Re: using Skype, hosted voip, etc. in SMB

On July 25, 2006 06:14 am, Morgan Reed wrote:
The guys at http://www.rstack.org have done quite a bit of work on
Skype (and more particularly Skype security), the Chinese DIDN'T
"crack" the Skype protocol they were simply the first people to
release an alternative client.

Rstack.org's were the first to "crack" the protocol, the details can
be found in Philippe Biondi's and Fabrice Desclaux's blackhat
briefings eu 2006 presentation "Silver Needle in Skype";
http://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-biondi/bh-eu-06
-biondi-up.pdf

Further work was done later into Skype-based botnets, details are
available in Cedric Blancher's "Fire in the Skype" presentation;
http://sid.rstack.org/pres/0606_Recon_Skype_Botnet.pdf


Actully not to belittle team RStack (hi guys, and girls) and their work
but the first analysis I saw of the Skype protocol was the 2004
paper from Salman A. Baset and Henning Shulzrinne at the
CS dept. of Columbia University. This paper started a lot of
other research.

Just to give credit where credit is due.

cheers,
--dr

--
World Security Pros. Cutting Edge Training, Tools, and Techniques
Tokyo, Japan November 27-30 2006 http://pacsec.jp
pgpkey http://dragos.com/ kyxpgp

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Relevant Pages