Skype's security credentials have been called into question by a developer who claims to have released a software library that emulates an encryption algorithm used by the popular VoIP service.Sean O'Neill, best known for designing the EnRUPT hash algorithm, has released program code which emulates the RC4 algorithm used by Skype to encrypt communications over its network.Skype is widely used in home and business environments, and the company guards its source code fiercely.This has led to numerous attempts to crack the encryption algorithm which would result in conversations being deciphered to 'plaintext'.An initial analysis of the code appears to show that O'Neill's solution is a partial exposure of Skype's privacy measures.However, given the resourceful nature of hackers, a small crack could expand into a gaping fissure in a relatively short space of time.The developer has decided not to reveal further details of his exploits until his presentation at the respected Chaos Communication Congress in December.Until then, O'Neill has uploaded his code allowing other hackers to test and potentially carry on his hard work.The wait until O'Neill reveals the extent of his breach of Skype's encryption could result in firms thinking twice before they use the application.However, Skype hit back at O'Neill in a strongly worded statement. The firm said it was proud of its software's security and that the hacker's efforts "in no way" compromises this."We believe that the work being done by Sean O'Neil, who we understand was formerly known as Yaroslav Charnovsky, is directly facilitating spamming attacks against Skype and we are considering our legal remedies," the statement continued."Whilst we understand the desire for people to reverse engineer our pro tocols with the intent of improving security, the work done by this individual clearly demonstrates the opposite.
Copyright ©v3.co.uk
Issue: 316 | July 2013
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.
