[114109] in cryptography@c2.net mail archive
Re: German Government Skype interception methods leaked...
daemon@ATHENA.MIT.EDU (Stephan Somogyi)
Sun Jan 27 12:12:31 2008
In-Reply-To: <87ir1gtxs2.fsf@snark.cb.piermont.com>
Date: Sat, 26 Jan 2008 15:15:33 -0800
To: cryptography@metzdowd.com
From: Stephan Somogyi <cryptography@lt.gross.net>
At 10:24 -0500 26.01.2008, Perry E. Metzger wrote:
> "Wikileaks has released documents from the German police revealing
> Skype interception technology. The leaks are currently creating a
> storm in the German press[...]"
I've skimmed some of the coverage and I can't help but think that
this is being hyped in large part because Skype is mentioned.
What's being described seems to require running DigiTask's code on an
endpoint. If you're installed on the machine anyway, rather than
grabbing packets on the wire, all you'd need to do is get the data --
eg by inserting yourself into standard OS audio and HID APIs --
before Skype's code processes it. Such an approach would never have
to deal with encrypted bits, and really has nothing to do with Skype
at all.
NB also that unless they've implemented specific countermeasures in
the mean time, Skype remains vulnerable to traffic analysis, cf.
<http://arstechnica.com/news.ars/post/20060824-7582.html>.
s.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
