[VOIPSEC] Soft Phone Vulnerabilities
Jon Callas
jon at pgpeng.com
Wed Jun 7 15:52:08 CDT 2006
On 7 Jun 2006, at 7:44 AM, FOUCHE Nicolas ROSI/DAS wrote:
>
> Ok with that. I'm just saying that Skype isn't a security model
> like you said.
> But you must admit that it's hard to control P2P. Enterprises like
> control what occurs in their network. That's mean to know what flow
> goes where. P2P don't ensure that... And particularly Skype which
> we don't know many thing.
>
At the risk of sounding like I'm defending Skype, which I'm not, I am
not sure I understand the exact problem with it.
In my company, we pay for mobile phones. Some employees have mobile
phones issued by the company and paid directly, but most simply
expense their mobile bills.
In the case of the latter, we have no control and little visibility
into what the employee is doing. (I am one of the former, and the
company has more visibility into my phone use than I do.) What's the
difference between someone expensing their mobile bill and using
Skype, from a security and control aspect? Especially when one of the
things we let people expense is a data plan?
What's the real problem with Skype? By that I mean what problem
exists with it that does not exist with some other system.
(Incidentally, my opinion as CSO on Skype use is that it may be used
so long as nothing is said that would require an NDA. In other words,
I consider it a less secure phone than POTS.)
Jon
--
Jon Callas
CTO, CSO
PGP Corporation Tel: +1 (650) 319-9016
3460 West Bayshore Fax: +1 (650) 319-9001
Palo Alto, CA 94303 PGP: ed15 5bdf cd41 adfc 00f3
USA 28b6 52bf 5a46 bc98 e63d
More information about the Voipsec
mailing list