If you are thinking about Skype in your enterprise, YOU MUST read this first

Earlier this month at BlackHat Europe, a couple of French researchers (one person's "researcher" is another person's "hacker") released a white paper entitled "Silver Needle In The Skype."The 115-page PDF document lists Skype security and access difficulties, and how they might be fixed.

Earlier this month at BlackHat Europe, a couple of French researchers (one person's "researcher" is another person's "hacker") released a white paper entitled "Silver Needle In The Skype."

The 115-page PDF document lists Skype security and access difficulties, and how they might be fixed.

There's quite a list. I will illustrate the top-line issues in this post. 

Here's what researchers Philippe Biondi Fabrice Desclaux lead with as some of Skype's "problems":

From a Network Security Administrator point of view:

skypeproblems1.jpg
 

Lots of stuff there.. the proxy credentials reuse is a bit scary.

Next, let us go to what the authors deem Skype's main problems for systems security administrators:

skypeproblems2.jpg
 

"Impossible to scan for trojan/backdoor/malware inclusion"? Doesn't sound too good to me.

Now let us look at what the study authors think IT chief security officers ought to be concerned with:

The report then offers detailed, code-infused recommendations on what specific concerns addressed above can be tightened up, and what in Skype makes many of these concerns essentially unaddressable.

The "Conclusions" the authors turn up ought to be sobering:

skypeproblems4.jpg
 

There are two sides - sometimes more- to every story. I look forward to replies from folks in the Skype camp. Feel free to counter with your own research, experiences, and TalkBacks!

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All