SlideShare a Scribd company logo

Security Risks & Vulnerabilities in Skype

Kelum Senanayake
Kelum Senanayake

Skype claims to provide secure communication but has several security risks and vulnerabilities. It does not display unique usernames, making impersonation easy. Software downloads are not encrypted, exposing users to tampering. Skype's direct peer-to-peer connections and port scanning capabilities could allow malware to bypass firewalls. Additionally, Skype's proprietary protocol is not open for review, so its security properties are unknown.

Technology
1 of 7
Download to read offline
Security risks & vulnerabilities in Skype Kelum Senanayake
Introduction  Skype proclaims that it provides a secure method of communication.  Hundreds of millions of people have chosen to use Skype, often on the basis of this assurance.  But there are some security risk and vulnerabilities of Skype.
The user interface does not display a "real Skype username" in the contact list  Skype's interface relies on the use of full names on the contact list rather than unique user names.  It easy to impersonate other users and introduces substantial security risks.  Average users are easily tricked as a result.
Skype's software downloads are not delivered over a HTTPS / SSL connection  Downloads may be tampered with by a third party.  China has been known to produce its own Trojan-infected version of Skype.  Users are exposed to interception, impersonation and surveillance.
Skype could provide a backdoor entry  Skype allows users to establish direct connections with each other.  It's also "port agile" − If a firewall port is blocked Skype will look around for other open ports that it can use to establish a connection.  If you put Skype behind a firewall or NAT layer, 99% it will work without any special configuration.  Skype could provide a backdoor entry into secure networks for Trojans, worms, and viruses.  It could also provide a channel for corporate data to be freely shared between users without any of the usual security considerations.
Skype's proprietary protocol  Skype uses a proprietary protocol instead of a standard one such as the SIP.  This makes it an unknown from the point of view of the vulnerabilities that might be there.  Every nonstandard application can add unnecessary risks to your environment.  In the end no one really knows what all is built into such an application.
References [1] Privacy International, "Skype Called Answer Mounting Security Concerns", [Online]. Available: https://www.privacyinternational.org/article/skype-called- answer-mounting-security-concerns.[Accessed: Oct. 31, 2011]. [2] Jaikumar Vijayan, "Does Skype Face Security Threat?", [Online]. Available: http://www.pcworld.com/article/123279/does_skype_face_secur ity_threat.html.[Accessed: Oct. 31, 2011].

Recommended

Re solution - corona virus cyber security infographic
Re solution - corona virus cyber security infographicRe solution - corona virus cyber security infographic
Re solution - corona virus cyber security infographicJacob Tranter
 
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...Jacob Tranter
 
Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Skycure
 
Internet security and privacy
Internet security and privacyInternet security and privacy
Internet security and privacygbemis00
 
Endpoint Security
Endpoint Security Endpoint Security
Endpoint Security Zack Fabro
 
Intel McAfee DeepSAFE Technology
Intel McAfee DeepSAFE TechnologyIntel McAfee DeepSAFE Technology
Intel McAfee DeepSAFE TechnologyCan Your Security
 
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...imagazinepl
 
Venkasure Antivirus + Internet Security
Venkasure Antivirus + Internet SecurityVenkasure Antivirus + Internet Security
Venkasure Antivirus + Internet Securityvenkasureantivirus
 

Recommended

Re solution - corona virus cyber security infographic
Re solution - corona virus cyber security infographicRe solution - corona virus cyber security infographic
Re solution - corona virus cyber security infographicJacob Tranter
 
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...
Resolution - Security - Cisco Advanced Malware Protection for Endpoints - Fea...Jacob Tranter
 
Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Skycure
 
Internet security and privacy
Internet security and privacyInternet security and privacy
Internet security and privacygbemis00
 
Endpoint Security
Endpoint Security Endpoint Security
Endpoint Security Zack Fabro
 
Intel McAfee DeepSAFE Technology
Intel McAfee DeepSAFE TechnologyIntel McAfee DeepSAFE Technology
Intel McAfee DeepSAFE TechnologyCan Your Security
 
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...
Kaspersky Security for Mac - Comprehensive Protection for the Mac OS X Enviro...imagazinepl
 
Venkasure Antivirus + Internet Security
Venkasure Antivirus + Internet SecurityVenkasure Antivirus + Internet Security
Venkasure Antivirus + Internet Securityvenkasureantivirus
 
The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityThe fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityNowSecure
 
