Earlier this month at BlackHat Europe, a couple of French researchers (one person's "researcher" is another person's "hacker") released a white paper entitled "Silver Needle In The Skype."
The 115-page PDF document lists Skype security and access difficulties, and how they might be fixed.
There's quite a list. I will illustrate the top-line issues in this post.
Here's what researchers Philippe Biondi Fabrice Desclaux lead with as some of Skype's "problems":
From a Network Security Administrator point of view:
Lots of stuff there.. the proxy credentials reuse is a bit scary.
Next, let us go to what the authors deem Skype's main problems for systems security administrators:
"Impossible to scan for trojan/backdoor/malware inclusion"? Doesn't sound too good to me.
Now let us look at what the study authors think IT chief security officers ought to be concerned with:
The report then offers detailed, code-infused recommendations on what specific concerns addressed above can be tightened up, and what in Skype makes many of these concerns essentially unaddressable.
The "Conclusions" the authors turn up ought to be sobering:
There are two sides - sometimes more- to every story. I look forward to replies from folks in the Skype camp. Feel free to counter with your own research, experiences, and TalkBacks!