Home › Forums › Archives › Instant Messaging › Other Instant Messengers › Skype › How I learned to love Skype… and its big holes..
- This topic has 0 replies, 1 voice, and was last updated 20 years, 10 months ago by ZapTheDingbat.
-
AuthorPosts
-
March 24, 2004 at 11:05 am #10619ZapTheDingbatMember
Sompne showed me Skype recently.
Skype is a P2P messenger client in the true meaning of the term.
I was plesently suprised to find the boast about the lack of malware(ad-ware/spyware) included in the client on the website (http://skype.com) and equaly suprised to see no advetizing in the client.
altough pleased about the clean and apparently inocent nature of it all, it didnt make sence. The client isnt open source and there was a very apparent lack of an income stream from the service.
Intreagued, I had a dig around, the service is being hyped by alot of big names. like Tech TV, and the Register. It transpired the service is produced by the founders of the Kazaa (now owned by sharman). the buisness model involves generating a large user base, then imposing a subscription fee on the currently free service.
So what exactly am I winjing about.
Having downloaded the client thats using the trick employed by Napster to avoid responsability of being eternaly in beta realease. I read the EULA, that smacks of Kazaa’s “we can do anything we like with your machine, and no looking too hard at how this little bunny works” i’m para-phrasing of course.Theirs somthing about the client that worrys me.
As a little example in the one day that iv had the client I noticed the installation process takes over the callto: protocol prevously attributed to NetMeeting. by including ” in the username you can execute skype.exe with extra commandline switches.OK in itself this is nothing to worry about but it demonstrates the slightly insecure natue of the client.
Then comes the scary bit…
The service uses Kazza’s ingeinous de-centralised cyclic peer to peer consept, the service dosnt rely on any central server, just as with kazaa any client(with a public IP) can be promoted to “super node” status.When you open skype it connects to its nearest super node. each super node relay data it recives back to your client…
yes, think about it… its just bashed a big hole in your NAT. Sitting on one side of the hole is a clunky IM client thats still in beta. on the other well its another Home user whos security you have no contol over.
Your firewall is allowing all the data on thoses ports (otherwize the client wont work).
and indirectly, everyclient is connected to every other client simoultainiusly.
at the moment the website proudly boasts some 9.3 million downloads
so find an exploit an thats 9.3 million zombie machines…
…or am I just being paranoid?
-
AuthorPosts
- You must be logged in to reply to this topic.