Sauer: We answer to this question: We provide a safe communication option available. I will not tell you whether we can listen to it or not.
In other words, no evidence there, either. (NB the question is "do we have evidence." Not "are we inclined to suspect, based on our intuition / religion / ideology / paranoia .") skype can force update itself Skype's "tools -> options" allows the auto-update feature to be turned off (I'm running 6.3.0.107). "At a meeting with representatives of ISPs and the Austrian regulator on lawful interception of IP based services held on 25th June, high-ranking officials at the Austrian interior ministry revealed that it is not a problem for them to listen in on Skype conversations. I agree-this one (from 2008, thus well predating Skype's acquisition by MS) seems categorical. It seems like such an outlier, though, that one wonders whether it's based on a misunderstanding (as so many other reports of "Skype can be monitored" have been (usually because they're referring to monitoring one of the endpoints, not in-line interception)). I'm totally not asserting Skype is uncrackable (anything can be cracked, with enough computing power)-just looking for a smoking gun, or even a gun, or even smoke, or even a bullet-hole, or even a bullet casing, or even unused ammo, or anything vaguely evidence-like. One option could be some sort of individual-forced-update, i.e. perhaps MS could be forced by an LEA to forcefully-update (even overriding the user-set "no updates") a particular user's Skype client to make it surveillable. We know that the "compromising an (insecure) update channel" is one of the mechanisms used by e.g. Gamma's FinFisher. This would mean surveillability functionality wouldn't be built in to the "normal" Skype and thus couldn't be detected. And obviously, the lack of open-source-ness of the code would preclude understanding whether our belief that we can turn off updates is wrong.
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography