SlideShare a Scribd company logo

Security Risks & Vulnerabilities in Skype

Kelum Senanayake
Kelum Senanayake

Skype claims to provide secure communication but has several security risks and vulnerabilities. It does not display unique usernames, making impersonation easy. Software downloads are not encrypted, exposing users to tampering. Skype's direct peer-to-peer connections and port scanning capabilities could allow malware to bypass firewalls. Additionally, Skype's proprietary protocol is not open for review, so its security properties are unknown.

Technology
1 of 7
Download to read offline
Security risks & vulnerabilities in Skype Kelum Senanayake
Introduction  Skype proclaims that it provides a secure method of communication.  Hundreds of millions of people have chosen to use Skype, often on the basis of this assurance.  But there are some security risk and vulnerabilities of Skype.
The user interface does not display a "real Skype username" in the contact list  Skype's interface relies on the use of full names on the contact list rather than unique user names.  It easy to impersonate other users and introduces substantial security risks.  Average users are easily tricked as a result.
Skype's software downloads are not delivered over a HTTPS / SSL connection  Downloads may be tampered with by a third party.  China has been known to produce its own Trojan-infected version of Skype.  Users are exposed to interception, impersonation and surveillance.
Skype could provide a backdoor entry  Skype allows users to establish direct connections with each other.  It's also "port agile" − If a firewall port is blocked Skype will look around for other open ports that it can use to establish a connection.  If you put Skype behind a firewall or NAT layer, 99% it will work without any special configuration.  Skype could provide a backdoor entry into secure networks for Trojans, worms, and viruses.  It could also provide a channel for corporate data to be freely shared between users without any of the usual security considerations.
Skype's proprietary protocol  Skype uses a proprietary protocol instead of a standard one such as the SIP.  This makes it an unknown from the point of view of the vulnerabilities that might be there.  Every nonstandard application can add unnecessary risks to your environment.  In the end no one really knows what all is built into such an application.
References [1] Privacy International, "Skype Called Answer Mounting Security Concerns", [Online]. Available: https://www.privacyinternational.org/article/skype-called- answer-mounting-security-concerns.[Accessed: Oct. 31, 2011]. [2] Jaikumar Vijayan, "Does Skype Face Security Threat?", [Online]. Available: http://www.pcworld.com/article/123279/does_skype_face_secur ity_threat.html.[Accessed: Oct. 31, 2011].

Recommended

Re solution - corona virus cyber security infographic
Re solution - corona virus cyber security infographicRe solution - corona virus cyber security infographic
Re solution - corona virus cyber security infographicJacob Tranter
 
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...Jacob Tranter
 
Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Skycure
 
Internet security and privacy
Internet security and privacyInternet security and privacy
Internet security and privacygbemis00
 
Endpoint Security
Endpoint Security Endpoint Security
Endpoint Security Zack Fabro
 
Intel McAfee DeepSAFE Technology
Intel McAfee DeepSAFE TechnologyIntel McAfee DeepSAFE Technology
Intel McAfee DeepSAFE TechnologyCan Your Security
 
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...imagazinepl
 
Venkasure Antivirus + Internet Security
Venkasure Antivirus + Internet SecurityVenkasure Antivirus + Internet Security
Venkasure Antivirus + Internet Securityvenkasureantivirus
 

Recommended

Re solution - corona virus cyber security infographic
Re solution - corona virus cyber security infographicRe solution - corona virus cyber security infographic
Re solution - corona virus cyber security infographicJacob Tranter
 
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...Jacob Tranter
 
Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Skycure
 
Internet security and privacy
Internet security and privacyInternet security and privacy
Internet security and privacygbemis00
 
Endpoint Security
Endpoint Security Endpoint Security
Endpoint Security Zack Fabro
 
Intel McAfee DeepSAFE Technology
Intel McAfee DeepSAFE TechnologyIntel McAfee DeepSAFE Technology
Intel McAfee DeepSAFE TechnologyCan Your Security
 
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...imagazinepl
 
Venkasure Antivirus + Internet Security
Venkasure Antivirus + Internet SecurityVenkasure Antivirus + Internet Security
Venkasure Antivirus + Internet Securityvenkasureantivirus
 
The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityThe fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityNowSecure
 
Acronis Active Protection: A Way To Combat Ransomware Attack
Acronis Active Protection: A Way To Combat Ransomware AttackAcronis Active Protection: A Way To Combat Ransomware Attack
Acronis Active Protection: A Way To Combat Ransomware AttackAcronis
 
