Re: Fwd: Anyone make any sense out of this skype hack announcement?

[Peter Gutmann]

Christian Collberg collb...@gmail.com writes:

I don't know if the new crack reveals anything new. We have a writeup about 
the Skype protection techniques in Surreptitious Software, our book on 
security-through-obscurity. (Sorry for the blatant self-promotion).

No need to apologise, it's a damn good read.  For people not familiar with it, 
the title is a bit misleading (it sounds like a book about malware), it's 
actually a book on software obfuscation and tamperproofing, IMHO it's the 
definitive reference on the topic.

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: Anyone make any sense out of this skype hack announcement?

[Tom McGhan]

According to Steve Gibson, on his Security Now! podcast, episode 0x0100:
http://wiki.twit.tv/wiki/Security_Now_256
the supposed hack was a case of reverse engineering to reproduce the internal
keys and initialization vectors  needed to build a Skype-compatible client, and 
not a break
of RC4 per se.

The loong podcast, 1 hour 54 minutes, is at 
http://media.grc.com/sn/sn-256.mp3
The Skype crack discussion lasts a bit more than 7 minutes,
starting around the 33:00 time mark.

A transcript is posted here:
http://www.grc.com/sn/sn-256.pdf
The discussion starts on page 12, paragraph 4.


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Fwd: Anyone make any sense out of this skype hack announcement?

[Christian Collberg]

The skype client was reverse engineered several years ago:

@inproceedings{biondi06silver,
  title = {Silver Needle in the Skype},
  author = {Philippe Biondi and Fabrice Desclaux},
  note = 
\url{www.blackhat.com/presentations/bh-europe-06/bh-eu-06-biondi/bh-eu-06-biondi-up.pdf},
  booktitle = {Black Hat Europe},
  month = Feb-Mar,
  year = 2006
}

I don't know if the new crack reveals anything new. We have
a writeup about the Skype protection techniques in
Surreptitious Software, our book on security-through-obscurity.
(Sorry for the blatant self-promotion).

Christian Collberg
Univ. Arizona

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: Anyone make any sense out of this skype hack announcement?

[Steve Furlong]

 I don't know if the new crack reveals anything new. We have
 a writeup about the Skype protection techniques in
 Surreptitious Software, our book on security-through-obscurity.
 (Sorry for the blatant self-promotion).

I appreciate the self-promotion. My only request is that you include
ISBN, link to your home page, and so on.

Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing
for Software Protection
Christian Collberg, Jasvir Nagra
Paperback, 792 pages
Addison-Wesley Professional; August 3, 2009
ISBN-10: 0321549252
ISBN-13: 978-0321549259

-- 
Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Anyone make any sense out of this skype hack announcement?

[Perry E. Metzger]

I got pointed at this, and it is written unclearly enough that I have
no idea what to make of it:

http://www.enrupt.com/index.php/2010/07/07/skype-biggest-secret-revealed

-- 
Perry E. Metzgerpe...@piermont.com

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com