In the news: Soon to be published, Skype back-door trojan code?

Marko Vojinovic vvmarko at gmail.com
Mon Aug 31 10:16:11 UTC 2009


On Monday 31 August 2009 00:02:26 Roberto Ragusa wrote:
> People studied Skype:
>
>   http://www.recon.cx/en/f/vskype-part1.pdf
>   http://www.recon.cx/en/f/vskype-part2.pdf
>
> and found that it contains tons and tons of cryptography,
> obfuscation and countermeasures against debugging or reverse
> engineering.
>
> A closed source code like that and with an explicit
> purpose to build a crypted P2P network bypassing firewalls
> with every trick possible is something to be nervous
> about.

But that is just one more reason to reverse-engineer the protocol, teach Ekiga 
to use it, and thus circumvent all malicious things skype is built do to, 
right?

As for the firewalls, using every possible trick to bypass them is a feature, 
in my view. I typically use skype between machines both of which are behind 
some NAT, and it is a Good Thing to be able to do that. I know, it's ugly, I 
have to use third party bandwidth, but it is better than not being able to 
make calls at all. I would wish to see the same thing implemented in Ekiga, 
maybe more people would start using it.

> The code constantly checks itself (this is why it uses a
> lot of CPU) and it decides things it should not (it was
> said that Intel convinced Skype to cripple multiconference
> on AMD CPUs to improve the reputation of Intel CPUs).

Again, if we teach Ekiga to speak skype, we would have a client that is 
faster, less bloated, open source and being able to communicate even with 
those who are ignorant about skype misbehaving.

If we don't, most of us will be pushed to use that misbehaved binary 
ourselves, which is the current situation.

> I'd like a good alternative to Skype, even _without_
> Skype compatibility.

I tried to convince one of my friends to use Ekiga. Other than technical 
problems he grudged about, the main argument against it was that all of his 
contacts already use skype, and don't see the benefit of switching. Therefore, 
he is better off using it as well, than trying to convince them all to switch.

Skype has a very large userbase by now, and it seems that interoperability is 
the only viable strategy of getting Ekiga or some other open source client to 
gain decent userbase. Otherwise people will simply continue to use skype, with 
all its flaws and quirks.

Best, :-)
Marko




More information about the fedora-list mailing list