Skype Rocks

I am going to be interviewed for PaulDotCom tomorrow. One of the conditions of the interview was setting up and using Skype. Paul recommended I buy a headset, so I bought the Plantronics .Audio 90 Analog Headset from for less than $25, including shipping.

Next I downloaded the latest Skype software from onto my Windows 2000 laptop. I saw there was a net/skype FreeBSD port, but I decided to see how easy the Windows installation was. The process took only a few minutes, including creation of an account. When I started Skype as a non-administrator user I saw the following:

I decided to try the test call. This puts you in touch with an automated user that lets you record a 10 second message. If you can hear your own recording, everything works fine.

Finally I decided to try calling a landline phone user. While Skype-to-Skype calls are free, Skype-to-landline calls require a SkypeOut account and buying Skype Credit. I bought the minimum, $10, and then called my parents.

I chatted with my dad for a few minutes. As an amateur radio operator, he thought Skype was cool. I told him I was calling from my laptop, which was connected to the Internet via 802.11g wireless. The call quality was good. I am impressed by Skype!

If you're interested in how the protocol works, this paper (.pdf) is helpful.


Anonymous said…
VOIP is definitely the future, but needs some more time to bake in. I am on my second VOIP provider, and have found it difficult to find a VOIP provider with super reliable service. What providers are other folks using?

Thanks for posting the screenshots!
- Ryan
Anonymous said…
I use Skype for work - dialing into teleconferences is much cheaper with Skype than using my cell phone minutes.

I have Vonage at home and it works really well for me. I've tried iconnecthere and some others for other things but Skype is pretty cool, now with video chat too.

skype me - securityprofessional

- Rocky
Anonymous said…
one more thing - I recommend not using the Skype "send file" feature for large files, you will find a severe latency imposed by the protocol used. Other than that I have zero complaints about Skype so far.
Anonymous said…
Skype raises a number of security concerns - proprietary "just trust us" encryption, the whole supernode deal in which your calls may be routed through someone else's machine and/or theirs through yours, etc.

There are lots of ways to do VoIP. As a security professional, I wouldn't recommend getting too enthused about Skype.
Anonymous said…
I recommend taking a look at jingle :

it's the VOIP extension to the jabber protocol, still experimental, and it's about to be used by google talk. Google will even be participating in its developpement.

Jabber is an effective way to have a private IM (and VOIP when Jingle is impllemented) server. it has support for SSL, and is an open standard.


- Daniel
Anonymous said…
the use of other user's machine's (a la peer to peer) for skype to work is of a concern. use tcpview, or your favorite port mapper, once skype is running, to see where skype is routing your traffic through/to and what port(s) is is listening on to accept potentical connections on.....
Anonymous said…
Wow - you were one of the last people I thought would be giving a thumbs up to Skype.

As head of IT Engineering for a decent size company (3500+), Skype is a constant headache for me. Let's go over some of the reasons I don't like it:

1 - I have no ability to produce call records for audits (we have a perfectly functioning Avaya system with SIP capability, but people still like to use Skype.

2 - The amount of bandwidth it uses is actually pretty impressive. Our main office and WAN point uses multiple T3 lines, and because of that bandwidth, Skype users on our network frequently become super nodes, increasing our bandwidth usage, and leading to....

3 - Skype kills desktop performance if it is left to run for any length of time, thus causing more load on my support team because of users complaining their macines are so slow.

4 - I refuse to support any group / company / cause that so specifically builds a product designed to bypass all security on a corporate network in order to let a peer to peer file sharing system work. There is no good way to block Skype (that I've found, other than turning off the Intranet, which really wouldn't bother me all that much either), and on their website it specifically tells you that it will get by IT department restrictions on your network.

Adding to number 4, they also have this charming little suggestion on their site:

"Ideally, outgoing TCP connections to all ports (1..65535) should be opened... and will not make your network any less secure."

Skype is a disruptive technology, but it's also a pain in the a**. I'd much rather deal with standars based systems that I can easily integrate and upgrade to make sure that I have dependable communications that won't cause any issues down the road, for either my support staff or end users.
"Head of IT Engineering" -- read this post.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics