Skype is a free tool. You get, what you pay for. Same with Google and their products, etc.
On May 16, 2013, at 5:36 PM, Juha-Matti Laurio <[email protected]> wrote: > A different point of view also: > > http://www.zdnet.com/is-microsoft-reading-your-skype-instant-messages-7000015388/ > > Juha-Matti > > Jeffrey Walton [[email protected]] kirjoitti: >> A couple of follow ups on this.... >> "Skype backdoor confirmation," >> http://lists.randombit.net/pipermail/cryptography/2013-May/004224.html >> and >> "All Your Skype Are Belong To Us," >> http://financialcryptography.com/mt/archives/001430.html >> On Wed, May 15, 2013 at 10:20 PM, Jeffrey Walton <[email protected]> wrote: >> > (Thanks to KW in a private email). >> > >> > http://www.h-online.com/security/news/item/Skype-with-care-Microsoft-is-reading-everything-you-write-1862870.html >> > >> > Anyone who uses Skype has consented to the company reading everything >> > they write. The H's associates in Germany at heise Security have now >> > discovered that the Microsoft subsidiary does in fact make use of this >> > privilege in practice. Shortly after sending HTTPS URLs over the >> > instant messaging service, those URLs receive an unannounced visit >> > from Microsoft HQ in Redmond. >> > >> > A reader informed heise Security that he had observed some unusual >> > network traffic following a Skype instant messaging conversation. The >> > server indicated a potential replay attack. It turned out that an IP >> > address which traced back to Microsoft had accessed the HTTPS URLs >> > previously transmitted over Skype. Heise Security then reproduced the >> > events by sending two test HTTPS URLs, one containing login >> > information and one pointing to a private cloud-based file-sharing >> > service. A few hours after their Skype messages, they observed the >> > following in the server log: >> > >> > 65.52.100.214 - - [30/Apr/2013:19:28:32 +0200] >> > "HEAD /.../login.html?user=tbtest&password=geheim HTTP/1.1" >> > >> > Source: Utrace They too had received visits to each of the HTTPS URLs >> > transmitted over Skype from an IP address registered to Microsoft in >> > Redmond. URLs pointing to encrypted web pages frequently contain >> > unique session data or other confidential information. HTTP URLs, by >> > contrast, were not accessed. In visiting these pages, Microsoft made >> > use of both the login information and the specially created URL for a >> > private cloud-based file-sharing service. >> > >> > In response to an enquiry from heise Security, Skype referred them to >> > a passage from its data protection policy: >> > "Skype may use automated scanning within Instant Messages and SMS to >> > (a) identify suspected spam and/or (b) identify URLs that have been >> > previously flagged as spam, fraud, or phishing links." >> > >> > A spokesman for the company confirmed that it scans messages to filter >> > out spam and phishing websites. This explanation does not appear to >> > fit the facts, however. Spam and phishing sites are not usually found >> > on HTTPS pages. By contrast, Skype leaves the more commonly affected >> > HTTP URLs, containing no information on ownership, untouched. Skype >> > also sends head requests which merely fetches administrative >> > information relating to the server. To check a site for spam or >> > phishing, Skype would need to examine its content. >> > >> > Back in January, civil rights groups sent an open letter to Microsoft >> > questioning the security of Skype communication since the takeover. >> > The groups behind the letter, which included the Electronic Frontier >> > Foundation and Reporters without Borders expressed concern that the >> > restructuring resulting from the takeover meant that Skype would have >> > to comply with US laws on eavesdropping and would therefore have to >> > permit government agencies and secret services to access Skype >> > communications. >> > >> > In summary, The H and heise Security believe that, having consented to >> > Microsoft using all data transmitted over the service pretty much >> > however it likes, all Skype users should assume that this will >> > actually happen and that the company is not going to reveal what >> > exactly it gets up to with this data. >> _______________________________________________ >> Fun and Misc security discussion for OT posts. >> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec >> Note: funsec is a public and open mailing list. > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
