http://www.secdev.org/conf/skype_BHEU06.handout.pdf -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
On 3/21/06, Eugen Leitl <eugen@leitl.org> wrote:
it's interesting to note that this clearly allows for a MITM as required by legal authorities (Skype mentioned fully cooperating with authorities as required - how often do they do this?). the client authentication uses public keys signed by the Skype Authority; presumably any key they sign as being "User Alice", even if belonging to "User Eve", will be accepted by the client. with no visibility in client certs at the UI level i don't see how this can be avoided. note that this is really just useful for inter-skype calls as CALEA/traditional taps can take place once a skype call hits POTS. one of the slides mentions: "You are the certification authority - You can intercept and decrypt session keys". if this means that client private keys are also handed to the skype authority then eavesdropping is trivial (and no longer requires active MITM). however, this tidbit is listed under "Skype Voice Interception - Feasibility of a man in the middle attack" so i'm not sure if they are talking about a passive eavesdrop or an active MITM with regards to the cert authority intervention. other interesting bits: they use a 2^32 strength key for RC4 obfuscation of data payloads. all this encryption is purely done to obfuscate protocol. (the binary obfuscation is impressive as well; i fucking hate that shit though :) blocking skype with one rule: iptables -I FORWARD -p udp -m length --length 39 -m u32 --u32 '27&0x8f=7' --u32 '31=0x527c4833' -j DROP approximately 20,000 super nodes exist. heap exploits for biggest botnet ever? :P~
participants (2)
-
coderman -
Eugen Leitl