Skype 1.4.0.99 reads /etc/ passwd and firefox profile!
,----[ Quote
| I just did an strace on Skype and can confirm your findings.
|
| I fact I have recently been thinking about the "Bundestrojaner" german
| minister Schäuble is planning to use and found that Skype would be the
| perfect place to hide it:
| - it is installed on a majority of systems
| - it is protected against decompilation / debuggers
| - it bypasses almost any firewall
| - it uses encryption for network traffic
| - it may send lots of data even when not making a call
| - it might have already been deployed by the NSA
| - eBay has a history of cooperating with federal agencies
|
| But of course you would not care about big brother reading your harddrive
| unless you are a terrorist...
`----
http://forum.skype.com/index.php?showtopic=95261
Related:
Beware of Skype
,----[ Quote ]
| The Skype network has been a concern of government intelligence agencies
| since its inception because it provides a worldwide network of encrypted VoIP
| calls to potential “terrorists”. So how coincidental is it that 10 days after
| Bush signs into law a Bill giving the government authority to track foreign
| calls that go through U.S. networks that Skype, for the first time in its
| existence, undergoes a massive worldwide outage?
|
| [...]
|
| But there are FOSS alternatives to Skype people really should start
| considering now. One is the OpenWengo Project. Businesses, and even
| individuals, should also consider setting up their own Asterisk servers with
| encryption.
`----
http://www.freesoftwaremagazine.com/node/2479
Skype Reads Your BIOS and Motherboard Serial Number
,----[ Quote ]
| An unreadable executable file coming from Skype sounds interesting,
| so I look at it. It's 46 bytes long. For copyright reasons I can't
| post the file or a complete disassembly. However, I can describe
| the program in terms of 16-bit DOS C:
|
| int main(void)
| {
| fwrite((const void far*) 0xF0000000, 1, 0xFFFF, stdout);
| fwrite((const void far*) 0xF000FFFF, 1, 1, stdout);
| return 0;
| }
|
| It's dumping your system BIOS, which usually includes your
| motherboard's serial number, and pipes it to the Skype application.
| I have no idea what they're using it for, or whether they send
| anything to their servers, but I bet whatever they?re doing is no
| good given their track record.
`----
http://www.pagetable.com/?p=27
Skype staff play good cop bad cop with Linux users
,----[ Quote ]
| Thank goodness for another staff member, Ryan Hunt, who injected a
| little decorum into the thread, and more than a little honesty, by
| admitting “With 1.4 we're taking it back to basics so we can do it
| right - because that's what you deserve” and stating that “One of
| the features at the heart of 1.4 is the greatly improved audio
| quality and stability.
`----
http://www.daniweb.com/blogs/entry1501.html
Why proprietary code is bad for security
,----[ Quote ]
| Tho Skype is using an encrypted protocol, it’s still their own, non-disclosed
| code and property. So we don’t know what it contains.
|
| [...]
|
| It’s time to stop accepting that *we* are the bad guys, and to stop consuming
| things we just don’t understand (and cannot, because they are proprietary,
| closed-source systems).
|
| Say no to companies, or even governments who treat you like this. Start using
| open sourced products and protocols wherever you can. Even if *you* could
| still never understand the code used in these systems, there are still lots
| of people who can, and who will examine it. The magic word here is “peer
| review” - your friend or buddy or neighbour may be able to understand all
| that, and to help. No, not with Skype or Windows or any black box from Cisco.
`----
http://wolfgang.lonien.de/?p=394
|
|
