Why security and trust is important.
[politics on]
I rethinking all of this.
In other words, Skype got caught in Egypt to provide not SAME level of security for all skype users.
Think something about not viruses or trojans or local audio channel compromise.
But about MITM attack with uncorrected signed by skype CA suspected users 'skypename' certificate. For allow Man-in-the-middle attacks.
Or better way.
Signed by Skype 'minor update' which contain government spyware code for monitor dissident activity(and stealing they private keys and/or skype passwords). Even more, it not should be a 'signed spyware', but voice codec, with security hole, or something like that. Big brother calling you. Oops. You got owned. Ha-ha!
This is major security breach in encryption infrastructure. Which apparently they allow it. And now was down for this 'unfair' action.
C'est la vie.
P.S. I bet what they 'playing to the end'(endgame) with they 'high prices' eyesdropping solutions.
Which they start providing since Facebook and Twitter revolutions or even more early.
[politics off]
P.S.
So, yet some facts to thinks about Skype Inc(main RSA secret of PKI) - Certificate Authority private key - Compromised.
Compromised by owners.
For money.
[politics on]
I rethinking all of this.
In other words, Skype got caught in Egypt to provide not SAME level of security for all skype users.
Think something about not viruses or trojans or local audio channel compromise.
But about MITM attack with uncorrected signed by skype CA suspected users 'skypename' certificate. For allow Man-in-the-middle attacks.
Or better way.
Signed by Skype 'minor update' which contain government spyware code for monitor dissident activity(and stealing they private keys and/or skype passwords). Even more, it not should be a 'signed spyware', but voice codec, with security hole, or something like that. Big brother calling you. Oops. You got owned. Ha-ha!
This is major security breach in encryption infrastructure. Which apparently they allow it. And now was down for this 'unfair' action.
C'est la vie.
P.S. I bet what they 'playing to the end'(endgame) with they 'high prices' eyesdropping solutions.
Which they start providing since Facebook and Twitter revolutions or even more early.
[politics off]
P.S.
So, yet some facts to thinks about Skype Inc(main RSA secret of PKI) - Certificate Authority private key - Compromised.
Compromised by owners.
For money.
you are too clever to been russian hacker from village... how drives you?
ReplyDeleteYes, there must be a reason why MS wanted to pay 2x what Facebook and Google offered.
ReplyDeletehahaha... some time ago Google got Gizmo. And now Gizmo closed. Its just for client database ;)
ReplyDeleteMay be we should think about zfone..
ReplyDeleteI like this. Eyesdrop on eyesdroppers.
ReplyDeleteSkype was not approved to run on Linux Debian because itś 'black box' kind libraries and not well behaviored code. Linux deserves a program that can handle that protocol safely.
ReplyDeleteSomeone? http://jitsi.org/
ReplyDeleteThis one looks nice - http://ekiga.org/
ReplyDeleteEkiga also have zfone. So, calls can be easy encrypted via pgp.
ReplyDeleteSee this:
https://help.ubuntu.com/community/Ekiga#line-338
GNU free call
ReplyDeleteMaking ekiga support skype's protocol would quite awesome !
ReplyDeleteYep.
ReplyDeleteif you’re so smart and awesome, why don’t you create your own open source YAVIPS (Yet Another VoIP Service)?
ReplyDeletestop fucking with skype
There wasn't any news for almost one month. Are you going to continue working on this project?
ReplyDeleteYes, i will do.
ReplyDeleteThere are not uch people capable of doing such hard work, I wish you the best luck. Beeing able to rely completely on open-source software is always a great thing, in order to be a little bit more secure from government repression.
ReplyDeletePort Ekiga to iPhone and Android, and make it work without playing with firewall settings, then people will switch.
ReplyDeleteAlso, censorship is bad, so keep reverse engineering their protocol. The DMCA was unconstitutional, and was a greedy, corporate law. If it were around in 1980, there'd be no PC at your desk. :)
EA reverse engineered the Sega Genesis, without EA doing that they would have never become the gaming company they are today. Keep up the good work.
ReplyDelete@Zach
ReplyDelete@Anonymous
Thanks. Nice to hear.
Reverse engineering Skype was something I've thought of doing myself but never got the time to do it. I probably wasn't motivated enough either.
ReplyDeleteI really hope you manage to see it through so we can have open source Skype and open source clients for everyone.
I might even be able to help but I need to quit my job for that... We'll see.
Best of luck to you.
@Purple
ReplyDelete>"but I need to quit my job for that"
Oh, this is not need. Just donate some bucks if you want to help. Or try to learn code at weekends.
Congrats, do not give up reverse engineering is difficult and complicated.
ReplyDeleteWhy don't you try the moneybookers donate button ( you can find links on google ).
ReplyDeleteOr even with that webmoney you have, couldn't it be simpler ? Like a button or something ? So that I can enter the sum and just send it ? While I do like reverse engineering in real life I like KISS :D
@Purple
ReplyDeleteThanks for you comment. I added moneybookers now.