*>>It's also precisely how exploitations begin, not merely DoSes. *
Well then, it's a good thing that none of the other software we use ever behaves like that. *ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> *Exploiting Technology for Business Advantage...* * * On Thu, Dec 30, 2010 at 11:29 PM, Kurt Buff <[email protected]> wrote: > It's also precisely how exploitations begin, not merely DoSes. > > On Thu, Dec 30, 2010 at 14:51, Andrew S. Baker <[email protected]> wrote: > >>>Really? A delay in response causes a crash in client software? Really? > > Isn't that precisely how a DoS works? > > Did you read the whole article or just the summary? The "client" > > software, as you noted before, is operating in P2P mode, so it is both > > client and server software, depending on the type of activity being > > performed at that time. > > While a regrettable problem, it wasn't inconceivable that something like > > this could happen if things lined up right. > > > > ASB (My XeeSM Profile) > > Exploiting Technology for Business Advantage... > > > > > > > > On Thu, Dec 30, 2010 at 5:02 PM, Kurt Buff <[email protected]> wrote: > >> > >> Oh, and I just saw this: > >> > >> http://blogs.skype.com/en/2010/12/cio_update.html: "On Wednesday, > >> December 22, a cluster of support servers responsible for offline > >> instant messaging became overloaded. As a result of this overload, > >> some Skype clients received delayed responses from the overloaded > >> servers. In a version of the Skype for Windows client (version > >> 5.0.0152), the delayed responses from the overloaded servers were not > >> properly processed, causing Windows clients running the affected > >> version to crash." > >> > >> Really? A delay in response causes a crash in client software? Really? > >> > >> I'm glad it's fixed in the newest versions, but wow... > >> > >> Now, I must qualify my concern - I don't care nearly as much about > >> skype on phones - they're not going to live on my production network, > >> and phones running Good software have corporate data relatively well > >> protected. Smartphones will live on a guest network. It's the > >> workstations I'm concerned about. > >> > >> Kurt > >> > >> On Thu, Dec 30, 2010 at 12:25, Andrew S. Baker <[email protected]> > wrote: > >> > What's your main concern with Skype? > >> > What aspect of security is your focus? > >> > > >> > ASB (My XeeSM Profile) > >> > Exploiting Technology for Business Advantage... > >> > > >> > > >> > > >> > On Thu, Dec 30, 2010 at 3:15 PM, Kurt Buff <[email protected]> > wrote: > >> >> > >> >> This is pretty old, but I'm now being forced to allow skype on our > >> >> network, and I'm pretty unhappy about it.. > >> >> > >> >> Ken, is your firm still allowing skype, and if so, can you speak to > >> >> what your security folks did to make themselves happy about allowing > >> >> skype? > >> >> > >> >> Has anyone else here done a security review that gave them a decision > >> >> one way or the other about allowing it? > >> >> > >> >> Kurt > >> >> > >> >> On Thu, Jan 15, 2009 at 08:12, Ken Cornetet < > [email protected]> > >> >> wrote: > >> >> > We are deploying it here to a few users. > >> >> > > >> >> > > >> >> > > >> >> > I’m using group policy to turn off being a supernode, downloads, > >> >> > listening > >> >> > on tcp ports, and 3rd party access to the Skype API. > >> >> > > >> >> > > >> >> > > >> >> > Our security folks reviewed it and are happy. > >> >> > > >> >> > > >> >> > > >> >> > From: Tim Evans [mailto:[email protected]] > >> >> > Sent: Thursday, January 15, 2009 11:01 AM > >> >> > To: NT System Admin Issues > >> >> > Subject: Skype > >> >> > > >> >> > > >> >> > > >> >> > Has anyone looked at Skype recently? We’ve got a client that wants > >> >> > us > >> >> > to > >> >> > use Skype for communications with them. I’ve always been a little > >> >> > leery > >> >> > of > >> >> > using them in a business environment, but looking at it now, I see > >> >> > they > >> >> > have > >> >> > a MSI download for easy deployment and a group policy template for > >> >> > central > >> >> > administration of settings. It all looks pretty cool. While the > >> >> > security > >> >> > guy > >> >> > in me wants to say no, I’m having a hard time finding a reason not > to > >> >> > say > >> >> > OK. > >> >> > > >> >> > > >> >> > > >> >> > I’m curious what the members of this esteemed group think about it > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > …Tim > >> >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
