Skype, a security risk for corporate networks?

16 thoughts on “Skype, a security risk for corporate networks?”

  1. Om,

    I spoke to Dmitry after some comments on your news making post was made. Here are his comments:

    “1. We at Popular Telephony didnít write the article. I just said what I think and it is fact, not fiction.

    2. In his response, in no way Mr.Kowalczuk is explaining why Skype is not a problem. Instead he is only saying that we can not be the source of the information. So is that information wrong only because we said it or it is really wrong? If it is wrong – that begs the question where, not if?

    3. We are not the hackers and our business is not to exploit Skypeís problems. But if Mr.Kowalczuk wants to talk with us, we can explain to him how he himself can write the code to exploit the vulnerability in Skype, which is fairly simple for him to do.

    4. If CERN sees the problem in Skype policy it’s because of the problem in the architecture which reflects in Skype policy.

    5. We are not a Skype competitor and we said Skype is very nice program for users to use, it is just not to be used in Corporate networks. Never ever due to the security issues it creates.

    6. Skype creates the problem not because it has produced the vulnurable program but because it has a lot of downloads every one of which can be used to attack a corporate network. How? We can explain to Mr.Kowalczuk in more details but it is not our business to do so.”

    I hope this helps.

  2. Om – ” but to me if it is not good for CERN, then it cannot be good for any one.” – Skype is not a CERN product – it’s a communication/entertainment product – it’s a Nokia fascia and ringtones product – it’s a lifestyle product. Skype will be fine.

    Also I’m afraid the article just points out the problems with firewalls – they don’t protect you unless everything behind them is also locked down – there are going to be 2 worlds – the pseudo secure, locked down IS department corporate world, and the wide-open, roll-your-own-defences, communication is more important than security world.
    Zennstrom can release a corporate skype if/when he wants -but thats’ not where the current change is happening
    Jim

  3. Hackers can use the voice stream (which is nothing but data) to bypass firewalls and create havoc on the corporate networks. ìYou can break the whole corporate network in a matter of minutes,î
    This seems easier said than done…

  4. sure marcelo, it is easier said than done for us mere mortals. but hackers are known to waltz into nasa networks quite easily, so for them, the gods of geekdom, this would be a fairly easy trick to pull

  5. actually guys all of you make good points, and i think there is something there. i am trying to find out and hopefully by end of all this it will all be clearer – whether it is a risk or not. i think it is only going to be fair to talk to skype and have them say what really is the story.

  6. Cool find! Minor correction (to keep Om hip with the non-tech culture trends) –
    Skype, like Britney Spears Lindsay Lohan is everywhere.
    Sorry to nitpick, but Lindsay Lohan really is Hollywood’s IT girl right now. You need only look as far as ones…

  7. hey nick – i am an avid gossip hound but “problems” part of britney spears saga was the reason i used her to compare with skype. and if you catch the “tongue in cheek” catiness, you know i am sort of predicting the skype future. 🙂

  8. some intrusion via data-stream is obviously possible but (it depends on what the heck that stream is and what the heck you mean by intrusion)
    the damage comes when you utilize that data-stream for manipulating any insider(like some trojan).
    elaborate yet not so exotic method.
    if our case is a network where data-streams are looked upon as suspects then the hosts ought to have -already- been secured anyway.
    That’s why this debate isn’t something for Skype company to worry about.

This site uses Akismet to reduce spam. Learn how your comment data is processed.