Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Friday, January 25, 2013

Skype calls purportedly being tapped, Skype-based malware spreads - TechSpot

The latest ding against the Microsoft-owned company comes from Reporters Without Borders’ online censorship project leader GrĂ©goire Pouget, who told The Verge, “Many journalists or activists have reported to us that their Skype communications have been intercepted.”

[An] open lettered issued to Skype is requesting that the IP-based communications company re-affirm and better explain its commitment to privacy, particularly when it comes to chat logs, eavesdropping and local data retention.

Once an Estonian-based company before it was courted by eBay and changed hands to Microsoft, Skype is now thought to be subject to U.S-based telecommunications laws.  Regulations like the Communications Assistance for Law Enforcement Act (CALEA) impose certain requirements which essentially guarantee that Skype is capable of eavesdropping—something the company explicitly denied was possible before its Microsoft acquisition in 2008.

The letter also asks that Skype periodically publish a “transparency report”—a common way of sharing who’s requesting what data and how often a company complies, along with other usage details and statistics.

Just a week ago, it was discovered that a trojan-banker malware named “Shylock” has been updated to infect users through Skype by exploiting a security flaw in the software.  The malware essentially gives attackers full access to a PC, allowing them to upload and execute files, set up remote viewing programs like VNC and inject custom HTML into websites.


Posted on 01/25