User: Password:
|
|
Subscribe / Log in / New account

A trojan for Skype

A trojan for Skype

Posted Sep 3, 2009 17:53 UTC (Thu) by droundy (subscriber, #4559)
In reply to: A trojan for Skype by Tet
Parent article: A trojan for Skype

Also note that a SELinux policy is unlikely to keep skype from sending audio and video even when you aren't on the network... it's not just your calls that might be compromised, but anything you mention (or do) in the presence of a computer running skype. Of course, network usage is likely to give this away, unless a trojan were to store up data and send it during a call...


(Log in to post comments)

A trojan for Skype

Posted Sep 4, 2009 20:42 UTC (Fri) by Tet (subscriber, #5433) [Link]

a SELinux policy is unlikely to keep skype from sending audio and video even when you aren't on the network... it's not just your calls that might be compromised, but anything you mention (or do) in the presence of a computer running skype

That's not really true. A decent policy can prevent a rogue skype process from reading files that it has no business reading, so the only things it should be able to transmit is data it already has (e.g. the audio of your call)

A trojan for Skype

Posted Sep 5, 2009 19:25 UTC (Sat) by oak (guest, #2786) [Link]

> so the only things it should be able to transmit is data it already has
(e.g. the audio of your call)

If it's allowed to read the mic for the call, why it couldn't eavesdrop
you always?

A trojan for Skype

Posted Sep 14, 2009 11:11 UTC (Mon) by robbe (subscriber, #16131) [Link]

> If it's allowed to read the mic for the call, why it couldn't eavesdrop
> you always?

You could probably modify your policy on the fly to allow/deny access to
the microphone device. But I guess soldering a switch to the microphone
cable would be a better UI.

But as an X app it has a lot of means to snarf information, anyway ... or
is X-ACE already sufficiently deployed?

I think the best option today is a VM sandbox. Or a free alternative.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds