Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Eavesdropping On Google Voice and Skype

Soulskill posted more than 5 years ago | from the can-i-hear-you-now dept.

Communications 62

Simmons writes with news of research that demonstrated vulnerabilities in Skype and Google Voice that would have allowed attackers to eavesdrop on calls or place unauthorized calls of their own. "The attacks on Google Voice and Skype use different techniques, but essentially they both work because neither service requires a password to access its voicemail system. For the Skype attack to work, the victim would have to be tricked into visiting a malicious Web site within 30 minutes of being logged into Skype. In the Google Voice attack (PDF), the hacker would first need to know the victim's phone number, but Secure Science has devised a way to figure this out using Google Voice's Short Message Service (SMS). Google patched the bugs that enabled Secure Science's attack last week and has now added a password requirement to its voicemail system, the company said in a statement. ... The Skype flaws have not yet been patched, according to James." Reader EricTheGreen contributes related news that eBay may sell Skype back to its original founders.

cancel ×

62 comments

Sorry! There are no comments related to the filter you selected.

fp (-1, Troll)

Anonymous Coward | more than 5 years ago | (#27549257)

can you hear me now? Good. Eat my asshole, fag!

Not nearly as interesting as you'd expect (4, Interesting)

BadAnalogyGuy (945258) | more than 5 years ago | (#27549277)

Unlike security vulnerabilities that gain access to your files and keyboard, this only gets access to your phone calls. This means that the hackers would need a very powerful machine to both monitor and save important calls and a means of automating the scanning of calls.

It's simply not cost effective to listen in on every call. It's much better to gain file or keyboard access and let Perl scan the logs for interesting data.

Re:Not nearly as interesting as you'd expect (5, Funny)

Anonymous Coward | more than 5 years ago | (#27549435)

Surely it would be trivial to pipe the calls through some voice recognition software? Then do a text search for 'credit card', 'creedal car', and maybe 'cricket Karl'.

Re:Not nearly as interesting as you'd expect (1, Interesting)

Anonymous Coward | more than 5 years ago | (#27549677)

Seriously, though even if your voice recognition software just looked for digits and then passed off segments of conversation that included a long string of digits to a human for further analysis. You'd get a lot of false positives (phone numbers, etc) but you'd at least exclude most casual conversations. If you want to data mine more accurately, just look for exactly 16 digits given over N seconds and make sure they form a valid CC with check digit, etc.

Re:Not nearly as interesting as you'd expect (1)

bhiestand (157373) | more than 5 years ago | (#27553999)

Seriously, though even if your voice recognition software just looked for digits and then passed off segments of conversation that included a long string of digits to a human for further analysis. You'd get a lot of false positives (phone numbers, etc) but you'd at least exclude most casual conversations. If you want to data mine more accurately, just look for exactly 16 digits given over N seconds and make sure they form a valid CC with check digit, etc.

And the point of all of this is to get a bunch of silly credit card numbers? You REALLY think this would be a profitable attack? It's not exactly "trivial" to run a huge mass of voice through voice recognition with a high enough accuracy to make this useful. Then after that, you end up with a bunch of credit card numbers, and not necessarily a name or expiration date... when there are already a ton of credit card numbers out there that are never used for fraud.

No, attacks like this are far more useful for targeted attacks. If you know Senator Kennedy uses Skype, and you know a way to get him to click on a malicious site (perhaps a specific attack on his system and editing the hosts file to force google.com to redirect to your server that mirrors google.com and adds an attack in), then you may have a chance of eventually intercepting some sort of highly valuable information... like a senator making appointments with fetish sex providers, secret gay lovers, etc. Now a digital copy of that kind of conversation could be worth millions... in blackmail or in sales to fox news/hustler/playboy/media outlets.

Re:Not nearly as interesting as you'd expect (0)

Anonymous Coward | more than 5 years ago | (#27563743)

I'd like to add that there is no reason the data needs to be processed immediately. You could just save all the data to a server and process it later at your leisure.

