[liberationtech] NYT report on Obama admin's wiretap plans

Jurre van Bergen drwhax at 2600nl.net
Mon Sep 27 15:21:32 PDT 2010 

Hi, this would be my first post on this list.

Someone back in July claimed to have broken the Skype protocol, he 
didn't release full details yet, but is planning to show how to do it at 
the next CCC congress in Berlin (27c3 this year).

It seems to just use the windows crypto api on windows, and different 
encryption with the java binaries.

http://www.enrupt.com/index.php/2010/07/07/skype-biggest-secret-revealed

More info: http://www.enrupt.com/

j.

On 09/27/2010 11:20 PM, Jacob Appelbaum wrote:
> On 09/27/2010 01:09 PM, Alec Muffett wrote:
>    
>>> Imagine a Skype client that explicitly checks whether a user has an
>>> outstanding wiretap order and, if so, sends a copy of the
>>> conversation to an LEA server somewhere
>>>        
>>
>> Aside:
>>
>> I was listening to recordings of this year's DEFCON, and heard a
>> comment which - if I heard it correctly - suggested that Skype is
>> today known to the community to nowadays be subject to interception.
>>
>> By "Skype" I mean standard, vanilla Skype as opposed to Chinese
>> TOM-Skype or any other Skype software modified pre- or post-install
>> by a third party, eg: the BKA.
>>
>> I mentally related this comment to a conversation that I had several
>> years ago, with an interested party, regarding requirements for Skype
>> to deploy a lawful-interception mechanism for agencies that wanted
>> such; and not just via MITM on a national firewall but a proper,
>> supported, court-order-required mechanism for nations that desired
>> it.
>>
>> My presumption from the DEFCON comment was that this requirement was
>> now both fulfilled and known to the community at large.
>>
>> Would this presumption fit the current public understanding of Skype
>> security?
>>
>>      
> Yeah, of course. Skype isn't secure against a well funded adversary or a
> well informed hacker with a modest amount of resources.
>
> All the best,
> Jake
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>    


-- 
DrWhax - Jurre

http://2600nl.net
http://hspace.2600nl.net

pgp key: 0xCAAA4FB0

More information about the liberationtech mailing list