has also blocked access to the Skype.com website preventing users from accessing Skypeout in order to maintain Omantel's monopoly on the telecommunications market in the country. This has also to do with security issues as well as economic ones as it is difficult to monitor the calls made with Skype. Many other Persian Gulf countries pursue similar policies regarding Skype for largely the same reasons.

To the top



Skype protocol

Supposedly reverse engineered Chinese program (left) in conversation with the official Skype client (right).

Skype uses a proprietary Internet telephony (VoIP) network. The protocol has not been made publicly available by Skype and official applications using the protocol are closed-source. The main difference between Skype and other VoIP networks is that Skype operates on a peer-to-peer model, rather than the more traditional server-client model. The Skype user directory is entirely decentralized and distributed among the nodes in the network, which means the network can scale very easily to large sizes (currently about 240 million users) without a complex and costly centralized infrastructure.

The Skype network is not interoperable with other VoIP networks. Numerous attempts to study and/or reverse engineer the protocol have been undertaken to reveal the protocol, investigate security or to allow unofficial clients.

A Skype network is a peer-to-peer network with three main entities: supernodes, ordinary nodes and the login server. It is an overlay network: each client builds and refreshes a list of reachable nodes known as the host cache. The host cache contains IP address and port numbers of supernodes. Communication is encrypted using RC4; the method used does not provide any privacy but instead merely obfuscates the traffic.

Supernodes relay communications to other clients behind a firewall. Any skype client can become a supernode if it has good bandwidth, no firewall and adequate processing power. Supernodes are grouped into slots (9-10 supernodes). Slots are grouped into blocks (8 slots).

Skype also routes calls through other Skype peers on the network to ease the crossing of Symmetric NATs and firewalls. This, however, puts an extra burden on those who connect to the Internet without NAT, as their computers and network bandwidth may be used to route the calls of other users.

The Skype client's application programming interface (API) opens the network to software developers. The Skype API allows other programs to use the Skype network to get "white pages" information and manage calls.

The Skype code is closed source, and the protocol is not standardized. Parts of the client use Internet Direct (Indy), an open source socket communication library.

Many Networking and security companies claim to detect and control Skype's protocol for enterprise and carrier applications. While the specific detection methods used by these companies are often proprietary, Pearson's Chi-Square Test and stochastic characterization with Naïve Bayesian Classifiers are two approaches that were published in 2007.

A Skype client authenticates the user with the login server, advertises its presence to other peers, determines the type of NAT and firewall it is behind and discovers nodes that have public IP addresses.

To connect to the Skype network, the host cache must contain a valid entry. A TCP connection must be established (i.e. to a supernode) otherwise the login will fail.

After a Skype client is connected it must authenticate the username and password with the Skype login server. There are many different Skype login servers using different ports. An obfuscated list of servers is hardcoded in the Skype executable.

On each login session, Skype generates a session key from 192 random bits. The session key is encrypted with the hard-coded login server's 1536-bit RSA key to form an encrypted session key. Skype also generates a 1024-bit private/public RSA key pair. An MD5 hash of a concatenation of the user name, constant string ("\nSkyper\n") and password is used as a shared secret with the login server. The plain session key is hashed into a 256-bit AES key that is used to encrypt the session's public RSA key and the shared secret. The encrypted session key and the AES encrypted value are sent to the login server.

On the login server side, the plain session key is obtained by decrypting the encrypted session key using the login server's private RSA key. The plain session key is then used to decrypt the session's public RSA key and the shared secret. If the shared secret match, the login server will sign the user's public RSA key with its private key. The signed data is dispatched to the super nodes.

Upon searching for a buddy, a super node will return the buddy's public key signed by Skype. The SC will authenticate the buddy and agree on a session key by using the mentioned RSA key.

The RC4 encryption algorithm is used to obfuscate the payload of datagrams.

The XOR of these two 32 bit values is transformed to a 80-byte RC4 key using an unknown key engine.

A notable misuse of RC4 in skype can be found on TCP streams (UDP is unaffected). The first 14 bytes (10 of which are known) are xored with the RC4 stream. Then, the cipher is reinitialized to encrypt the rest of the TCP stream.

Almost all traffic is ciphered. Each command has its parameters appended in an object list. The object list can be compressed.

An object can be a number, string, an IP:port, or even another object list. Each object has an ID. This ID identifies which command parameter the object is.

Packets can be compressed. The algorithm is a variation of arithmetic compression that uses reals instead of bits.

To the top



Skype security

Skype is a Voip system developed by Skype Technologies S.A., and owned by eBay. It is a peer-to-peer based network in which voice calls don’t pass through a central server. Skype users search for other users to connect to, enabling them to search other Skype users and send them messages.

