Skype - a security risk?

Skype - a security risk?: Posted by Chris Webster on September 4th, 2005; Hi,

Is installing and running Skype from workstations in a corporate network
considered a security risk for the network, servers and workstations?

Of course I mean using Skype binaries downloaded directly from www.skype.com

Thanks for comments on this issue

regards

Chris; Posted by Imhotep on September 5th, 2005; Chris Webster wrote:

I have not heard of any security issues with Skype. I would check out some
of the vulnerability databases out there to see if there are any known
issues. Also, you did not specify what OS you are talking about...

Im; Posted by hatschi on September 5th, 2005; Good question.

At least nobody knows what skype is doing. They use a protocol, which is
proprietary and kept secret. However, Skype uses a mechanism, which
allows the software to get through any firewall by using the https port.

The guys from skype were the formerly kazaa people. That prog had a bad
reputation by installing spyware on your pc. I dont think they would do
that kind of buisness now, because they want to spread skype and earn
money with in- and outgoing calls to pstn.

At least, my company decided not to install Skype. But we have a very
restrictive policy.

At least, I would feel uncomfortable to use a software and not knowing
what it is doing in a sensitive enviroment.

Regards
hatschi; Posted by Imhotep on September 5th, 2005; hatschi wrote:

You have good comments but, think about this. With any commercial software
do you really know whats "under the hood"? How many commercial software
vendors use proprietary protocols? Maybe 85%?

Just a thought,
-- Imhotep; Posted by hatschi on September 5th, 2005; Yes you are definetly right, but when you are using SIP or any other
protocol a sniffer can decode you can see what is going on. At least an
open source software would be the best decision from that point of view.

The other thing is how much you trust a company or how much knowledge
you have about their security issues. Actually Cisco seems to have a big
problem to get their stuff hardend.

If I have the choice between Skype, or for instance a SIP thing, I would
choose the last one. But that means a lot of work and sometimes a pain
in the ... Skype is a wonderful out of the box experience.

Greetings
hatschi; Posted by Gerard Bok on September 5th, 2005; On Mon, 5 Sep 2005 00:24:16 +0200, "Chris Webster"
<chris@webster.net> wrote:

http://www.geocities.com/bergstromde...alysis_1_3.pdf

--
Kind regards,
Gerard Bok

Similar Posts

Security Risk? (Microsoft Windows) by Bob Newman
administrator account security risk (Security & Administration) by product53
Is this a real Security risk? (Basics) by EmperorJayP
Google desktop search....is it a security risk? (Software & Applications) by alpha
Wireless Devices - Security Risk? (Computer Security) by b1377@worldnet.att.net