Skype's encryption is not safe

  • Thread starter logic
  • Start date
  • Tagged users None
logic

logic

Administrator
Staff
6,939
313
Today i found out something very interesting

Skype is vulnerable to VBR leakage regardless of the quality of Skype's built-in crypto. Sadly this also means Gizmo and Google Talk are not the safest VoIP clients to use also.

So the safest way for someone to chat online is to use a VOIP client that supports the zfone plugin.

Whats zfone? it enables AES-256bit encryption on audio and video voip calls

Zfone runs on Windows XP and Vista, both 32-bit and 64-bit versions. Zfone will encrypt audio and video for Apple iChat calls on Mac OS X. Zfone has been tested with these VoIP clients: X-Lite, Gizmo (audio, no video yet), XMeeting, Google Talk VoIP client, Yahoo Messenger's VoIP client (for audio), Magic Jack, and SJphone. It does not work with Skype.

More info: http://zfoneproject.com/prod_zfone.html

Important note:
To make your VoIP client work with Zfone, you will need to open your VoIP client's preference panel and set the SIP port number to 5060.
 
logic

logic

Administrator
Staff
6,939
313
Ive just tested this, manage to get fully encrypted voice chats via ichat(aim) but when i tried video chat it made an error.. i just submitted a bug report...

But for the time being im happy with just using encrytped voice chat :)

I will make a post tomorrow on how to chat on aim/msn and fully encrypt all text chats..
 
K

kill-9

Guest
It is still technically possible to trace user's locations based on the traffic.

http://www.schneier.com/blog/archives/2006/08/skype_call_trac.html

Skype is also owned by Ebay.

The National Security Agency is not shy about approaching companies with backdoors. I would still be wary.

There was OpenWengo, but that was shut down. Shame.

Zfone is indeed your best bet, developed by Phil, and shit, that's the only reference you need. He is what hackers all over the earth strive to be.
 
S

s4m

74
16
hello peep's,

me and me mates use a gaming voip teamspeak.org or the other one is ventrilo.


s4m
 
logic

logic

Administrator
Staff
6,939
313
s4m said:
hello peep's,

me and me mates use a gaming voip teamspeak.org or the other one is ventrilo.


s4m
Click to expand...

But thats still not secure mate, cops can evesdrop.

The only way to voice chat online being secure is to use voip with zfone so it has 256bit aes encryption
 
T

todgerdelburro

Guest
kill-9 said:
It is still technically possible to trace user's locations based on the traffic.

http://www.schneier.com/blog/archives/2006/08/skype_call_trac.html

Skype is also owned by Ebay.

The National Security Agency is not shy about approaching companies with backdoors. I would still be wary.

There was OpenWengo, but that was shut down. Shame.

Zfone is indeed your best bet, developed by Phil, and shit, that's the only reference you need. He is what hackers all over the earth strive to be.
Click to expand...

.... and there keep on being stories 'leaked' to the press about how LEO is getting frustrated at being unable to intercept skype..... :wondering

just yesterday..... http://news.bbc.co.uk/2/hi/europe/7890443.stm

this is the same NSA that gave the worlds governments a secure encryption key for comms, that had a backdoor ... in the Falklands war the US gave the UK the key to all the Argentinians comms.

Never use technology say anything to anybody you do not want a jury to hear.
 
R

RansacktheElder

275
0
kill-9 said:
The National Security Agency is not shy about approaching companies with backdoors. I would still be wary.
Click to expand...

If the NSA wants something they'll get it. Hell, they wired AT&T and Sprint for sound and God knows what else. And that was here in the States!
 
K

kill-9

Guest
RansacktheElder said:
If the NSA wants something they'll get it. Hell, they wired AT&T and Sprint for sound and God knows what else. And that was here in the States!
Click to expand...

There is indeed an AT&T office somewhere in California tapping splicing into the backbone of the internet.



This happened during the Bush Administration, however I wouldn't be surprised if it's still going on.

There are only but a few backbones and root servers on the internet and the NSA has tapped into one of them.

However I do not know if any information has been acquired to prosecute someone. :whew

The NSA notoriously does not like to play nice with the DEA so I think it's more of a terrorism info gathering.
 
R

RansacktheElder

275
0
kill-9 said:
The NSA notoriously does not like to play nice with the DEA so I think it's more of a terrorism info gathering.
Click to expand...

You're correct as far as I know....And that's not much. I figure they gather everything they possibly can for the information, but cannot use most of it on Americans as it would be inadmissible. They won't share it unless they absolutely have to, including inter agency. Super, super, super secret. I wouldn't be surprised by anything from them.
 
thesoftdrugbaron

thesoftdrugbaron

467
18
why are we all not locked up then....? cos they should have enough by now..? lol
 
R

RansacktheElder

275
0
Hmmmm, so that's what happens when I mix vodka and weed. Paranoia. sorry bout that. They're not that all powerful, else we'd have known about 9/11.
 
You must log in or register to reply here.

Latest posts

Top Bottom