In the news: Soon to be published, Skype back-door trojan code?
Gene Heskett
gene.heskett at verizon.net
Mon Aug 31 14:27:39 UTC 2009
On Monday 31 August 2009, Alan Cox wrote:
>On Sun, 30 Aug 2009 11:28:58 +0100
>
>Marko Vojinovic <vvmarko at gmail.com> wrote:
>> On Sunday 30 August 2009 09:20:59 Tim wrote:
>> > On Sat, 2009-08-29 at 14:09 -0700, Joel Gomberg wrote:
>> > > I thought Skype was P2P application
>> >
>> > Supposedly it is, but with closed source, you've no real idea what it's
>> > going to do. Even hacking software to reverse engineer it may only
>> > give you a partial picture, particularly if it's convoluted.
>>
>> Is there any initiative or attempts to reverse engineer its protocol?
>
>There have been but it uses every malware like trick of the book to self
>encrypt and the like. With virtual machines it isn't of course quite so
>safe any more.
>
>There are also some other awkward factors
>
>- The person who completely reverse engineers skype probably destroys it.
> If you can write a skype client than the spammers can write skype spam
> tools as well.
>
>- Skype appears to contain various law enforcement intercept facilities
> judging by the evidence - although mostly circumstantial.
>
>- The Skype business model depends upon interoperability not working
> (like early instant messaging systems), so you would expect a mix of
> protocol changes and thermonuclear level legal responses if the work
> was done in the USA or other countries with broken DMCA type laws.
>
>> programming... But surely *someone* does, is there any known attempt to
>> do this?
>
>I would imagine anyone doing so is keeping fairly quiet - there is big
>money on offer from the bad guys for skype trojans, intercepts and
>clients, while anyone on the good side fiddling with it faces jail and
>harrasment - a fine example of perverse economic incentives.
>
>Alan
Absolutely spot on Alan.
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.
<https://www.nrahq.org/nrabonus/accept-membership.asp>
Nezvannyi gost'--khuzhe tatarina.
[An uninvited guest is worse than the Mongol invasion]
-- Russian proverb
More information about the users
mailing list