Dragan on Security

Interesting article about this at PC Pro:

Swiss authorities are investigating the possibility of tapping VoIP calls, which could involve commandeering ISPs to install Trojan code on target computers.

VoIP calls through software services such as Skype are encrypted as they are passed over the public Internet, in order to safeguard the privacy of the callers…

Read full article here.

This is interesting: suddenly ZoneAlarm firewall, installed on my computer, announced that Skype.exe is trying to transmit e-mail message. I haven’t been doing anything with Skype at moment. I didn’t ask Skype to send any messages.

What do you think, should I allow this? Certainly not, but how it happened that Skype come to position to send mail without my knowledge?

There are reports that, with newest version of Skype 1.3.0.66, Norton Internet Worm Protection issues security alert saying that it detects Skype as Worm, asking user if he wants to permit remote access to his computer. Advice says that user should allow access if he uses it, among others purposes, for instant messaging.

But what causes users to worry about this is statement from CERN Security policy (quote from CERN Web site (http://security.web.cern.ch/security/skype/):

Restrictions on running Skype P2P software at CERN

Skype P2P telephony software violates CERN’s Computing Rules by bypassing firewall protections and offering services to others. For information, the privacy policy linked from the bottom of their home page, says:

“From time-to-time your computer may become a Supernode. A Supernode is a computer running Skype Software that has been automatically elevated to act as a hub. Supernodes may assist in helping other users to communicate or use the Skype software efficiently. This may include the ability for your computer to help anonymously and securely facilitate communications between other users of the Skype Software who, due to network and firewall constraints, cannot establish direct connections.”

Security policy article on CERN’s site has been last updated on Friday, 18. February 2005. However, previous version of Skype doesn’t seem to generate this clash with Norton Antivirus software. Now, you can see many times NAV worm warning and you’ll be asked if you want to permit or block access. It might be pretty boring at least, but also it might be security concern.

There is interesting article about Voice over IP (VoIP) Sniffer and Call Detector at: http://www.enderunix.org/voipong/
It is stated there that VoIPong is a utility which detects all Voice Over IP calls on a pipeline, and for those which are G711 encoded, dumps actual conversation to seperate wave files. It supports SIP, H323, Cisco’s Skinny Client Protocol, RTP and RTCP.
Quote from site:

It’s been written in C language for performance reasons, proved to be running on Solaris, Linux and FreeBSD; though it’s thought to compile and run on other platforms as well.

On a 45 Mbit/sec actual network traffic, it’s been verified that VoIPong successfully detected all VoIP gateways and the VoIP calls. CPU utilization during the run has been found ranging between 66% - 80% on a 256MB RAM, Celeron 1700 Mhz Toshiba notebook.

Features

Produces real .Wav files for direct audio hearing.
Simple, optimized, extandable fast code
The algorithm doesn’t depend on signalling but on RTP/RTCP
Detailed logging. (Comfortable for ‘cut’ and ‘cat’ operations to produce statistics.)
Powerful management console interface
Easy installation and administration
Easy debugging.

Note: Thanks to Robert B. who pointed me to this tool.