Title: Page 113 – Alex Kirk

---

 * 
   ## 󠀁[Looking into the Skype Protocol](https://alex.kirk.at/2006/03/21/looking-into-the-skype-protocol/)󠁿
   
 * March 21, 2006
 * As you all know, [Skype](http://www.skype.com/) is a very popular Voice-over-
   IP software. Skype also claims that all its communication is encrypted (which
   raised some discussion whether you should [considered a criminal](http://arstechnica.com/news.ars/post/20060217-6206.html)(
   [digged also](http://www.digg.com/technology/Encrypting_Your_Communication_Means_You_Must_Be_a_Criminal))
   if you “hide away” from eavesdropping).
 * Philippe Biondi and Fabrice Desclaux from EADS [held a talk](http://www.secdev.org/conf/skype_BHEU06.handout.pdf)
   at Blackhat Europe conference where they show their latest discoveries.
 * The talk is rather technical and might be hard to understand. I picked some of
   the most interesting points:
    - **Almost everything is obfuscated (looks almost random)**
       This is a sign 
      for good use of encryption.
    - **Automatically reuse proxy credentials**
       When Skype gets to know how to 
      use your proxy, it will hand on the information to other Skypes.
    - **Traffic even when the software is not used (pings, relaying).**
       I heard
      quite a few times of some office PCs being promoted to Supernodes, generating
      enormous traffic.
    - **No clear identification of the destination peer**
       The destination IP is
      not disclosed to a firewall for example, network administrators can’t block
      certain IPs.
    - **Many protections, antidebugging tricks, and ciphered code**
       This is an 
      attempt to protect themselves from spies (i.e. hackers, government) but it
      might also hide away secret backdoors or them spying. This is often a problem
      of closed software. Using this techniques also hinders open source or simply
      3rd party software from building compatible clients.
 * In [Skype’s FAQ](http://www.skype.com/help/faq/privacy.html) they state that 
   they use AES encryption. This seems to be proved and seems a good thing, but 
   they embed the data into a proprietary protocol which may have its drawbacks 
   and is incompatible to others. It’s their right to do so, but this gives much
   power to those who know about the inner workings (this does not necessarily only
   include Skype).
 * They give as a conclusion:
    - **Impossible to protect from attacks (which would be obfuscated)**
       It basically
      means that we have to trust Skype that they keep up their secrets. There are
      very many users which makes the Skype audience an interesting target.
    - **Total blackbox. Lack of transparency. No way to know if there is/will be
      a backdoor**
    - **Skype was made by clever people; Good use of cryptography**
       They admit 
      that it was built in a good way. But it’s like the government that may be 
      suspicious if you encrypt all your communication. Skype encrypts everything
      and itself. Should we be suspicious?
 * Further readings: [Skype network structure](http://www1.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf),
   [Skype’s Guide for Network Administrators](http://www.skype.com/security/guide-for-network-admins.pdf)
 * skype, protocol, analysis
 * [digg it](http://digg.com/security/Looking_into_the_Skype_Protocol)
 * [Web](https://alex.kirk.at/category/web/)
 * 
   ## 󠀁[Delicious Interface Updates](https://alex.kirk.at/2006/03/09/delicious-interface-updates/)󠁿
   
 * March 9, 2006
 * Today [del.icio.us](http://del.icio.us/) did some really nice interface updates.
 * In the first place, they [announced inline editing](http://blog.del.icio.us/blog/2006/03/a_few_things_an.html)
   which is very slick. You just click on “edit” on the “your bookmarks” page and
   you can edit the item right away.
 * They also updated the URL page which looks very nice and tidy now.
 * [[
 * These updates don’t affect [blummy](http://blummy.com/), you can still use it
   to add your bookmarks from any page. If you haven’t seen it, give it a try.
 * The announcement also says that private bookmarking (one of the big missing features)
   will be released next week.
 * [digg it](http://digg.com/software/Delicious_Interface_Updates), [add to del.icio.us](http://del.icio.us/post?v=2&url=http%3A%2F%2Falex.kirk.at%2F2006%2F03%2F09%2F delicious-interface-updates%2F&title=Alexander%20Kirk%3A%20Delicious%20Interface%20Updates)
 * del.icio.us, interface, update
 * [Misc](https://alex.kirk.at/category/misc/)

 [Previous Page](https://alex.kirk.at/page/112/?output_format=md&term_id=1122) [Next Page](https://alex.kirk.at/page/114/?output_format=md&term_id=1122)