Re:Not nearly as interesting as you'd expect (2, Insightful)

Jurily (900488) | more than 5 years ago | (#27549471)

It's simply not cost effective to listen in on every call.

It's most likely not every call. Just by those on the List.

Re:Not nearly as interesting as you'd expect (3, Interesting)

RulerOf (975607) | more than 5 years ago | (#27549545)

It's most likely not every call. Just by those on the List.

Now that you mention it, I actually pay $5 a month for an identical service from a company called Callwave, [callwave.com] and their voicemail transcription services aren't 100% unlimited unless you pay for a pretty high tier of service. Ironically, the voicemails that I choose to have the service transcribe for me are actually the ones a thief would want most.

This kind of attack into a voice portal is nothing new. I sat down with a fellow who owns a business VoIP telephony service and he showed me how he could alter his outgoing caller ID info to get into my voicemail directly from his telephone keypad... which makes it very easy to get into password-less voice portals/mail systems. Their voice portal requires a password, now that I think of it.

bots (0)

Anonymous Coward | more than 5 years ago | (#27549595)

This means that the hackers would need a very powerful machine to both monitor and save important calls and a means of automating the scanning of calls.

You mean like an army of bots?

Re:Not nearly as interesting as you'd expect (1)

mattwarden (699984) | more than 5 years ago | (#27550123)

Hello,

I work for the NSA and we are recruiting for a currently classified project. Could we give you a call?

Re:Not nearly as interesting as you'd expect (1)

s_p_oneil (795792) | more than 5 years ago | (#27551597)

Actually, it's pretty easy for an organization like the NSA to detect which Skype users are logged into which IP without a powerful machine, which lets them listen in on just the Skype users they're interested in. Or they can just scan calls going to/from IP ranges they're interested in (i.e. from the US to North Korea). The hard part is getting all the Skype users to visit the malicious web site.

Re:Not nearly as interesting as you'd expect (1)

hesaigo999ca (786966) | more than 5 years ago | (#27555523)

i could still plug any keystroke logger with uneventful data, and still log myself into the bank account I got or plug my cc data online...it all depends on if you force yourself to accept someone is always watching or someone is always logging.

Believe it or not (5, Insightful)

Landak (798221) | more than 5 years ago | (#27549415)

Believe it or not, Skype carries the second largest number of international calls in the world, second only to AT&T. With a volume like that, you'd imagine that any potential vulnerability may well find someone interested in applying it, very quickly. Like, for instance, the NSA...

Re:Believe it or not (5, Interesting)

CRCulver (715279) | more than 5 years ago | (#27549449)

Skype has already been accused of having a half-assed approach to security in order to appease government agencies. It's a pity that there's no widely available encrypted voice applications. A decade ago when the nerd community was toying with PGPfone, it seemed like widespread encrypted telephony was right around the corner. Ekiga announced encryption for the 3.0 release, but then quietly buried those plans, and as nice as it is to have easy encryption in Pidgin, the app remains limited to text chat.

Re:Believe it or not (1)

jbn-o (555068) | more than 5 years ago | (#27550389)

Ekiga announced encryption for the 3.0 release, but then quietly buried those plans

On the Ekiga wiki [ekiga.org] under the heading "Implementation started" one finds "ZRTP (encrypted communication)" suggesting that encryption is being worked on. What exactly were you referring to?

Re:Believe it or not (1)

CRCulver (715279) | more than 5 years ago | (#27550403)

That was intended for 3.0, which was already released months ago.

Re:Believe it or not (1, Interesting)

Anonymous Coward | more than 5 years ago | (#27552149)

It is possible, though, that the NSA, fearing that Ekiga will become popular for security-conscious VOIP users, is forcing the Ekiga team to not include it at all, but simply keep delaying it, under threats of death or imprisonment.

Re:Believe it or not (1)

xded (1046894) | more than 5 years ago | (#27556979)

Parent sounds paranoid?

1. Read this [slashdot.org] .
2. Wonder on Skype diffusion and on lack of encrypted alternatives.
3. Judge by youself.

Do you still want to point out that a mircryption chat session is way easier to set up than an encrypted VOIP call? Well, remember that cold war was just yesterday, at least in some politician's heads.

Re:Believe it or not (0)

Anonymous Coward | more than 5 years ago | (#27551361)

Skype has already been accused of having a half-assed approach to security in order to appease government agencies. It's a pity that there's no widely available encrypted voice applications. A decade ago when the nerd community was toying with PGPfone, it seemed like widespread encrypted telephony was right around the corner. Ekiga announced encryption for the 3.0 release, but then quietly buried those plans, and as nice as it is to have easy encryption in Pidgin, the app remains limited to text chat.

zfoneproject.com (PGPFone replacement)

Re:Believe it or not (4, Insightful)

Wowsers (1151731) | more than 5 years ago | (#27549563)

Luckily* for Linux and Skype users, Skype hasn't been updated in about 2 years, and definitely no 64 bit version. So the vulnerability will be there for who knows how long until Skype (or is it eBay) gets their finger out of their backside and gives Linux/Skype users a better deal.

* Being sarcastic

Re:Believe it or not (1)

dotancohen (1015143) | more than 5 years ago | (#27552047)

Luckily* for Linux and Skype users, Skype hasn't been updated in about 2 years, and definitely no 64 bit version. So the vulnerability will be there for who knows how long until Skype (or is it eBay) gets their finger out of their backside and gives Linux/Skype users a better deal.

* Being sarcastic

So Skype could solve this most easily by patching the Windows client and dropping support for the Linux client, no? Be careful what you wish for.

Re:Believe it or not (1)

bit01 (644603) | more than 5 years ago | (#27551513)

Like, for instance, the NSA...

The NSA doesn't need an opportunistic vulnerability. They just secretly order one put in [csmonitor.com] .

---

Windows and closed source software. The US intelligence [washingtonpost.com] agencies back door [wikipedia.org] to every network connected country and business on earth.

Skype back to the founders? (1, Interesting)

linhares (1241614) | more than 5 years ago | (#27549437)

Well, if Skype is going back to the founders, I guess that's good. eBay never did anything really interesting with it anyways. I don't understand why skype let other social networking sites (yes, that's what skype is, and it fosters an even closer-knit community than facebook or others ever will, as people actually _talk_ to others, as opposed to poking them.

What I would like to see would be a tight integration of skype, facebook, and google contacts. In android phones or in the iPhone our contacts info is all here and there, scattered all around. I'd love to see a contact, then immediately know through facebook what they're up to, then either call, email, or skype, if human contact is desirable or unavoidable. In any case, skype has been held back for years and years, and I hope that it will eventually bring down the phone companies to being what they truly are: dumb pipes providing internet access.

Re:Skype back to the founders? (2, Interesting)

Bert64 (520050) | more than 5 years ago | (#27549535)

Skype would be worse than the phone companies, because it is controlled centrally by a single organization... At least there are multiple phone companies, they follow standards and you can interoperate between them.

A phone company's monopoly in a particular area is often unavoidable due to the cost of laying physical cables, a monopoly of skype is just completely ridiculous and inexcusable.

Re:Skype back to the founders? (1)

linhares (1241614) | more than 5 years ago | (#27549643)

Skype would be worse than the phone companies, because it is controlled centrally by a single organization...

OMG Skype==evil!!!

As if any one of their competitors couldn't gain ground whenever they screw up royally.

Google talk is much more dangerous to your monopoly paranoias than Skype.

Re:Skype back to the founders? (3, Insightful)

Bert64 (520050) | more than 5 years ago | (#27550821)

Google talk interoperates with other services using XMPP - a published standard... I can talk to google users without having to use their service. People can *choose* to use google's servers and accept the inherent risks, or they can choose not to and still communicate with the same people. I choose not to use their service, but i talk to a few google talk users.

Skype doesn't interoperate with anything, you have to use their service and their client. Once you have sufficient users locked in to the service, using a competitor becomes pointless because everyone you want to talk to is only contactable using skype, at which point they can screw up however they want.

