-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Roy Schestowitz wrote:
> Skype 1.4.0.99 reads /etc/ passwd and firefox profile!
>
> ,----[ Quote
>| I just did an strace on Skype and can confirm your findings.
>|
>| I fact I have recently been thinking about the "Bundestrojaner" german
>| minister Schäuble is planning to use and found that Skype would be the
>| perfect place to hide it:
>| - it is installed on a majority of systems
>| - it is protected against decompilation / debuggers
>| - it bypasses almost any firewall
>| - it uses encryption for network traffic
>| - it may send lots of data even when not making a call
>| - it might have already been deployed by the NSA
>| - eBay has a history of cooperating with federal agencies
>|
>| But of course you would not care about big brother reading your harddrive
>| unless you are a terrorist...
> `----
>
> http://forum.skype.com/index.php?showtopic=95261
While there are many valid reasons to distrust Skype in many
environments, this is not one of them. Reading /etc/passwd is a common
side-effect of many normal operations, and on any modern *nix there is
nothing of importance in there anyway. It's not like it can read the
shadow file. As for going through the Firefox profile, it might just be
to look for the Skype extension. I don't want to assume bad faith as a
default, just because they're closed source and do some rather sneaky
things (those seem mostly geared towards protecting their protocol with
obscurity, and bypassing firewalls).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFG0rTsd1ZThqotgfgRAoA5AJ9BPVqiPLFDcmbhUE63zjnDSyyxXQCdGOZL
nQK1rr6k+3l5iElGWGFxY7Y=
=F5/i
-----END PGP SIGNATURE-----
--
PeKaJe
Our houseplants have a good sense of humous.
|
|