How to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMHow to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMSkycure
 
iOS and Android security: Differences you need to know
iOS and Android security: Differences you need to knowiOS and Android security: Differences you need to know
iOS and Android security: Differences you need to knowNowSecure
 
Cloud Attacks: A Live Simulation of Cloud MIsconfiguration Attacks
Cloud Attacks: A Live Simulation of Cloud MIsconfiguration AttacksCloud Attacks: A Live Simulation of Cloud MIsconfiguration Attacks
Cloud Attacks: A Live Simulation of Cloud MIsconfiguration AttacksDiemShin
 
Web security
Web security Web security
Web security Kaushal Bhavsar
 
Is Security Optional20100608
Is Security Optional20100608Is Security Optional20100608
Is Security Optional20100608aljapaco
 
Chapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusChapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusAdi Saputra
 
Secure Your Mobile Apps
Secure Your Mobile AppsSecure Your Mobile Apps
Secure Your Mobile Appsprimomh
 
Web appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practicesWeb appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practicesPotato
 
Computer viruses
Computer virusesComputer viruses
Computer virusesAyushJain628
 
Wordpress security
Wordpress securityWordpress security
Wordpress securityjhon wilson
 
CLASS VII COMPUTER SECURITY
CLASS VII COMPUTER SECURITYCLASS VII COMPUTER SECURITY
CLASS VII COMPUTER SECURITYRc Os
 
F5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingF5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingGlobal Business Events
 
Network basic security
Network basic securityNetwork basic security
Network basic securityMohamed Radji
 
iOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious ProfilesiOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious ProfilesYair Amit
 
Internet explorer tech support call 1 866-757-9494
Internet explorer tech support call 1 866-757-9494Internet explorer tech support call 1 866-757-9494
Internet explorer tech support call 1 866-757-9494Tech Cillin
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overviewCisco Canada
 
Web App Se Saidi Scan
Web App Se Saidi ScanWeb App Se Saidi Scan
Web App Se Saidi ScanAung Khant
 
The World Against the Bad, Cisco AMP Solution to the Rescue
The World Against the Bad, Cisco AMP Solution to the RescueThe World Against the Bad, Cisco AMP Solution to the Rescue
The World Against the Bad, Cisco AMP Solution to the RescueCisco Canada
 
EJB 3.0 - Yet Another Introduction
EJB 3.0 - Yet Another IntroductionEJB 3.0 - Yet Another Introduction
EJB 3.0 - Yet Another IntroductionKelum Senanayake
 
Node.js Introduction
Node.js IntroductionNode.js Introduction
Node.js IntroductionKelum Senanayake
 

More Related Content

What's hot

The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityThe fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityNowSecure
 
Acronis Active Protection: A Way To Combat Ransomware Attack
Acronis Active Protection: A Way To Combat Ransomware AttackAcronis Active Protection: A Way To Combat Ransomware Attack
Acronis Active Protection: A Way To Combat Ransomware AttackAcronis
 
How to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMHow to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMSkycure
 
iOS and Android security: Differences you need to know
iOS and Android security: Differences you need to knowiOS and Android security: Differences you need to know
iOS and Android security: Differences you need to knowNowSecure
 
Cloud Attacks: A Live Simulation of Cloud MIsconfiguration Attacks
Cloud Attacks: A Live Simulation of Cloud MIsconfiguration AttacksCloud Attacks: A Live Simulation of Cloud MIsconfiguration Attacks
Cloud Attacks: A Live Simulation of Cloud MIsconfiguration AttacksDiemShin
 
Is Security Optional20100608
Is Security Optional20100608Is Security Optional20100608
Is Security Optional20100608aljapaco
 
Chapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusChapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusAdi Saputra
 
Secure Your Mobile Apps
Secure Your Mobile AppsSecure Your Mobile Apps
Secure Your Mobile Appsprimomh
 
Web appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practicesWeb appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practicesPotato
 
Wordpress security
Wordpress securityWordpress security
Wordpress securityjhon wilson
 
CLASS VII COMPUTER SECURITY
CLASS VII COMPUTER SECURITYCLASS VII COMPUTER SECURITY
CLASS VII COMPUTER SECURITYRc Os
 
F5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingF5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingGlobal Business Events
 