Re:Skype back to the founders? (1)

linhares (1241614) | more than 5 years ago | (#27552391)

Once you have sufficient users locked in to the service, using a competitor becomes pointless because everyone you want to talk to is only contactable using skype, at which point they can screw up however they want.

Network effects are powerful, but ask these guys [wikipedia.org] or even these guys [wikipedia.org] if that's a sure guarantee of "screwing up however they want".

Re:Skype back to the founders? (-1, Offtopic)

RoFLKOPTr (1294290) | more than 5 years ago | (#27549901)

A phone company's monopoly in a particular area is often unavoidable due to the cost of laying physical cables, a monopoly of skype is just completely ridiculous and inexcusable.

Who.

The fuck.

Cares?

Seriously... this whole phobia of monopolies that the majority of Slashdot seems to suffer from is getting old. I don't know if it's just the cool thing for kids to talk about these days or what... but just because a company is a monopoly, doesn't mean the company is bad. And on top of that, you folks seem to way over-simplify what it means to actually be a monopoly.

Take Skype, for instance. How the hell can you call Skype a monopoly? Have you ever once heard of AIM, Live Messenger, Yahoo! Messenger, Google Talk, Google Voice, ICQ, Gizmo Project, etc, etc? All of them are instant messengers, most of them have free voice calling, most of them have free video calling, and a couple of them offer phone numbers and international calling... just like Skype. Skype is, in no way, a monopoly, and you need to remember that whenever you think about posting in a Slashdot thread.

But even if Skype WAS a monopoly (it isn't... really), who cares? Do they cause harm to their customers because of it? No. They actually have pretty much the best prices for international calling of all long distance phone providers... which is why they're so popular. Monopolies aren't bad because they're monopolies... monopolies are only bad when they use this 100%-market-share as leverage to get their consumers to spend all their money on these products/services that have become commonplace and almost required to live a normal life. As far as I can tell (taking the general Slashdot consensus out of consideration), the only monopoly currently in existance is Apple. Sorry fanboys, but just think about it. Apple's shit only works with Apple's shit. If you want to use OS X you have to own a Mac, if you want to use your iPhone you have to activate it through iTunes, if you want to put music on your iPod you have to use iTunes (if you want to follow Apple's EULA anyhow), if you want to use iTunes then you can only put music on an iPod. The list goes on and on. And how does Apple leverage this 100%-market-share on Apple products? They charge $3000 for a computer that I can buy from a different vendor for fucking $1200, just because it's made of brushed aluminum and has a picture of a fruit on the lid. (And now to the part that's gonna get me modded Troll.... wait for it....) Does Microsoft pull all this shit? No. They aren't a monopoly. I'm really sorry Slashdot, but Microsoft doesn't have a monopoly on the PC, partly because consumer-level Linux is in the same market, partly because Apple is in their own sub-market within this market, if you will. Microsoft isn't making deals with hardware manufacturers that make it so their OS only works with specific computers. Sure, they're a huge corporation, that produces the most popular OS in the world... but are they the only company that produces operating systems? No. Are they intentionally hurting the consumer for their own gain? They aren't. (there, have at it mods)

Re:Skype back to the founders? (1)

Bert64 (520050) | more than 5 years ago | (#27550889)

I have heard of those IM clients, and most of them operate on closed proprietary networks, and most of them have strangleholds in various markets tho none has globally... Because none of them interoperate, it becomes necessary to have accounts on all the different services which is just stupid.

Skype have terrible prices when you compare to some of the SIP providers out there...

Apple shit only works with apple shit, but so what? You can completely ignore apple (as many people do) and suffer no ill effects... You can buy a non apple phone, download music to it from a non apple music store using a non apple computer and non apple software. You don't even to know that apple exists. Apple are only well known in the US and parts of Europe, in other countries people haven't even heard of them and yet they don't care.
MS is different, you cannot completely ignore them because sooner or later you will be sent a file in a proprietary ms-only format.

Apple do not make deals with hardware manufacturers, they make their own hardware and they don't stop you running anything on it. MS actually do worse by preventing you loading linux on the xbox 360 (compare that to sony and the ps3).
MS have worked to prevent hardware manufacturers selling alternatives, they did it to beos, they did it to netscape, there is documentation about it all over the internet and they were found guilty in court.

