Re: Skype use obligation - Security x Productivity

To:	"M.B.Jr." <marcio.barbado@gmail.com>
Subject:	Re: Skype use obligation - Security x Productivity
From:	Cedric Blancher <blancher@cartel-securite.fr>
Date:	Tue, 17 Jul 2007 08:08:41 +0200
Cc:	pen-test list <pen-test@securityfocus.com>
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	pentest-list2@consult.net
Delivered-to:	mailing list pen-test@securityfocus.com
Delivered-to:	moderator for pen-test@securityfocus.com
In-reply-to:	<2df3b0cb0707161456j4363b7e4hd06f20854b1fddbc@mail.gmail.com>
List-help:	<mailto:pen-test-help@securityfocus.com>
List-id:	<pen-test.list-id.securityfocus.com>
List-post:	<mailto:pen-test@securityfocus.com>
List-subscribe:	<mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list:	contact pen-test-help@securityfocus.com; run by ezmlm
Organization:	Cartel
References:	<2df3b0cb0707161456j4363b7e4hd06f20854b1fddbc@mail.gmail.com>
Resent-date:	Tue, 17 Jul 2007 22:57:51 -0600 (MDT)
Resent-from:	pen-test-return-1078484610@securityfocus.com
Resent-message-id:	<20070718045751.E66C7145193@outgoing2.securityfocus.com>
Resent-sender:	listbounce@securityfocus.com
Sender:	listbounce@securityfocus.com

Le lundi 16 juillet 2007 à 18:56 -0300, M.B.Jr. a écrit :
> What to do? Risk their efforts in obtaining ISO certification?
> Guess we need to hear some other professionals.

Some useful informations on Skype:
        . http://secdev.org/conf/skype_BHEU06.pdf
        . http://recon.cx/en/f/vskype-part1.pdf
          http://recon.cx/en/f/vskype-part2.pdf
        . http://sid.rstack.org/pres/0610_Hacklu_Skype_Botnet.pdf

My main concern regarding Skype is the Skype API that allows
applications to use Skype as an overlay network, bypassing any network
security policy.
However, Skype has providing an "enterprise" client to which you can
push policies, disabling lots of features. Never tried it, but might
worth having a look.


-- 
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/c/wf-spi
------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Skype use obligation - Security x Productivity, (continued) Re: Skype use obligation - Security x Productivity, Justin Ferguson Re: Skype use obligation - Security x Productivity, Roland Dobbins Re: Skype use obligation - Security x Productivity, Javier O. Augusto RE: Skype use obligation - Security x Productivity, Pretorius, Wynand (ZA - Johannesburg) Re: Skype use obligation - Security x Productivity, M . B . Jr . Re: Skype use obligation - Security x Productivity, Roland Dobbins Re: Skype use obligation - Security x Productivity, M . B . Jr . Re: Skype use obligation - Security x Productivity, Mister Dookie Re: Skype use obligation - Security x Productivity, Javier Reyna Padilla RE: Skype use obligation - Security x Productivity, Pradeep-Kumar . Karavadi Re: Skype use obligation - Security x Productivity, Cedric Blancher <= RE: Skype use obligation - Security x Productivity, aSEC Re: Skype use obligation - Security x Productivity, Doug Schlachta

Previous by Date:	Re: Skype use obligation - Security x Productivity, Javier Reyna Padilla
Next by Date:	Re: Skype use obligation - Security x Productivity, Doug Schlachta
Previous by Thread:	RE: Skype use obligation - Security x Productivity, Pradeep-Kumar . Karavadi
Next by Thread:	RE: Skype use obligation - Security x Productivity, aSEC
Indexes:	[Date] [Thread] [Top] [All Lists]