Acronis Active Protection: A Way To Combat Ransomware Attack
Acronis Active Protection: A Way To Combat Ransomware AttackAcronis Active Protection: A Way To Combat Ransomware Attack
Acronis Active Protection: A Way To Combat Ransomware AttackAcronis
 
How to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMHow to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMSkycure
 
iOS and Android security: Differences you need to know
iOS and Android security: Differences you need to knowiOS and Android security: Differences you need to know
iOS and Android security: Differences you need to knowNowSecure
 
Cloud Attacks: A Live Simulation of Cloud MIsconfiguration Attacks
Cloud Attacks: A Live Simulation of Cloud MIsconfiguration AttacksCloud Attacks: A Live Simulation of Cloud MIsconfiguration Attacks
Cloud Attacks: A Live Simulation of Cloud MIsconfiguration AttacksDiemShin
 
Web security
Web security Web security
Web security Kaushal Bhavsar
 
Is Security Optional20100608
Is Security Optional20100608Is Security Optional20100608
Is Security Optional20100608aljapaco
 
Chapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusChapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusAdi Saputra
 
Secure Your Mobile Apps
Secure Your Mobile AppsSecure Your Mobile Apps
Secure Your Mobile Appsprimomh
 
Web appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practicesWeb appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practicesPotato
 
Computer viruses
Computer virusesComputer viruses
Computer virusesAyushJain628
 
Wordpress security
Wordpress securityWordpress security
Wordpress securityjhon wilson
 
CLASS VII COMPUTER SECURITY
CLASS VII COMPUTER SECURITYCLASS VII COMPUTER SECURITY
CLASS VII COMPUTER SECURITYRc Os
 
F5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingF5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingGlobal Business Events
 
Network basic security
Network basic securityNetwork basic security
Network basic securityMohamed Radji
 
iOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious ProfilesiOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious ProfilesYair Amit
 
Internet explorer tech support call 1 866-757-9494
Internet explorer tech support call 1 866-757-9494Internet explorer tech support call 1 866-757-9494
Internet explorer tech support call 1 866-757-9494Tech Cillin
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overviewCisco Canada
 
Web App Se Saidi Scan
Web App Se Saidi ScanWeb App Se Saidi Scan
Web App Se Saidi ScanAung Khant
 
The World Against the Bad, Cisco AMP Solution to the Rescue
The World Against the Bad, Cisco AMP Solution to the RescueThe World Against the Bad, Cisco AMP Solution to the Rescue
The World Against the Bad, Cisco AMP Solution to the RescueCisco Canada
 
EJB 3.0 - Yet Another Introduction
EJB 3.0 - Yet Another IntroductionEJB 3.0 - Yet Another Introduction
EJB 3.0 - Yet Another IntroductionKelum Senanayake
 
Node.js Introduction
Node.js IntroductionNode.js Introduction
Node.js IntroductionKelum Senanayake
 

More Related Content

What's hot

The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityThe fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityNowSecure
 
Acronis Active Protection: A Way To Combat Ransomware Attack
Acronis Active Protection: A Way To Combat Ransomware AttackAcronis Active Protection: A Way To Combat Ransomware Attack
Acronis Active Protection: A Way To Combat Ransomware AttackAcronis
 
How to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMHow to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMSkycure
 
iOS and Android security: Differences you need to know
iOS and Android security: Differences you need to knowiOS and Android security: Differences you need to know
iOS and Android security: Differences you need to knowNowSecure
 
Cloud Attacks: A Live Simulation of Cloud MIsconfiguration Attacks
Cloud Attacks: A Live Simulation of Cloud MIsconfiguration AttacksCloud Attacks: A Live Simulation of Cloud MIsconfiguration Attacks
Cloud Attacks: A Live Simulation of Cloud MIsconfiguration AttacksDiemShin
 
Is Security Optional20100608
Is Security Optional20100608Is Security Optional20100608
Is Security Optional20100608aljapaco
 
Chapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusChapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusAdi Saputra
 
Secure Your Mobile Apps
Secure Your Mobile AppsSecure Your Mobile Apps
Secure Your Mobile Appsprimomh
 
Web appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practicesWeb appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practicesPotato
 
Wordpress security
Wordpress securityWordpress security
Wordpress securityjhon wilson
 
CLASS VII COMPUTER SECURITY
CLASS VII COMPUTER SECURITYCLASS VII COMPUTER SECURITY
CLASS VII COMPUTER SECURITYRc Os
 
F5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingF5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingGlobal Business Events
 