MS do intentionally hurt consumers in many ways not least of all by trying to get them locked in.. Apple may well do the same, but they are small enough that consumers can ignore them.

Re:Skype back to the founders? (1)

RoFLKOPTr (1294290) | more than 5 years ago | (#27551779)

(And now to the part that's gonna get me modded Troll....)

Like clockwork.

Re:Skype back to the founders? (1)

MrMarket (983874) | more than 5 years ago | (#27550063)

How does skype have a monopoly? They are not the only company offering voice and video chat.

Re:Skype back to the founders? (0)

Anonymous Coward | more than 5 years ago | (#27550977)

Name an alternative for Linux Mac calls with video.
There isn't any.

Re:Skype back to the founders? (3, Interesting)

RobertM1968 (951074) | more than 5 years ago | (#27550503)

In the US, I was not aware there were multiple phone companies. Wow, you learn something new every day. Last I heard, there was "The Bell Companies" (under a plethora of names - yet still really one massive interrelated entity).

ATT/Bell/Verizon [wikipedia.org]

Then... there are a bunch of phone service resellers; who sell either access onto Bell's phone network (they dont own their own after all) via their POC routers, or Bell's; followed by VOIP providers who still largely have to have their calls transferred onto the Bell phone network for delivery to the non VOIP caller (ie: VOIP->landline call or landline->VOIP call).

And even long distance calls via a carrier that has their own lines, still gets transferred to the local lines, computers and telco switches for delivery to the home(s).

So, as far as I can see, it's VOIP->VOIP that's the only other option to not going through the one telco monopoly in this country.

Re:Skype back to the founders? (2, Informative)

Bert64 (520050) | more than 5 years ago | (#27550945)

There is a world outside of the US...

You are also thinking of fixed line phones, many people use cellphones for general voice calls these days too.

Here, i have 5 mobile operators to choose from with their own networks (and multiple resellers) and 2 fixed line providers (as well as countless resellers)... Because fixed lines cost more to roll out (ie a monopoly is pretty much unavoidable), the incumbent suppliers are heavily regulated to avoid gouging consumers.

If you want competitive voip, try finding a provider that supports SIP... You can call between sip providers for free as it's pure ip, calling non sip lines has a cost imposed by whatever telco they hand off to.

If you want to call from skype to someone using a different voip service, you're likely to pay termination charges as the call gets routed out via a telco network and back, there is no interoperability with skype.

Re:Skype back to the founders? (1)

RobertM1968 (951074) | more than 5 years ago | (#27551027)

I didnt realize that cell phones talked directly to each other... ;-)

But yes, I was talking fixed line phones - since the post I was responding to was - (and the general discussion was talking about VOIP calls - which are usually made from some sort of fixed line connection (Internet from someplace, going through a wire or cable)).

And here, there are a few mobile carriers - they each talk about the wonderful network they use - but yet again, many share the same one(s).

Regardless, they get routed from cell to tower to... ???... to cell/landline/VOIP phone.

Re:Skype back to the founders? (1)

fractoid (1076465) | more than 5 years ago | (#27554967)

I didnt realize that cell phones talked directly to each other... ;-)

They bloody well should and it's always irked me that they don't. Why talk to a cell tower that's 4km away when I'm phoning someone across the street? And why the hell should I *pay* for it?!

Re:Skype back to the founders? (1)

BrokenHalo (565198) | more than 5 years ago | (#27549969)

...other social networking sites (yes, that's what skype is, and it fosters an even closer-knit community than facebook or others ever will, as people actually _talk_ to others, as opposed to poking them...

Why the hell did you post that as AC? What you say is entirely true.

I don't have a Facebook account, but my wife does. The amount of time she spends on it is scary, though she is definitely intelligent enough to know that it is only a substitute for real interaction. Skype, however, is a genuinely useful service (regardless of its shortcomings) because the "social networking" requires a certain amount of cerebral input, rather than a generic off-the-peg poke to say "I still exist, and your name just farted across my synapses for 0.3 nanoseconds".

