About

Download

  • A free mini-guide on how to blog a conference in detail, by Ethan Zuckerman and Bruno Giussani.

Search LoIP

  • Web LoIP

Get LoIP per email

  • Enter your email address:

Non-profit

Books by Bruno Giussani

« Shopsin's moving to Brooklyn | Main | The Swiss in the US »

March 30, 2006

Comments

Bruno,

Great summary of the issues relating to Skype. Is your WSJ article online? If so, do you have a URL for it? I searched the site but couldn't find the article. I'd love to mention it in our next VoIP security podcast and be able to point listeners to it.

Thanks,
Dan

There's another set of issues with Skype that you didn't even mention..... compliance with Sarbanes Oxley regulation. On the one hand, recording and managing voice traffic on a corporate network that is attempting compliance would be extremely tough if there are Skype users. On the other hand, Skype provides authentication and privacy (encryption) that might make some compliance issues easier.

According to your article, the Skype security issues are the following, but I regard them as far more unlikely and hypothetical than other well-known software threats:
1. Are employees that install Skype on their office PCs opening up holes in their company's firewalls? ---- totally unfounded "threat"
2. Could hackers use the data stream carrying a call to infiltrate corporate or other networks? ---- again totally unfounded, especially when compared to other things that hackers might do far more easily
3. Could a supernode be taken over by a malicious operator? ---- I actually worry about this one a bit, but less than I worry about many other things.

In addition, you mention certain economic and legal "problems" with Skype, but they are so remote as to be laughable.
1. What are the legal ramifications of routing large amounts of outside telecom traffic through a supernode, as existing or future laws may require organizations that do this (unintentionally) to store the data?
2. Could the operating cost of becoming a supernode be overwhelming? If I'm not mistaken, this is CERN's chief concern..... but in my view is vastly exaggerated.

The comments to this entry are closed.

Upcoming conferences