11-13-2005, 09:54 AM
Quote:In a research note prepared for Info-Tech Research Group members, Armstrong outlines five reasons for an enterprise to ban Skype:
- Skype is not standards-compliant, allowing it and any vulnerability to
pass through corporate firewalls.
- Skype's encryption is closed source and prone to man-in-the-middle
attacks. There are also some unanswered questions about how well the
keys are managed.
- Enterprises using Skype risk a communication barrier with countries
and institutions that have already banned the service.
- Skype is undetectable, untraceable, and unauditable, putting
organizations that are subject to compliance laws at risk.
- The question of whether VoIP calls constitute a business record is a
legal quagmire. Throwing Skype into the communications mix further
clouds the issue.
Comments Armstrong, "The bottom line is that even a mediocre hacker could take advantage of a Skype vulnerability...
full press release: http://biz.yahoo.com/prnews/051110/to217.html?.v=15
article: Should businesses ban Skype? Or is it enough to police usage?
Quote:Skype's security holes may not threaten businesses more than those in IM or email, Armstrong explained, "but because Skype is new, the vulnerabilities might not be as well known".http://www.silicon.com/research/specialr...106,00.htm