Re:Skype back to the founders? (1)

linhares (1241614) | more than 5 years ago | (#27552235)

Why the hell did you post that as AC? What you say is entirely true.

I didn't [slashdot.org] .

Re:Skype back to the founders? (1)

BrokenHalo (565198) | more than 5 years ago | (#27553677)

Oops. sorry... 8-|

Whoa! (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#27549445)

I've never had a chance to comment so close to the start of an article before! Way to go Easter candy, making everyone slow and laaaazy.

Re:Whoa! (1)

linhares (1241614) | more than 5 years ago | (#27549489)

Your karma must be improving, grasshopper.

Unsurprising (4, Insightful)

Alcoholist (160427) | more than 5 years ago | (#27549459)

Anyone expecting privacy on these systems is a fool. It's not like either of these companies is regulated in any way, to say nothing of the fact they provide their services over the Internet which you only have read /. for a day to know is not secure.

Re:Unsurprising (2, Insightful)

Anonymous Coward | more than 5 years ago | (#27549561)

Anyone expecting privacy on these systems is a fool.

Maybe, but not for the reasons you give. You just have to look at AT&T to realize that regulation doesn't give you privacy. And providing a service over the Internet doesn't automatically makes it not secure. Security is a layer that you add if you want it, see SSL for an example.

Re:Unsurprising (5, Funny)

Samschnooks (1415697) | more than 5 years ago | (#27549585)

Anyone expecting privacy on these systems is a fool. It's not like either of these companies is regulated in any way, to say nothing of the fact they provide their services over the Internet which you only have read /. for a day to know is not secure.

Exactly. The same goes for traditional cell service. Why just the other day, I was in the grocery store and someone was yacking away about some big business deal in the bread isle. I sat there "shopping" while this guy was talking about financing, etc, etc, etc...

Then, I moved over to the soda isle, this young chicky apparently was having boyfriend troubles and I offered to help but she got all indignant and looks at me like I was a perv or something.

Then, over in the fish isle, this middle aged guy was trying to figure out if he should get the Salmon or the Trout and asking his wife, I think, which should he get. I told him the Trout. Great stuff. Again the funny looks! I don't get it?

The bread isle, this person was pushing their cart talking away and I answered - god I hate those blue tooths! Same thing - weird looks!

I won't tell you about the guy on the street talking really loudly but without and Bluetooth or Cell - he asked me for money.

What was this again about privacy and phone calls? I forgot what we're talking about.

Re:Unsurprising (2, Insightful)

Anonymous Coward | more than 5 years ago | (#27549741)

In a used book store, perhaps 8 years ago, I held a conversation with the gentleman next to me for 5 minutes. Then he walked away and kept talking on his phone.

People who talk on cell phones while being checked out are rude. The cashier is a person and deserves the currtacy of your attention over anyone on a phone conversation.

Using a cell phone in public is rude.

Texting/emailing while anyone is talking to you is rude unless they are dictating the contents of the message.

I'm guilty of talking and emailing when I should be carefully listening to another person.

Re:Unsurprising (2, Informative)

BrokenHalo (565198) | more than 5 years ago | (#27549991)

I'm guilty of talking and emailing when I should be carefully listening to another person.

So am I from time to time, though I usually prefer to let the phone just ring out. The person to whom you're talking is left with a much more favourable impression, and voicemail does the rest.

Re:Unsurprising (1, Funny)

mattwarden (699984) | more than 5 years ago | (#27550149)

> Then, over in the fish isle

People like you are why I never shop on the islands.

Re:Unsurprising (1)

tukang (1209392) | more than 5 years ago | (#27549707)

It's not like either of these companies is regulated in any way

Considering that the gov't does most of the spying, I don't think that using a regulated company's service will necessarily give you more privacy. In fact, I expect that the gov't has a harder time spying on skype/google conversations than they do regular phone lines.