Network basic security
Network basic securityNetwork basic security
Network basic securityMohamed Radji
 
iOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious ProfilesiOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious ProfilesYair Amit
 
Internet explorer tech support call 1 866-757-9494
Internet explorer tech support call 1 866-757-9494Internet explorer tech support call 1 866-757-9494
Internet explorer tech support call 1 866-757-9494Tech Cillin
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overviewCisco Canada
 
Web App Se Saidi Scan
Web App Se Saidi ScanWeb App Se Saidi Scan
Web App Se Saidi ScanAung Khant
 
The World Against the Bad, Cisco AMP Solution to the Rescue
The World Against the Bad, Cisco AMP Solution to the RescueThe World Against the Bad, Cisco AMP Solution to the Rescue
The World Against the Bad, Cisco AMP Solution to the RescueCisco Canada
 

What's hot (20)

The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityThe fundamentals of Android and iOS app security
The fundamentals of Android and iOS app security
 
Acronis Active Protection: A Way To Combat Ransomware Attack
Acronis Active Protection: A Way To Combat Ransomware AttackAcronis Active Protection: A Way To Combat Ransomware Attack
Acronis Active Protection: A Way To Combat Ransomware Attack
 
How to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMHow to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMM
 
iOS and Android security: Differences you need to know
iOS and Android security: Differences you need to knowiOS and Android security: Differences you need to know
iOS and Android security: Differences you need to know
 
Cloud Attacks: A Live Simulation of Cloud MIsconfiguration Attacks
Cloud Attacks: A Live Simulation of Cloud MIsconfiguration AttacksCloud Attacks: A Live Simulation of Cloud MIsconfiguration Attacks
Cloud Attacks: A Live Simulation of Cloud MIsconfiguration Attacks
 
Web security
Web security Web security
Web security
 
Is Security Optional20100608
Is Security Optional20100608Is Security Optional20100608
Is Security Optional20100608
 
Chapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusChapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirus
 
Secure Your Mobile Apps
Secure Your Mobile AppsSecure Your Mobile Apps
Secure Your Mobile Apps
 
Web appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practicesWeb appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practices
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Wordpress security
Wordpress securityWordpress security
Wordpress security
 
CLASS VII COMPUTER SECURITY
CLASS VII COMPUTER SECURITYCLASS VII COMPUTER SECURITY
CLASS VII COMPUTER SECURITY
 
F5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingF5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are Failing
 
Network basic security
Network basic securityNetwork basic security
Network basic security
 
iOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious ProfilesiOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious Profiles
 
Internet explorer tech support call 1 866-757-9494
Internet explorer tech support call 1 866-757-9494Internet explorer tech support call 1 866-757-9494
Internet explorer tech support call 1 866-757-9494
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overview
 
Web App Se Saidi Scan
Web App Se Saidi ScanWeb App Se Saidi Scan
Web App Se Saidi Scan
 
The World Against the Bad, Cisco AMP Solution to the Rescue
The World Against the Bad, Cisco AMP Solution to the RescueThe World Against the Bad, Cisco AMP Solution to the Rescue
The World Against the Bad, Cisco AMP Solution to the Rescue
 

Viewers also liked

EJB 3.0 - Yet Another Introduction
EJB 3.0 - Yet Another IntroductionEJB 3.0 - Yet Another Introduction
EJB 3.0 - Yet Another IntroductionKelum Senanayake
 
Couchbase - Yet Another Introduction
Couchbase - Yet Another IntroductionCouchbase - Yet Another Introduction
Couchbase - Yet Another IntroductionKelum Senanayake
 
What you need to know about GC
What you need to know about GCWhat you need to know about GC
What you need to know about GCKelum Senanayake
 
A Searchable Symmetric Key Cipher System
A Searchable Symmetric Key Cipher SystemA Searchable Symmetric Key Cipher System
A Searchable Symmetric Key Cipher SystemKelum Senanayake
 
Attacking Turkish Texts Encrypted by Homophonic Cipher
Attacking Turkish Texts Encrypted by Homophonic CipherAttacking Turkish Texts Encrypted by Homophonic Cipher
Attacking Turkish Texts Encrypted by Homophonic CipherSefik Ilkin Serengil
 
Secure Data Sharing in Cloud (SDSC)
Secure Data Sharing in Cloud (SDSC)Secure Data Sharing in Cloud (SDSC)
Secure Data Sharing in Cloud (SDSC)Jishnu Pradeep
 
