Time flies

Time flies

Leave a Comment / Jobs / By

It has been weeks since the last update to the Locksmith’s blog here, so, since this Saturday morning is quite quiet, and I have time to sit here and type something, rather than being on the phone or out and about (or both!) I thought I would post about the Skype attack.

No-one is yet sure what has happened, except perhaps the Skype people, and they aren’t telling. I’ve read a few interesting theories, and learned a bit about Skype, too.

Skype user numbers This graph is made from a log of the Skype “Users online” RSS feed, and shows that the number of users spiked quite dramatically right before it all started to go wrong. The timing is a bit out for your typical cyberattack, which generally takes place just after everyone has gone home on a Friday night, to really mess up the Mondays of support staff returning from the weekend. This kicked off way too early for that, on the Thursday.

What is interesting is the way that Skype actually operates. Rather than being truly peer-to-peer, as we have been told so many times, it turns out it is not. This isn’t really a big shock, since how do you check for credits and genuine log-in details otherwise? However, the way Skype seems to have routed traffic through some corporate networks is rather interesting, as is the news that Skype keeps a log of the last 200 people (in the registry!) to call back should it lose a direct connection to the log-in server. So, you might end up becoming a super-hub, when your 300 corporate users lose that connection to the internet because something goes wrong, and you, leaving Skype dormant, simply fire up your back-up modem. Suddenly, 300 users worth of bandwidth are trying to proxy through you, and your already painful 56K becomes totally DDoS’d by log-in requests that you weren’t even aware of.

Personally, I no longer trust Skype totally. The encryption we heard so much about when it was launched now seems to have a major backdoor, if everything is being routed through the central servers. After all, we only have Skype and eBay to vouch for it being encrypted end-to-end, and it seems fairly likely they can access the data. And the German government has stated it can intercept the calls.

A better solution for corporate data is something like Cryptophone from the stable of Barry Wels. Proper end-to-end encryption, and fully open source code, with no central server. And you can carry it with you, rather than being tied to your PC.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top