Unlike some other Voip based systems, Skype uses encryption of a least 128 bit block ciphers to encrypt communication between users, making it hard or even impossible to decrypt the content of these communications. Skype's encryption cannot be turned off and is transparent to the user. These fundamental design decisions have removed many of the challenges presented by Public Key Infrastructure and have enabled the regular use of encrypted communication by the general population.

Security Policy defines the term “security” in the context of a system and allows to determine whether the system is secure or not.

The main cryptographic secret of Skype is the Central Server’s private signing key. The corresponding public verification key, and an identifier for the key pair are installed in every Skype client at build time. Enrolment in the Skype cryptosystem begins during user registration. The user selects a desired username, and a password. The user’s client generates an RSA key pair. The private signing key, and a hash of the password, are stored as securely as possible on the user platform. Then a 256-bit AES-encrypted session is established with the central server. The key for the session is selected with the help of the specific random number generator of the user's platform. The central server verifies that the username which was selected by the user is unique and that it is acceptable by the Skype naming rules. After the username passes the uniqueness test the server stores a pair of the username and a hash of the hash of the user's password in the database. The server now forms and signs an identity certificate for the username, which contains the server's RSA signature that binding the username and the verification key of the username and the key identifier.

Let's say for example that Alice wishes to communicate with Bob, and there is no pre-existing Skype session between them. In this case a new session is established and provided with a 256-bit session key. This session will exist as long as there will be traffic on the channel of Alice and Bob, and for a fixed time afterwards. Session establishment first requires establishing connectivity between Alice and Bob across the Skype cloud. Using this connectivity, Alice and Bob can start with the key-agreement protocol during which, they verify each other’s identity, and agree on Session Key.

All traffic in a session is encrypted using the AES algorithm running in ICM (Integer Counter Mode). This mode works by encrypting the current counter and a salt with the session key using a 256bit-AES algorithm. This returns the key stream, which is then XORed with the plaintext of the message. This finally results in the encrypted ciphertext. Skype sessions contain multiple streams. The ICM counter depends on the stream, and the continuity within the stream.

Skype uses random numbers for several cryptographic purposes, for instance as a protection against playback attacks, creation of RSA key pairs, and creation of AES key-halves for content encryption. The security of a Skype peer-to-peer session depends significantly on the quality of the random numbers generated by both ends of the Skype session. Random number generation varies from one OS to another.

Skype uses standard cryptographic primitives to achieve its security goals. The cryptographic primitives used in Skype are: the AES block cipher, the RSA public-key cryptosystem, the ISO 9796-2 signature padding scheme, the SHA-1 hash function, and the RC4 stream cipher.

Key-agreement is achieved using a proprietary protocol. The protocol is symmetric. To protect against playback, the peers challenge each other with random 64-bit nonces, and respond by returning the challenge, customized in a standard way, and signed with the responder’s private signing key. In order to set up identity, both ends exchange their Identity Certificates and confirm that these certificates are legitimate. Because an Identity Certificate contains a public key, each end can then confirm signatures created by the other end of the Skype session. Each end contributes 128 random bits to the 256-bit session key.

In an article by Simson Garfinkel - Voip and Skype Security, the author says after analyzing Skype network that it seems Skype indeed encrypts users' sessions, however other traffic on the network including initiation of calls can be monitored by other parties on the network which are not privileged to participate in the specific session. Also in terms of privacy, Skype uses a "History" file saved on the user's machine to record all communication between users. This feature is enabled as default although not many users are aware of that. This enables attackers to obtain the file through spyware or other remote-control applications.

On October 2005 a pair of security flaws were discovered. Those flaws made it possible for hackers to run hostile code on computers running vulnerable versions of Skype. The first security bug affected only Skype for Windows. It allowed the attacker to use a buffer overflow in order to crash the system or to force it to execute arbitrary code. The attacker was able to place a malformed URL using the Skype URI format, and lure the user to use it in order to execute the attack. The second security bug affected all platforms; it used a heap-based buffer overflow to make the system vulnerable. Skype responded to the findings by fixing the bugs and issuing a security patch.

Researchers at GNUCITZEN and Information Week have brought up discussions recently on the security of Skype's software.

They discussed a few new vulnerabilities that have been found and used to exploit Skype recently, exposing security issues in the software. The URI handler that checks the URL for verification of certain file extensions and file formats is fault ridden. The handler uses case sensitive comparison techniques and doesn’t check against all potential file formats. These mishandled checks leave the door open for hackers to attack. A published cross-site scripting vulnerability exposes Skype's dangerous security foundation. While Skype does encrypt most of its communications, its ads are sent using unencrypted packets which are pulled from several places. These ads can easily be hijacked and replaced with malicious ones. These vulnerabilities make way for concerns regarding Skype security. Skype has worked to fix the problems and published releases notes on the vulnerabilities.

To the top



Source : Wikipedia