Analysis of Searchable Encryption
Analysis of Searchable EncryptionAnalysis of Searchable Encryption
Analysis of Searchable EncryptionNagendra Posani
 
Discrete Logarithmic Problem- Basis of Elliptic Curve Cryptosystems
Discrete Logarithmic Problem- Basis of Elliptic Curve CryptosystemsDiscrete Logarithmic Problem- Basis of Elliptic Curve Cryptosystems
Discrete Logarithmic Problem- Basis of Elliptic Curve CryptosystemsNIT Sikkim
 
Searchable Encryption Systems
Searchable Encryption SystemsSearchable Encryption Systems
Searchable Encryption SystemsChristopher Frenz
 
Search on encrypted data
Search on encrypted dataSearch on encrypted data
Search on encrypted dataSELASI OCANSEY
 
The NFS Version 4 Protocol
The NFS Version 4 ProtocolThe NFS Version 4 Protocol
The NFS Version 4 ProtocolKelum Senanayake
 

Viewers also liked (18)

EJB 3.0 - Yet Another Introduction
EJB 3.0 - Yet Another IntroductionEJB 3.0 - Yet Another Introduction
EJB 3.0 - Yet Another Introduction
 
Node.js Introduction
Node.js IntroductionNode.js Introduction
Node.js Introduction
 
Couchbase - Yet Another Introduction
Couchbase - Yet Another IntroductionCouchbase - Yet Another Introduction
Couchbase - Yet Another Introduction
 
What you need to know about GC
What you need to know about GCWhat you need to know about GC
What you need to know about GC
 
A Searchable Symmetric Key Cipher System
A Searchable Symmetric Key Cipher SystemA Searchable Symmetric Key Cipher System
A Searchable Symmetric Key Cipher System
 
Attacking Turkish Texts Encrypted by Homophonic Cipher
Attacking Turkish Texts Encrypted by Homophonic CipherAttacking Turkish Texts Encrypted by Homophonic Cipher
Attacking Turkish Texts Encrypted by Homophonic Cipher
 
Gırgır sunum
Gırgır sunum Gırgır sunum
Gırgır sunum
 
Searchable Encryption
Searchable EncryptionSearchable Encryption
Searchable Encryption
 
Secure Data Sharing in Cloud (SDSC)
Secure Data Sharing in Cloud (SDSC)Secure Data Sharing in Cloud (SDSC)
Secure Data Sharing in Cloud (SDSC)
 
Analysis of Searchable Encryption
Analysis of Searchable EncryptionAnalysis of Searchable Encryption
Analysis of Searchable Encryption
 
Discrete Logarithmic Problem- Basis of Elliptic Curve Cryptosystems
Discrete Logarithmic Problem- Basis of Elliptic Curve CryptosystemsDiscrete Logarithmic Problem- Basis of Elliptic Curve Cryptosystems
Discrete Logarithmic Problem- Basis of Elliptic Curve Cryptosystems
 
Searchable Encryption Systems
Searchable Encryption SystemsSearchable Encryption Systems
Searchable Encryption Systems
 
How to Share a Secret
How to Share a SecretHow to Share a Secret
How to Share a Secret
 
Search on encrypted data
Search on encrypted dataSearch on encrypted data
Search on encrypted data
 
GPU Programming with Java
GPU Programming with JavaGPU Programming with Java
GPU Programming with Java
 
The NFS Version 4 Protocol
The NFS Version 4 ProtocolThe NFS Version 4 Protocol
The NFS Version 4 Protocol
 
Knight's Tour
Knight's TourKnight's Tour
Knight's Tour
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 

Similar to Security Risks & Vulnerabilities in Skype

Pegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowPegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowSkycure
 
pegasus-whatyouneedtoknow-160916194631 (1).pdf
pegasus-whatyouneedtoknow-160916194631 (1).pdfpegasus-whatyouneedtoknow-160916194631 (1).pdf
pegasus-whatyouneedtoknow-160916194631 (1).pdf064ChetanWani
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3mPrem Kumar (OSCP)
 
Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014TGodfrey
 
Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...
Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...
Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...Software Park Thailand
 
Final project slideshare
Final project slideshareFinal project slideshare
Final project slideshareaenteha94
 
Final project slideshare
Final project slideshareFinal project slideshare
Final project slideshareaenteha94
 
