Hacker claims to have found Skype hole

[nsane.forums]

Encryption processes may have been compromised

Skype's security credentials have been called into question by a developer who claims to have released a software library that emulates an encryption algorithm used by the popular VoIP service.

Sean O'Neill, best known for designing the EnRUPT hash algorithm, has released program code which emulates the RC4 algorithm used by Skype to encrypt communications over its network.

Skype is widely used in home and business environments, and the company guards its source code fiercely.

This has led to numerous attempts to crack the encryption algorithm which would result in conversations being deciphered to 'plaintext'.

An initial analysis of the code appears to show that O'Neill's solution is a partial exposure of Skype's privacy measures.

However, given the resourceful nature of hackers, a small crack could expand into a gaping fissure in a relatively short space of time.

The developer has decided not to reveal further details of his exploits until his presentation at the respected Chaos Communication Congress in December.

Until then, O'Neill has uploaded his code allowing other hackers to test and potentially carry on his hard work.

The wait until O'Neill reveals the extent of his breach of Skype's encryption could result in firms thinking twice before they use the application.

However, Skype hit back at O'Neill in a strongly worded statement. The firm said it was proud of its software's security and that the hacker's efforts "in no way" compromises this.

"We believe that the work being done by Sean O'Neil, who we understand was formerly known as Yaroslav Charnovsky, is directly facilitating spamming attacks against Skype and we are considering our legal remedies," the statement continued.

"Whilst we understand the desire for people to reverse engineer our pro tocols with the intent of improving security, the work done by this individual clearly demonstrates the opposite.

View: Original Article