Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Alan Cox <alan <at> lxorguk.ukuu.org.uk>
Subject: Re: In the news: Soon to be published, Skype back-door trojan code?
Newsgroups: gmane.linux.redhat.fedora.general
Date: Monday 31st August 2009 11:05:28 UTC (over 8 years ago)
On Sun, 30 Aug 2009 11:28:58 +0100
Marko Vojinovic  wrote:

> On Sunday 30 August 2009 09:20:59 Tim wrote:
> > On Sat, 2009-08-29 at 14:09 -0700, Joel Gomberg wrote:
> > > I thought Skype was P2P application
> >
> > Supposedly it is, but with closed source, you've no real idea what it's
> > going to do.  Even hacking software to reverse engineer it may only
give
> > you a partial picture, particularly if it's convoluted.
> 
> Is there any initiative or attempts to reverse engineer its protocol?

There have been but it uses every malware like trick of the book to self
encrypt and the like. With virtual machines it isn't of course quite so
safe any more.

There are also some other awkward factors

- The person who completely reverse engineers skype probably destroys it.
  If you can write a skype client than the spammers can write skype spam
  tools as well.

- Skype appears to contain various law enforcement intercept facilities
  judging by the evidence - although mostly circumstantial.

- The Skype business model depends upon interoperability not working
  (like early instant messaging systems), so you would expect a mix of
  protocol changes and thermonuclear level legal responses if the work
  was done in the USA or other countries with broken DMCA type laws.

> programming... But surely *someone* does, is there any known attempt to
do 
> this?

I would imagine anyone doing so is keeping fairly quiet - there is big
money on offer from the bad guys for skype trojans, intercepts and
clients, while anyone on the good side fiddling with it faces jail and
harrasment - a fine example of perverse economic incentives.

Alan

-- 
fedora-list mailing list
[email protected]
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
 
CD: 13ms