[VOIPSEC] Soft Phone Vulnerabilities

Ken ken at ipl31.net
Wed Jun 7 17:56:21 CDT 2006 

On 6/7/06, Jon Callas <jon at pgpeng.com> wrote:
>
> On 7 Jun 2006, at 7:44 AM, FOUCHE Nicolas ROSI/DAS wrote:
>
> >
> > Ok with that. I'm just saying that Skype isn't a security model
> > like you said.
> > But you must admit that it's hard to control P2P. Enterprises like
> > control what occurs in their network. That's mean to know what flow
> > goes where. P2P don't ensure that... And particularly Skype which
> > we don't know many thing.
> >
>
> At the risk of sounding like I'm defending Skype, which I'm not, I am
> not sure I understand the exact problem with it.
>
> In my company, we pay for mobile phones. Some employees have mobile
> phones issued by the company and paid directly, but most simply
> expense their mobile bills.
>
> In the case of the latter, we have no control and little visibility
> into what the employee is doing. (I am one of the former, and the
> company has more visibility into my phone use than I do.) What's the
> difference between someone expensing their mobile bill and using
> Skype, from a security and control aspect? Especially when one of the
> things we let people expense is a data plan?
>
> What's the real problem with Skype? By that I mean what problem
> exists with it that does not exist with some other system.

>From an enterprise perspective, Skype is a black box that relays
traffic to other skype users. I think the concern is not so much what
people are saying over skype and if it can be intercepted. But more
like any p2p app, what threats does it introduce by having employees
running it on their enterprise laptops and desktops. At least thats
how I see it.

-Ken

>
> (Incidentally, my opinion as CSO on Skype use is that it may be used
> so long as nothing is said that would require an NDA. In other words,
> I consider it a less secure phone than POTS.)
>
>         Jon
>
> --
> Jon Callas
> CTO, CSO
> PGP Corporation         Tel: +1 (650) 319-9016
> 3460 West Bayshore      Fax: +1 (650) 319-9001
> Palo Alto, CA 94303     PGP: ed15 5bdf cd41 adfc 00f3
> USA                          28b6 52bf 5a46 bc98 e63d
>
>
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>


-- 
Ken Caruso
ken at ipl31.net

More information about the Voipsec mailing list