On Mon, 2009-08-31 at 02:04 -0400, Gene Heskett wrote: > On Monday 31 August 2009, Patrick O'Callaghan wrote: > >On Sun, 2009-08-30 at 21:33 -0400, Gene Heskett wrote: > >> Sorry Patrick, but our govco snoops have been bragging they have skype > >> decoded now for about 2 years. > > > >If by "decoded" you mean "payload encryption broken routinely without > >the use of keyloggers or Trojans", do you have a reference? > > > >> And I assume skype has been changing things too, but whatever one > >> group can do, another group can undo. Its just the > >> nature of the internet for that to happen. > > > >That's a seductive generalization, but it *is* a generalization. It's > >meaningless without more specificity. For example, crypto is entirely > >based on one group doing something which another group cannot undo with > >any realistic set of resources. Yes, crypto can be poorly implemented > >(which is a big argument in favour of open source) but it can also be > >extremely secure if done right. Is it done right in Skype? I don't know, > >but to date I know of no evidence to suggest it has problems. I'd be > >interested to hear if you have any. > > > >poc > > Search on /. for skype & spooks. Or if you are really confident, use it to > plan blowing something up on the 9/11/01 anniversary but plan to have your > plans interrupted. So that would be "no, I don't have a reference to our govco snoops bragging they have skype decoded". I did search on /. and found a number of articles referring to rumours, both that Skype has a back-door, and that the NSA is offering large sums to anyone who can break Skype. It seems unlikely that both are true. > Also, there is another attack that was discussed just in the last 36 hours or > so, where a compromised machine makes an mp3 out of your conversation, and > then mails it someplace. Presumably a winderz box I imagine. Hopefully us > linux folks have enough sense to not let that happen. As I said, compromising the end-user's machine doesn't count. Also, Skype-to-phone doesn't count either as you can just bug the phone system. > I used skype a few times when I was in upstate MI for a while, mainly cuz the > telco's up there think long distance is worth 41 cents a damned minute, just > to call a business 7 miles down the road. [...] I use Skype every week to keep in touch with my family, now spread over three continents. Could I get them all to install some other VOIP app? Maybe, but none of them are technically minded and I just don't want the hassle. Besides, we use other means to discuss our plans for World Domination. poc -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