Web security: concepts and tools used by attackers
Web security: concepts and tools used by attackersWeb security: concepts and tools used by attackers
Web security: concepts and tools used by attackerstomasperezv
 
Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015TGodfrey
 
Debunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN SecurityDebunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN Securityinside-BigData.com
 
Drupal Security Seminar
Drupal Security SeminarDrupal Security Seminar
Drupal Security SeminarCalibrate
 
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Cisco do Brasil
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Securitysudip pudasaini
 
Pangolin whitepaper
Pangolin whitepaperPangolin whitepaper
Pangolin whitepapermattotamhe
 
Secure codingguide
Secure codingguideSecure codingguide
Secure codingguideDavid Kwak
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamMohammed Adam
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft
 
Enterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-upEnterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-upDileep Kalidindi
 
Mobile security
Mobile securityMobile security
Mobile securityStefaan
 

Similar to Security Risks & Vulnerabilities in Skype (20)

Pegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowPegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to Know
 
pegasus-whatyouneedtoknow-160916194631 (1).pdf
pegasus-whatyouneedtoknow-160916194631 (1).pdfpegasus-whatyouneedtoknow-160916194631 (1).pdf
pegasus-whatyouneedtoknow-160916194631 (1).pdf
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
 
Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014
 
Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...
Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...
Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...
 
Final project slideshare
Final project slideshareFinal project slideshare
Final project slideshare
 
Final project slideshare
Final project slideshareFinal project slideshare
Final project slideshare
 
Web security: concepts and tools used by attackers
Web security: concepts and tools used by attackersWeb security: concepts and tools used by attackers
Web security: concepts and tools used by attackers
 
Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015
 
Cybersecurity-NSIC.pdf
Cybersecurity-NSIC.pdfCybersecurity-NSIC.pdf
Cybersecurity-NSIC.pdf
 
Debunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN SecurityDebunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN Security
 
Drupal Security Seminar
Drupal Security SeminarDrupal Security Seminar
Drupal Security Seminar
 
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Pangolin whitepaper
Pangolin whitepaperPangolin whitepaper
Pangolin whitepaper
 
Secure codingguide
Secure codingguideSecure codingguide
Secure codingguide
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by Adam
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security Threats
 
Enterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-upEnterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-up
 
Mobile security
Mobile securityMobile security
Mobile security
 

Recently uploaded

Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 

Recently uploaded (20)

Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 

Security Risks & Vulnerabilities in Skype

  • 1. Security risks & vulnerabilities in Skype Kelum Senanayake
  • 2. Introduction  Skype proclaims that it provides a secure method of communication.  Hundreds of millions of people have chosen to use Skype, often on the basis of this assurance.  But there are some security risk and vulnerabilities of Skype.
  • 3. The user interface does not display a "real Skype username" in the contact list  Skype's interface relies on the use of full names on the contact list rather than unique user names.  It easy to impersonate other users and introduces substantial security risks.  Average users are easily tricked as a result.
  • 4. Skype's software downloads are not delivered over a HTTPS / SSL connection  Downloads may be tampered with by a third party.  China has been known to produce its own Trojan-infected version of Skype.  Users are exposed to interception, impersonation and surveillance.
  • 5. Skype could provide a backdoor entry  Skype allows users to establish direct connections with each other.  It's also "port agile" − If a firewall port is blocked Skype will look around for other open ports that it can use to establish a connection.  If you put Skype behind a firewall or NAT layer, 99% it will work without any special configuration.  Skype could provide a backdoor entry into secure networks for Trojans, worms, and viruses.  It could also provide a channel for corporate data to be freely shared between users without any of the usual security considerations.
  • 6. Skype's proprietary protocol  Skype uses a proprietary protocol instead of a standard one such as the SIP.  This makes it an unknown from the point of view of the vulnerabilities that might be there.  Every nonstandard application can add unnecessary risks to your environment.  In the end no one really knows what all is built into such an application.
  • 7. References [1] Privacy International, "Skype Called Answer Mounting Security Concerns", [Online]. Available: https://www.privacyinternational.org/article/skype-called- answer-mounting-security-concerns.[Accessed: Oct. 31, 2011]. [2] Jaikumar Vijayan, "Does Skype Face Security Threat?", [Online]. Available: http://www.pcworld.com/article/123279/does_skype_face_secur ity_threat.html.[Accessed: Oct. 31, 2011].