http://j.mp/kt72Ke+ > "Yesterday we reported on a freelance researcher reverse-engineering the > Skype protocol and beginning to write open-source code that would work with > this popular VoIP network. A representative of Skype has now contacted > Phoronix to inform us they will be taking "all necessary steps" to stop this > effort."
I've always been wary of Skype for their SBO stance, despite the many security friends who have used it, love it, and promote it at every turn. Prior to this year's disclosures of increasing success in attempts to decode the thing (and the purchase by Microsoft), I was even thinking that I might have to jump on the bandwagon and start using it, as one of the most realistic ways of phoning home from various countries overseas. This new wrinkle in the situation reminds me of the battle royal, many years ago, between Microsoft and AOL over instant messaging functions. (Little good can come out of the fight, I suspect, other than the high probability that someone will come up with some form of realistic alternative to Skype.) In the instant messaging scrap, both sides worked furiously on developing new versions of their client software that would be incompatible with the other. This activity culminated in one vendor creating one with a buffer overflow situation. Not by accident: this was done deliberately so that some instant messaging functions could *only* be accessed by a buffer overflow, thus reducing the (comparative) functionality of the other client. Not the actions of a vendor that has user security at heart ... ====================== (quote inserted randomly by Pegasus Mailer) [email protected] [email protected] [email protected] - Is it plugged in? - I can't see. - Why not? - The power's off here. victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
