In the news: Soon to be published, Skype back-door trojan code?
Daniel B. Thurman
dant at cdkkt.com
Sat Aug 29 21:21:37 UTC 2009
On 08/29/2009 02:09 PM, Joel Gomberg wrote:
> On 08/29/2009 12:56 PM, Bruno Wolff III wrote:
>> On Sat, Aug 29, 2009 at 12:30:53 -0700,
>> "Daniel B. Thurman"<dant at cdkkt.com> wrote:
>>>
>>> [perhaps off topic, but interesting security implications?]
>>
>> Yeah, don't let LE install trojan software on machines you use.
>>
>>> I wonder if backdoors are installed to comply with
>>> government& law enforcement requirements. In the US,
>>
>> The Skype backdoors that have been covered in public (recently and in
>> the
>> past) that I have seen have all been additional software installed by LE
>> on the victum's machine, not something specifically built into Sykpe.
>> Since
>> calls are dispatched through central servers and Skype is a US company,
>> presumably call record information is being captured by the US, en
>> masse. Some
>> other governments probably also get easy access to this data.
>
> What do you mean when you say that "calls are dispatched through
> central servers?" I thought Skype was P2P application:
>
> http://www.skype.com/intl/en/help/guides/p2pexplained/
>
> They say they use a global index with a decentralized user directory,
> but I have no idea what this means in practice. When you talk about
> call record information being captured, do you mean summary records or
> recordings? I would find it much easier to believe the former than
> the latter.
>
I would presume that once a call record is given,
it leads to the source of everything else when
requested by the authorities or anyone else
with a judge's authorization? The sticking point
in this arrangement, I think, allows the authorities
to "peek" legally, and if enough [criminal] information
is obtained from this call record, to pursue further
information a with FISA, court order, or "by some other
classified [spook?] means"?
More information about the fedora-list
mailing list