[VOIPSEC] Soft Phone Vulnerabilities
David MENTRE
mentre at tcl.ite.mee.com
Thu Jun 8 02:19:51 CDT 2006
Hello,
Jon Callas a écrit :
> What's the
> difference between someone expensing their mobile bill and using
> Skype, from a security and control aspect? Especially when one of the
> things we let people expense is a data plan?
I'm quite surprised you ask such a question considering the firm you
work in: your mobile phone has no access[1] to your local network and
thus all other machines of your network. Your mobile phone has no
control on the working of your computer.
> What's the real problem with Skype? By that I mean what problem
> exists with it that does not exist with some other system.
- no knowledge of Skype's network structure and use of cryptography;
- no possible[2] review of code (at least compared to Free Software
products);
- no possible control by a network administrator of the working of the
software[3].
Sincerely yours,
david
[1] That might change with the new GSM/Wifi phones.
[2] I do not imply that Free Softwares are effectively reviewed.
[3] Would you allow the use of MS Word without the possibility to
disable macro execution?
--
David MENTRE <mentre at tcl.ite.mee.com> - Research engineer
Mitsubishi Electric ITE-TCL / European Telecommunication Research Lab
Phone: +33 2 23 45 58 29 / Fax: +33 2 23 45 58 59
http://www.mitsubishi-electric-itce.fr
More information about the Voipsec
mailing list