Re:Unsurprising (3, Insightful)

mattwarden (699984) | more than 5 years ago | (#27550139)

> Anyone expecting privacy on these systems is a fool. It's not like either of
> these companies is regulated in any way

Amen. As we know, telephone companies that area regulated would never compromise their users' privacy.

Oops! [slashdot.org]

Re:Unsurprising (0)

Anonymous Coward | more than 5 years ago | (#27552777)

For the Skype attack to work, the victim would have to be tricked into visiting a malicious Web site within 30 minutes of being logged into Skype.

This is the only compromising loss of privacy here, which is barely a vulnerability let alone an attack. The only difference between this one and hitting one of those sites while surfing, which even if you're trying to can still be fruitless, is that it has to be done within 30 minutes of logging into Skype for it to work.

Settle down with the hyperbole.

Nerdy solution (4, Funny)

Wowsers (1151731) | more than 5 years ago | (#27549521)

For a minute there I thought there was a problem, but nerds have no friends so nobody calls you on Skype anyway.

Re:Nerdy solution (0)

the0 (1035328) | more than 5 years ago | (#27549611)

My Mom does, you insensitive clod!

Re:Nerdy solution (1, Funny)

Anonymous Coward | more than 5 years ago | (#27549709)

Man, it's a sad day when even your mom doesn't dare enter her own basement to tell you that lunch is ready.

dirty talk? (-1, Offtopic)

blondie.xo (1527639) | more than 5 years ago | (#27549579)

What if people are talking dirty, or exchanging videos on there. Ew, people can watch or listen. Gross. These things should be more secure.

Cloud apps improve security (5, Insightful)

Alascom (95042) | more than 5 years ago | (#27549963)

Once again, we see that cloud apps like Google's Grandcentral have a real benefit to security, despite the sensationalist scare mongering.

When a bug in a cloud based application is identified, it can be patched quickly, in a single location, and the bug disappears. The same cannot be said of locally installed apps (exchange servers, etc) that take years for companies and administrators to eventually get the patches installed.

Re:Cloud apps improve security (1)

StreetStealth (980200) | more than 5 years ago | (#27551773)

And conversely, a locally-installed, open-source application can be patched on-site or by a collaboration between many users while cloud users are at the mercy of their provider.

Not that there's anything that really fits this definition for secure VOIP, but just sayin'.

Re:Cloud apps improve security (1)

whoop (194) | more than 5 years ago | (#27551973)

So, you're saying that Open Source apps have to wait for someone to fix it, meanwhile cloudies have to wait for someone to fix it? Ah, I see. Don't trust the man!

Re:Cloud apps improve security (1)

dotancohen (1015143) | more than 5 years ago | (#27552069)

And Skype is the counterexample where if the company sits there and does nothing, the consumer is powerless to improve the situation. If the source code were out in the open, a large user base would devise a solution of it's own.

Increasingly I look for p2p communications (1)

CranberryKing (776846) | more than 5 years ago | (#27552561)

for everything. E-mail is insecure. Service-based VoIP is insecure. Video conferencing via google or skype is going to be insecure since it disappears somewhere in a google/skype cloud.

Can't you do full video/voice conference, p2p with VideoLAN?

Oh Okay (0)

Anonymous Coward | more than 5 years ago | (#27552651)

For the Skype attack to work, the victim would have to be tricked into visiting a malicious Web site within 30 minutes of being logged into Skype. In the Google Voice attack (PDF), the hacker would first need to know the victim's phone number, but Secure Science has devised a way to figure this out using Google Voice's Short Message Service (SMS). Google patched the bugs that enabled Secure Science's attack last week and has now added a password requirement to its voicemail system

I was half-interested for a second there.

spoofable voicemail carriers (1)

SirGeeksAlot (1530851) | more than 5 years ago | (#27553327)

You think google voice or skype are bad, go find someone with a youmail or a phonetag account. Spoof the callerID and dial into their voicemail access number. No pin required.

deja vu (1)

ascari (1400977) | more than 5 years ago | (#27561323)

Sounds like the cyberspace equivalent of a handset and a couple of alligator clips. Solution: Just don't talk about sensitive stuff over the phone.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>