skype was made by clever people

[coderman]

On 3/21/06, Eugen Leitl <eugen at leitl.org> wrote:
> http://www.secdev.org/conf/skype_BHEU06.handout.pdf

it's interesting to note that this clearly allows for a MITM as
required by legal authorities (Skype mentioned fully cooperating with
authorities as required - how often do they do this?).

the client authentication uses public keys signed by the Skype
Authority; presumably any key they sign as being "User Alice", even if
belonging to "User Eve", will be accepted by the client.  with no
visibility in client certs at the UI level i don't see how this can be
avoided.

note that this is really just useful for inter-skype calls as
CALEA/traditional taps can take place once a skype call hits POTS.

one of the slides mentions: "You are the certification authority - You
can intercept and decrypt session keys".  if this means that client
private keys are also handed to the skype authority then eavesdropping
is trivial (and no longer requires active MITM).  however, this tidbit
is listed under "Skype Voice Interception - Feasibility of a man in
the middle attack" so i'm not sure if they are talking about a passive
eavesdrop or an active MITM with regards to the cert authority
intervention.


other interesting bits:

they use a 2^32 strength key for RC4 obfuscation of data payloads. 
all this encryption is purely done to obfuscate protocol.  (the binary
obfuscation is impressive as well; i fucking hate that shit though :)

blocking skype with one rule:
iptables -I FORWARD -p udp -m length --length 39 -m u32 --u32
'27&0x8f=7' --u32 '31=0x527c4833' -j DROP

approximately 20,000 super nodes exist.

heap exploits for biggest botnet ever? :P~