Network basic security
Network basic securityNetwork basic security
Network basic securityMohamed Radji
 
iOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious ProfilesiOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious ProfilesYair Amit
 
Internet explorer tech support call 1 866-757-9494
Internet explorer tech support call 1 866-757-9494Internet explorer tech support call 1 866-757-9494
Internet explorer tech support call 1 866-757-9494Tech Cillin
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overviewCisco Canada
 
Web App Se Saidi Scan
Web App Se Saidi ScanWeb App Se Saidi Scan
Web App Se Saidi ScanAung Khant
 
The World Against the Bad, Cisco AMP Solution to the Rescue
The World Against the Bad, Cisco AMP Solution to the RescueThe World Against the Bad, Cisco AMP Solution to the Rescue
The World Against the Bad, Cisco AMP Solution to the RescueCisco Canada
 

What's hot (20)

The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityThe fundamentals of Android and iOS app security
The fundamentals of Android and iOS app security
 
Acronis Active Protection: A Way To Combat Ransomware Attack
Acronis Active Protection: A Way To Combat Ransomware AttackAcronis Active Protection: A Way To Combat Ransomware Attack
Acronis Active Protection: A Way To Combat Ransomware Attack
 
How to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMHow to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMM
 
iOS and Android security: Differences you need to know
iOS and Android security: Differences you need to knowiOS and Android security: Differences you need to know
iOS and Android security: Differences you need to know
 
Cloud Attacks: A Live Simulation of Cloud MIsconfiguration Attacks
Cloud Attacks: A Live Simulation of Cloud MIsconfiguration AttacksCloud Attacks: A Live Simulation of Cloud MIsconfiguration Attacks
Cloud Attacks: A Live Simulation of Cloud MIsconfiguration Attacks
 
Web security
Web security Web security
Web security
 
Is Security Optional20100608
Is Security Optional20100608Is Security Optional20100608
Is Security Optional20100608
 
Chapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirusChapter 1, Transformasi antivirus
Chapter 1, Transformasi antivirus
 
Secure Your Mobile Apps
Secure Your Mobile AppsSecure Your Mobile Apps
Secure Your Mobile Apps
 
Web appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practicesWeb appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practices
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Wordpress security
Wordpress securityWordpress security
Wordpress security
 
CLASS VII COMPUTER SECURITY
CLASS VII COMPUTER SECURITYCLASS VII COMPUTER SECURITY
CLASS VII COMPUTER SECURITY
 
F5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are FailingF5 Networks- Why Legacy Security Systems are Failing
F5 Networks- Why Legacy Security Systems are Failing
 
Network basic security
Network basic securityNetwork basic security
Network basic security
 
iOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious ProfilesiOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious Profiles
 
Internet explorer tech support call 1 866-757-9494
Internet explorer tech support call 1 866-757-9494Internet explorer tech support call 1 866-757-9494
Internet explorer tech support call 1 866-757-9494
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overview
 
Web App Se Saidi Scan
Web App Se Saidi ScanWeb App Se Saidi Scan
Web App Se Saidi Scan
 
The World Against the Bad, Cisco AMP Solution to the Rescue
The World Against the Bad, Cisco AMP Solution to the RescueThe World Against the Bad, Cisco AMP Solution to the Rescue
The World Against the Bad, Cisco AMP Solution to the Rescue
 

Viewers also liked

EJB 3.0 - Yet Another Introduction
EJB 3.0 - Yet Another IntroductionEJB 3.0 - Yet Another Introduction
EJB 3.0 - Yet Another IntroductionKelum Senanayake
 
Couchbase - Yet Another Introduction
Couchbase - Yet Another IntroductionCouchbase - Yet Another Introduction
Couchbase - Yet Another IntroductionKelum Senanayake
 
What you need to know about GC
What you need to know about GCWhat you need to know about GC
What you need to know about GCKelum Senanayake
 
A Searchable Symmetric Key Cipher System
A Searchable Symmetric Key Cipher SystemA Searchable Symmetric Key Cipher System
A Searchable Symmetric Key Cipher SystemKelum Senanayake
 
Attacking Turkish Texts Encrypted by Homophonic Cipher
Attacking Turkish Texts Encrypted by Homophonic CipherAttacking Turkish Texts Encrypted by Homophonic Cipher
Attacking Turkish Texts Encrypted by Homophonic CipherSefik Ilkin Serengil
 
