On May 31, 2007, at 5:21 AM, Russell McMahon wrote: >> I have to ask What Skype tendencies???? >> Hadn't heard anything bad, so never looked. > > Skype is an aggressive secret sharer of your resources. As such it is > also a major *potential* security risk although I'm not aware of > anyone yet having used it's abilities for even more nefarious > purposes. It knows how to 'tunnel' many firewalls unannounced and > undetected and as new protections are put in place, some especially > targeted to curb its proclivities, it learns distressingly quickly (no > doubt courtesy of its dark masters) how to overcome the new obstacles. > Not quite up to Skynet capabilities yet but not through want of trying > or desire. Early Skype used TCP connections out from inside NAT to any "available" Skype node run by anyone to "bounce" through, meaning that with the proper tools, the person you're bouncing through (or anyone with access to their network) could intercept and listen to your call, etc. They did seem to switch over to a model where they provide some very high bandwidth servers for this purpose instead of using random Skype nodes "near" you on the Internet when they got bigger, but I think the functionality is still there as a fall-back. I haven't monitored Skype traffic for a while now to see what it's been up to lately. > Once it finds its way to the world it can establish a supernode, using > your system as a P2P routing point for others' traffic. How much is > does this and how much say you have in the matter is hotly debated - > including on this list in the relatively recent past, but as it makes > every effort to avoid or fool the normal monitoring systems, any > claims as to what it does or doesn't do should be judged with care and > after taking note of the tools and credentials of the claimants. It's not THAT hard to spot it... you do have to have knowledge of how your firewall/network is configured and know where and how to look. > [[In > that context, I'm me and I've used no tools at all and have never run > Skype and will try very hard to never do so - so you have to take the > word of the people "out there" who have convinced me. I leave it as an > exercise to the student to find these people and to be similarly > convinced :-).]] You have the ability to make a supernode voluntarily > and may or may not have the ability and right to not do so. Yep. > Anything is does do is no doubt permitted by you by your having agreed > to its fine print. Yep. > If you don't want to use Skype on a given occasion you may elect not > to run it, but this is no guarantee that it will not want to use you > (or your system) and choose to run you (or your system). If it does do > so don't expect it to tell you and don't expect to be able to easily > determine that it is doing so. On Windows perhaps. Pretty easy to find it doing things on any other (sane) operating system where the sysadmin can easily see resource utilization. Windows mistakenly allows applications to "hide" what they're doing a little more, but it's still easy to spot Skype behaving badly on Windows with the right tools, of course. > Skype was designed and is still AFAIK operated and ongoingly developed > by the people who brought the original super P2P file sharing system > to the net. It knows what it is. Makes sense. Yep. > Any of the above which sounds like advanced (or standard) paranoia may > be checked on using the don't-be-evil search engine. LOL! I got a sweet deal on a Polycom Skype Communicator, which can also be used for other things besides Skype now. The audio quality (disclaimer, I work for Polycom, but not in anything related to this product, so I'm not "advertising" for them when I say this) is really amazing for such a small "speakerphone" like device. They're kinda fun... "evil" Skype or no. You can also use the devices nowadays with other VoIP applications, or just as a nice mono speaker for playing tunes from a laptop, if you like... nifty toy. Not sure I'd want to spend the price "we" get for them retail, unless I really needed one... but they're fun to play with, nevertheless. Must be some pretty smart DSP-heads doing that echo-cancellation and audio quality code in the speakerphone engineering groups... -- Nate Duehr nate@natetech.com -- http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist