Backdoors in Skype?

By
Christopher Boyd
 on July 31, 2008 8:13 AM | | Comments (0)
With 309 million registered users, Skype has become a service used by consumers and businesses alike. I use it all the time for since I'm based in the UK and my boss is in Silicon Valley - I know many people who do the same. As so many employees are downloading and using the latest Internet-based tools, it's no wonder that security concerns in the enterprise about these tools get an increasing amount of attention. But are all of them true?

There's been a fair amount of interest from people like Irwin Lazar and Daniel Sokolov in a news story regarding potentially hidden backdoors in Skype. A set of discussions (filled with numerous contradictions) suggest that Austrian police seem to have a way to listen in to secret Skype communications.

As someone who has been following the long-running history of this controversy, I thought I'd weigh in on the discussion. While I can't confirm the rumours, I would say this:

1) Why would the Austrian police have been given this access but nobody else? Wouldn't some other force somewhere be a more likely candidate for this kind of access? US Law Enforcement, I'm looking at you...

2) In general, putting a backdoor in your application is not a great idea, because you can't guarantee the wrong people are going to find, use and abuse it.

3) If it was in there, someone would find it eventually, wouldn't they? From as far back as 2006, security researchers have been looking at Skype in close detail (I believe there was an eBay Developer Conference 2006 held in Vegas where a researcher intended to talk about reversing Skype, and of course there have been numerous Black Hat presentations about it too). Either this is the most well hidden backdoor in history, or we're not doing a good enough job of trying to detect it.

I don't think I'll be losing too much sleep over this either way, until something more concrete emerges.

 


Leave a comment

FaceForward Authors

Kailash Ambwani
President and CEO
Brian Babin
Director of Product Management
Christopher Boyd
Sr. Director of Malware Research
Frank Cabri
Vice President of Marketing and Product Management
Sarah Carter
Marketing Manager, EMEA
Larissa Gaston
Director of Marketing Programs
Eric Young
Director of Field Engineering Services

Categories

Monthly Archives

November 2008

Sun Mon Tue Wed Thu Fri Sat
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30            

About this Entry

This page contains a single entry by Christopher Boyd published on July 31, 2008 8:13 AM.

My take on today's court ruling against Reuters... in favor of FaceTime was the previous entry in this blog.

Unified Communications in real life is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Search

Blog Roll

Collaborative Thinking

Ed Brill

Eileen Brown's Weblog

Enterprise 2.0 Blog

FastForward

Irwin Lazar

No Jitter

Schneier

Single Point of Contact

Team Think

Technology Live

Techland

The Facebook Blog

The Impact of Information Technology (IT) on Businesses and their Leaders

The Osterman Research Blog

The User View

Security Fix

Zero Day

Comment/Trackback Policy

This site supports an open comment policy. Rude, wasteful, off-topic, privacy-intruding or libelous comments will be deleted. Comments will remain open unless abused.