Re: [cryptography] skype backdoor confirmation
Sauer: We answer to this question: We provide a safe communication option available. I will not tell you whether we can listen to it or not. In other words, no evidence there, either. (NB the question is do we have evidence. Not are we inclined to suspect, based on our intuition / religion / ideology / paranoia .) skype can force update itself Skype's auto-update feature can be turned off (at least, every version of Skype I've ever run allows that, including the one I'm running now, 6.3.0.107). At a meeting with representatives of ISPs and the Austrian regulator on lawful interception of IP based services held on 25th June, high-ranking officials at the Austrian interior ministry revealed that it is not a problem for them to listen in on Skype conversations. I agree-this one (from 2008, thus well predating Skype's acquisition by MS) seems categorical. It seems like such an outlier, though, that one wonders whether it's based on a misunderstanding (as so many other reports of Skype can be monitored have been (usually because they're referring to monitoring one of the endpoints, not in-line interception)). I'm totally not asserting Skype is uncrackable (anything can be cracked, with enough computing power)-just looking for a smoking gun, or even a gun, or even smoke, or even a bullet-hole, or even a bullet casing, or even unused ammo, or anything vaguely evidence-like. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] skype backdoor confirmation
Sauer: We answer to this question: We provide a safe communication option available. I will not tell you whether we can listen to it or not. In other words, no evidence there, either. (NB the question is do we have evidence. Not are we inclined to suspect, based on our intuition / religion / ideology / paranoia .) skype can force update itself Skype's tools - options allows the auto-update feature to be turned off (I'm running 6.3.0.107). At a meeting with representatives of ISPs and the Austrian regulator on lawful interception of IP based services held on 25th June, high-ranking officials at the Austrian interior ministry revealed that it is not a problem for them to listen in on Skype conversations. I agree-this one (from 2008, thus well predating Skype's acquisition by MS) seems categorical. It seems like such an outlier, though, that one wonders whether it's based on a misunderstanding (as so many other reports of Skype can be monitored have been (usually because they're referring to monitoring one of the endpoints, not in-line interception)). I'm totally not asserting Skype is uncrackable (anything can be cracked, with enough computing power)-just looking for a smoking gun, or even a gun, or even smoke, or even a bullet-hole, or even a bullet casing, or even unused ammo, or anything vaguely evidence-like. One option could be some sort of individual-forced-update, i.e. perhaps MS could be forced by an LEA to forcefully-update (even overriding the user-set no updates) a particular user's Skype client to make it surveillable. We know that the compromising an (insecure) update channel is one of the mechanisms used by e.g. Gamma's FinFisher. This would mean surveillability functionality wouldn't be built in to the normal Skype and thus couldn't be detected. And obviously, the lack of open-source-ness of the code would preclude understanding whether our belief that we can turn off updates is wrong. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography