Joined: 01 May 2008
Location: Phoenix, AZ, USA
|Posted: Thu Oct 02, 2008 11:42 pm Post subject: for people using s-k-y-pe
|I have heard that it's insecure, just for your collective information...
EDIT: Link not working; article:
Chinese snoop on Skype, but are they alone?
Thursday, October 02, 2008 10:59:22 PM
By PETER SVENSSON
A Canadian researcher has discovered that a Chinese version of eBay Inc.'s Skype communications software snoops on text chats that contain certain keywords, including "democracy."
The revelation is not only of interest to rights groups that monitor Internet censorship. The discovery also likely intrigues law enforcement and intelligence agencies in other countries, because they have been bothered by the growing use of Skype, which claims 338 million users across the world.
By its very nature, Skype is difficult to wiretap. Skype routes calls and chats between computers over the Internet, avoiding traditional phone networks. And Other Business Photos
Bailout hopes rise as more 'no' votes switch
the contents are supposedly encrypted, raising concerns in law enforcement that Skype could let criminals to communicate without fear of eavesdropping.
The FBI has argued for applying U.S. wiretapping law to Internet phone calls. The bureau got a favorable court ruling in 2006, but it's not clear whether it applies to systems like Skype that skip telephone networks.
In the other camp, privacy advocates and security experts are concerned that Skype, while presented by the company as a secure channel of communication, has some kind of "back door" that allows eavesdropping. Whether Skypetapping is already going on in the U.S. and Europe is a matter that the company has equivocated on for years.
"For a couple of years, maybe more, people have had the suspicion ... that Skype pretends to be secure but actually isn't," said Bruce Schneier, the chief security technology officer of BT Group PLC, the British telecom carrier.
"The Chinese eavesdropping on Skype text messages only adds to the PR problems, the image problems, that Skype has among those who care about security," Schneier added.
On Wednesday, Nart Villeneuve at the University of Toronto revealed that a Chinese version of Skype's application is being used for wholesale surveillance of text messages.
The software is distributed by Skype's Chinese partner, Tom Online Inc. Skype has acknowledged since 2006 that this version looks for certain sensitive words in text chats, and blocks those messages from reaching their destination.
What Villeneuve found was that the Tom-Skype program also passes the messages caught by the filter to a cluster of servers on Tom's network. Because of poor security on those servers, he was able to retrieve more than a million stored messages. The filter appears to look for words like "Tibet," "democracy" and "milk powder" -- China is in the throes of a food scandal involving tainted milk. //
This directly contradicts a blog posting on Skype's Web site, which says that the software discards the filtered messages, and neither displays nor transmits them anywhere.
On Thursday, Skype president Josh Silverman said the company learned of the message diversion only Wednesday. It alerted Tom that the messages were insecurely stored, which was quickly fixed.
"In addition, we are currently addressing the wider issue of the uploading and storage of certain messages with Tom," Silverman wrote in a statement.
Skype has earlier given contradictory statements on the eavesdropping issue.
It has told The Associated Press Other Business Photos
Bailout hopes rise as more 'no' votes switch
that it "cooperates fully with all lawful requests from relevant authorities." But when asked by CNET's News.com in June whether it could accommodate a wiretapping request, it said it could not, because of the way its system works: Skype calls are encrypted, and only the two computers at each end have the keys to decrypt them.
Yet both Schneier and Simson Garfinkel, an associate of the School of Engineering and Applied Sciences at Harvard University who has studied Skype's security, believe it would actually be trivial for the company to listen in on conversations.
"I can think of five or six different ways to eavesdrop on Skype. It's not that hard if you are the Skype company and want to provide legal access to law enforcement," Garfinkel said.
It's unclear whether Skype has an obligation to help law enforcement under U.S. law. Peter Swire, who served as the Clinton administration's privacy czar for two years and is now a professor of law at Ohio State University, said that while he knows of no U.S. court ruling that has required Skype to comply with wiretapping requests, it's conceivable that the company is voluntarily cooperating with law enforcement.
Skype told News.com that it had not received a subpoena or court order to perform eavesdropping.
Yet German technology site Heise Online reported in July that Austrian officials claimed to be able to listen to Skype conversations. The relative quietness of the law enforcement community on the issue in recent years could be the result of such cooperation.
The FBI did not return a call for comment Thursday.
Joined: 25 Mar 2006
|Posted: Fri Oct 03, 2008 10:50 am Post subject:
|From a technical point of view....
Most internet connections are not encrypted, or are relayed through servers. You should assume that all such communications are unencrypted and as such not communicate confidential details such as credit card information.
This is very true in China, as the internet is government controleld.
You can expect that some tramsmissions will be scanned or interecpted in most parts of the world. (Do you trust the staff at your ISP? and the other persons ISP? and every other telco in between?). Be very careful sending emails, including to Russia, with personal details, email is definatly not encrypted, and it often passes, and is stored on many servers, and is easily intercepted.
If, and only if, you trust the company.... You should use a secure web page (one that shows the padlock in your browser). Never accept a connection that brings up any kind of certificate error. If unavailable send a fax.
Also be careful of scams on skype, msn, icq etc. Well known scams have originated in Russia. (Girls requesting money for flights and tickets). You should know who you are talking to, be careful out there. If you must, better to book on their behalf, never send cash or credit card details.
As for gonvernment agencies, etc, you can assume that they can break the encryption if they wished, as they would probably have the available computer power.
Joined: 01 Jan 2009
Location: Oklahoma City, OK
|Posted: Thu Jan 01, 2009 10:31 pm Post subject: Skype Security
|The internet in general is not secure.
I do not think any government has the time or interest to monitor personal communications. There are just too many billions of emails a day and millions of Skype calls a day for anyone to monitor them.
So use Skype, talk to your friends and make new friends. If you are communicating what should NOT be communicated on an unsecured media, then do not use the internet. Simple.