|| ||Alan Cox <alan-AT-lxorguk.ukuu.org.uk> |
|| ||vvmarko-AT-phy.bg.ac.rs, "Community assistance, encouragement, and advice
for using Fedora." <fedora-list-AT-redhat.com> |
|| ||Re: In the news: Soon to be published, Skype back-door trojan code? |
|| ||Mon, 31 Aug 2009 12:05:28 +0100|
|| ||Article, Thread
On Sun, 30 Aug 2009 11:28:58 +0100
Marko Vojinovic <email@example.com> wrote:
> On Sunday 30 August 2009 09:20:59 Tim wrote:
> > On Sat, 2009-08-29 at 14:09 -0700, Joel Gomberg wrote:
> > > I thought Skype was P2P application
> > Supposedly it is, but with closed source, you've no real idea what it's
> > going to do. Even hacking software to reverse engineer it may only give
> > you a partial picture, particularly if it's convoluted.
> Is there any initiative or attempts to reverse engineer its protocol?
There have been but it uses every malware like trick of the book to self
encrypt and the like. With virtual machines it isn't of course quite so
safe any more.
There are also some other awkward factors
- The person who completely reverse engineers skype probably destroys it.
If you can write a skype client than the spammers can write skype spam
tools as well.
- Skype appears to contain various law enforcement intercept facilities
judging by the evidence - although mostly circumstantial.
- The Skype business model depends upon interoperability not working
(like early instant messaging systems), so you would expect a mix of
protocol changes and thermonuclear level legal responses if the work
was done in the USA or other countries with broken DMCA type laws.
> programming... But surely *someone* does, is there any known attempt to do
I would imagine anyone doing so is keeping fairly quiet - there is big
money on offer from the bad guys for skype trojans, intercepts and
clients, while anyone on the good side fiddling with it faces jail and
harrasment - a fine example of perverse economic incentives.
fedora-list mailing list
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
to post comments)