Skype Rocks

I am going to be interviewed for PaulDotCom tomorrow. One of the conditions of the interview was setting up and using Skype. Paul recommended I buy a headset, so I bought the Plantronics .Audio 90 Analog Headset from Buy.com for less than $25, including shipping.

Next I downloaded the latest Skype software from Skype.com onto my Windows 2000 laptop. I saw there was a net/skype FreeBSD port, but I decided to see how easy the Windows installation was. The process took only a few minutes, including creation of an account. When I started Skype as a non-administrator user I saw the following:



I decided to try the test call. This puts you in touch with an automated user that lets you record a 10 second message. If you can hear your own recording, everything works fine.



Finally I decided to try calling a landline phone user. While Skype-to-Skype calls are free, Skype-to-landline calls require a SkypeOut account and buying Skype Credit. I bought the minimum, $10, and then called my parents.



I chatted with my dad for a few minutes. As an amateur radio operator, he thought Skype was cool. I told him I was calling from my laptop, which was connected to the Internet via 802.11g wireless. The call quality was good. I am impressed by Skype!

If you're interested in how the protocol works, this paper (.pdf) is helpful.

Comments

Anonymous said…
VOIP is definitely the future, but needs some more time to bake in. I am on my second VOIP provider, and have found it difficult to find a VOIP provider with super reliable service. What providers are other folks using?

Thanks for posting the screenshots!
- Ryan
9:13 PM
Anonymous said…
I use Skype for work - dialing into teleconferences is much cheaper with Skype than using my cell phone minutes.

I have Vonage at home and it works really well for me. I've tried iconnecthere and some others for other things but Skype is pretty cool, now with video chat too.

skype me - securityprofessional

- Rocky
10:43 PM
Anonymous said…
one more thing - I recommend not using the Skype "send file" feature for large files, you will find a severe latency imposed by the protocol used. Other than that I have zero complaints about Skype so far.
10:47 PM
Anonymous said…
Skype raises a number of security concerns - proprietary "just trust us" encryption, the whole supernode deal in which your calls may be routed through someone else's machine and/or theirs through yours, etc.

There are lots of ways to do VoIP. As a security professional, I wouldn't recommend getting too enthused about Skype.
12:22 AM
Anonymous said…
I recommend taking a look at jingle :
http://www.saint-andre.com/blog/2005-12.html#2005-12-15T11:51

it's the VOIP extension to the jabber protocol, still experimental, and it's about to be used by google talk. Google will even be participating in its developpement.

Jabber is an effective way to have a private IM (and VOIP when Jingle is impllemented) server. it has support for SSL, and is an open standard.

regards,

- Daniel
4:11 AM
Anonymous said…
the use of other user's machine's (a la peer to peer) for skype to work is of a concern. use tcpview, or your favorite port mapper, once skype is running, to see where skype is routing your traffic through/to and what port(s) is is listening on to accept potentical connections on.....
4:41 AM
Anonymous said…
Wow - you were one of the last people I thought would be giving a thumbs up to Skype.

As head of IT Engineering for a decent size company (3500+), Skype is a constant headache for me. Let's go over some of the reasons I don't like it:

1 - I have no ability to produce call records for audits (we have a perfectly functioning Avaya system with SIP capability, but people still like to use Skype.

2 - The amount of bandwidth it uses is actually pretty impressive. Our main office and WAN point uses multiple T3 lines, and because of that bandwidth, Skype users on our network frequently become super nodes, increasing our bandwidth usage, and leading to....

3 - Skype kills desktop performance if it is left to run for any length of time, thus causing more load on my support team because of users complaining their macines are so slow.

4 - I refuse to support any group / company / cause that so specifically builds a product designed to bypass all security on a corporate network in order to let a peer to peer file sharing system work. There is no good way to block Skype (that I've found, other than turning off the Intranet, which really wouldn't bother me all that much either), and on their website it specifically tells you that it will get by IT department restrictions on your network.

Adding to number 4, they also have this charming little suggestion on their site:

"Ideally, outgoing TCP connections to all ports (1..65535) should be opened... and will not make your network any less secure."

Skype is a disruptive technology, but it's also a pain in the a**. I'd much rather deal with standars based systems that I can easily integrate and upgrade to make sure that I have dependable communications that won't cause any issues down the road, for either my support staff or end users.
6:02 AM
Richard Bejtlich said…
"Head of IT Engineering" -- read this post.
7:03 AM
Post a Comment

Popular posts from this blog

Zeek in Action Videos

Image
This is a quick note to point blog readers to my Zeek in Action YouTube video series for the Zeek network security monitoring project .  Each video addresses a topic that I think might be of interest to people trying to understand their network using Zeek and adjacent tools and approaches, like Suricata, Wireshark, and so on.  I am especially pleased with Video 6 on monitoring wireless networks . It took me several weeks to research material for this video. I had to buy new hardware and experiment with a Linux distro that I had not used before -- Parrot .  Please like and subscribe, and let me know if there is a topic you think might make a good video.
Read more

MITRE ATT&CK Tactics Are Not Tactics

Image
Just what are "tactics"? Introduction MITRE ATT&CK  is a great resource, but something about it has bothered me since I first heard about it several years ago. It's a minor point, but I wanted to document it in case it confuses anyone else. The MITRE ATT&CK Design and Philosophy document from March 2020 says the following: At a high-level, ATT&CK is a behavioral model that consists of the following core components: • Tactics, denoting short-term, tactical adversary goals during an attack; • Techniques, describing the means by which adversaries achieve tactical goals; • Sub-techniques, describing more specific means by which adversaries achieve tactical goals at a lower level than techniques; and • Documented adversary usage of techniques, their procedures, and other metadata. My concern is with MITRE's definition of "tactics" as "short-term, tactical adversary goals during an attack," which is oddly recursive. The key word in the tacti
Read more

New Book! The Best of TaoSecurity Blog, Volume 4

Image
  I've completed the TaoSecurity Blog book series . The new book is  The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship .  It's available now for Kindle , and I'm working on the print edition.  I'm running a 50% off promo on Volumes 1-3 on Kindle through midnight 20 April. Take advantage before the prices go back up. I described the new title thus: Go beyond TaoSecurity Blog with this new volume from author Richard Bejtlich. In the first three volumes of the series, Mr. Bejtlich selected and republished the very best entries from 18 years of writing and over 18 million blog views, along with commentaries and additional material.  In this title, Mr. Bejtlich collects material that has not been published elsewhere, including articles that are no longer available or are stored in assorted digital or physical archives. Volume 4 offers early white papers that Mr. Bejtlich wrote as a network defender, either for technical or pol
Read more