Secure Data Sharing in Cloud (SDSC)
Secure Data Sharing in Cloud (SDSC)Secure Data Sharing in Cloud (SDSC)
Secure Data Sharing in Cloud (SDSC)Jishnu Pradeep
 
Analysis of Searchable Encryption
Analysis of Searchable EncryptionAnalysis of Searchable Encryption
Analysis of Searchable EncryptionNagendra Posani
 
Discrete Logarithmic Problem- Basis of Elliptic Curve Cryptosystems
Discrete Logarithmic Problem- Basis of Elliptic Curve CryptosystemsDiscrete Logarithmic Problem- Basis of Elliptic Curve Cryptosystems
Discrete Logarithmic Problem- Basis of Elliptic Curve CryptosystemsNIT Sikkim
 
Searchable Encryption Systems
Searchable Encryption SystemsSearchable Encryption Systems
Searchable Encryption SystemsChristopher Frenz
 
Search on encrypted data
Search on encrypted dataSearch on encrypted data
Search on encrypted dataSELASI OCANSEY
 
The NFS Version 4 Protocol
The NFS Version 4 ProtocolThe NFS Version 4 Protocol
The NFS Version 4 ProtocolKelum Senanayake
 

Viewers also liked (18)

EJB 3.0 - Yet Another Introduction
EJB 3.0 - Yet Another IntroductionEJB 3.0 - Yet Another Introduction
EJB 3.0 - Yet Another Introduction
 
Node.js Introduction
Node.js IntroductionNode.js Introduction
Node.js Introduction
 
Couchbase - Yet Another Introduction
Couchbase - Yet Another IntroductionCouchbase - Yet Another Introduction
Couchbase - Yet Another Introduction
 
What you need to know about GC
What you need to know about GCWhat you need to know about GC
What you need to know about GC
 
A Searchable Symmetric Key Cipher System
A Searchable Symmetric Key Cipher SystemA Searchable Symmetric Key Cipher System
A Searchable Symmetric Key Cipher System
 
Attacking Turkish Texts Encrypted by Homophonic Cipher
Attacking Turkish Texts Encrypted by Homophonic CipherAttacking Turkish Texts Encrypted by Homophonic Cipher
Attacking Turkish Texts Encrypted by Homophonic Cipher
 
Gırgır sunum
Gırgır sunum Gırgır sunum
Gırgır sunum
 
Searchable Encryption
Searchable EncryptionSearchable Encryption
Searchable Encryption
 
Secure Data Sharing in Cloud (SDSC)
Secure Data Sharing in Cloud (SDSC)Secure Data Sharing in Cloud (SDSC)
Secure Data Sharing in Cloud (SDSC)
 
Analysis of Searchable Encryption
Analysis of Searchable EncryptionAnalysis of Searchable Encryption
Analysis of Searchable Encryption
 
Discrete Logarithmic Problem- Basis of Elliptic Curve Cryptosystems
Discrete Logarithmic Problem- Basis of Elliptic Curve CryptosystemsDiscrete Logarithmic Problem- Basis of Elliptic Curve Cryptosystems
Discrete Logarithmic Problem- Basis of Elliptic Curve Cryptosystems
 
Searchable Encryption Systems
Searchable Encryption SystemsSearchable Encryption Systems
Searchable Encryption Systems
 
How to Share a Secret
How to Share a SecretHow to Share a Secret
How to Share a Secret
 
Search on encrypted data
Search on encrypted dataSearch on encrypted data
Search on encrypted data
 
GPU Programming with Java
GPU Programming with JavaGPU Programming with Java
GPU Programming with Java
 
The NFS Version 4 Protocol
The NFS Version 4 ProtocolThe NFS Version 4 Protocol
The NFS Version 4 Protocol
 
Knight's Tour
Knight's TourKnight's Tour
Knight's Tour
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 

Similar to Security Risks & Vulnerabilities in Skype

Pegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowPegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowSkycure
 
pegasus-whatyouneedtoknow-160916194631 (1).pdf
pegasus-whatyouneedtoknow-160916194631 (1).pdfpegasus-whatyouneedtoknow-160916194631 (1).pdf
pegasus-whatyouneedtoknow-160916194631 (1).pdf064ChetanWani
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3mPrem Kumar (OSCP)
 
Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014TGodfrey
 
Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...
Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...
Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...Software Park Thailand
 
Final project slideshare
Final project slideshareFinal project slideshare
Final project slideshareaenteha94
 
Final project slideshare
Final project slideshareFinal project slideshare
Final project slideshareaenteha94
 
Web security: concepts and tools used by attackers
Web security: concepts and tools used by attackersWeb security: concepts and tools used by attackers
Web security: concepts and tools used by attackerstomasperezv
 
Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015TGodfrey
 
Debunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN SecurityDebunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN Securityinside-BigData.com
 
Drupal Security Seminar
Drupal Security SeminarDrupal Security Seminar
Drupal Security SeminarCalibrate
 
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Cisco do Brasil
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Securitysudip pudasaini
 
Pangolin whitepaper
Pangolin whitepaperPangolin whitepaper
Pangolin whitepapermattotamhe
 
Secure codingguide
Secure codingguideSecure codingguide
Secure codingguideDavid Kwak
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamMohammed Adam
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft
 
Enterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-upEnterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-upDileep Kalidindi
 
Mobile security
Mobile securityMobile security
Mobile securityStefaan
 

Similar to Security Risks & Vulnerabilities in Skype (20)

Pegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to KnowPegasus Spyware - What You Need to Know
Pegasus Spyware - What You Need to Know
 
pegasus-whatyouneedtoknow-160916194631 (1).pdf
pegasus-whatyouneedtoknow-160916194631 (1).pdfpegasus-whatyouneedtoknow-160916194631 (1).pdf
pegasus-whatyouneedtoknow-160916194631 (1).pdf
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
 
Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014
 
Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...
Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...
Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันท...
 
Final project slideshare
Final project slideshareFinal project slideshare
Final project slideshare
 
Final project slideshare
Final project slideshareFinal project slideshare
Final project slideshare
 
Web security: concepts and tools used by attackers
Web security: concepts and tools used by attackersWeb security: concepts and tools used by attackers
Web security: concepts and tools used by attackers
 
Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015
 
Cybersecurity-NSIC.pdf
Cybersecurity-NSIC.pdfCybersecurity-NSIC.pdf
Cybersecurity-NSIC.pdf
 
Debunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN SecurityDebunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN Security
 
Drupal Security Seminar
Drupal Security SeminarDrupal Security Seminar
Drupal Security Seminar
 
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Pangolin whitepaper
Pangolin whitepaperPangolin whitepaper
Pangolin whitepaper
 
Secure codingguide
Secure codingguideSecure codingguide
Secure codingguide
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by Adam
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security Threats
 
Enterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-upEnterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-up
 
Mobile security
Mobile securityMobile security
Mobile security
 

Recently uploaded

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Recently uploaded (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Security Risks & Vulnerabilities in Skype

  • 1. Security risks & vulnerabilities in Skype Kelum Senanayake
  • 2. Introduction  Skype proclaims that it provides a secure method of communication.  Hundreds of millions of people have chosen to use Skype, often on the basis of this assurance.  But there are some security risk and vulnerabilities of Skype.
  • 3. The user interface does not display a "real Skype username" in the contact list  Skype's interface relies on the use of full names on the contact list rather than unique user names.  It easy to impersonate other users and introduces substantial security risks.  Average users are easily tricked as a result.
  • 4. Skype's software downloads are not delivered over a HTTPS / SSL connection  Downloads may be tampered with by a third party.  China has been known to produce its own Trojan-infected version of Skype.  Users are exposed to interception, impersonation and surveillance.
  • 5. Skype could provide a backdoor entry  Skype allows users to establish direct connections with each other.  It's also "port agile" − If a firewall port is blocked Skype will look around for other open ports that it can use to establish a connection.  If you put Skype behind a firewall or NAT layer, 99% it will work without any special configuration.  Skype could provide a backdoor entry into secure networks for Trojans, worms, and viruses.  It could also provide a channel for corporate data to be freely shared between users without any of the usual security considerations.
  • 6. Skype's proprietary protocol  Skype uses a proprietary protocol instead of a standard one such as the SIP.  This makes it an unknown from the point of view of the vulnerabilities that might be there.  Every nonstandard application can add unnecessary risks to your environment.  In the end no one really knows what all is built into such an application.
  • 7. References [1] Privacy International, "Skype Called Answer Mounting Security Concerns", [Online]. Available: https://www.privacyinternational.org/article/skype-called- answer-mounting-security-concerns.[Accessed: Oct. 31, 2011]. [2] Jaikumar Vijayan, "Does Skype Face Security Threat?", [Online]. Available: http://www.pcworld.com/article/123279/does_skype_face_secur ity_threat.html.[Accessed: Oct. 31, 2011].