Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Skype's security credentials have been called into question by a developer who claims to have released a software library that emulates an encryption algorithm used by the popular VoIP service.Sean O'Neill, best known for designing the EnRUPT hash algorithm, has released program code which emulates the RC4 algorithm used by Skype to encrypt communications over its network.Skype is widely used in home and business environments, and the company guards its source code fiercely.This has led to numerous attempts to crack the encryption algorithm which would result in conversations being deciphered to 'plaintext'.An initial analysis of the code appears to show that O'Neill's solution is a partial exposure of Skype's privacy measures.However, given the resourceful nature of hackers, a small crack could expand into a gaping fissure in a relatively short space of time.The developer has decided not to reveal further details of his exploits until his presentation at the respected Chaos Communication Congress in December.Until then, O'Neill has uploaded his code allowing other hackers to test and potentially carry on his hard work.The wait until O'Neill reveals the extent of his breach of Skype's encryption could result in firms thinking twice before they use the application.However, Skype hit back at O'Neill in a strongly worded statement. The firm said it was proud of its software's security and that the hacker's efforts "in no way" compromises this."We believe that the work being done by Sean O'Neil, who we understand was formerly known as Yaroslav Charnovsky, is directly facilitating spamming attacks against Skype and we are considering our legal remedies," the statement continued."Whilst we understand the desire for people to reverse engineer our pro tocols with the intent of improving security, the work done by this individual clearly demonstrates the opposite.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.