I know that skype not in the repositories but is it ok to use?
Same risk as with any closed proprietary app, you don’t know what it’s really doing. E.g. whether a spy agency has got backdoor keys to decrypt your conversation. Having said that, it works fine under Linux, provided you got it from skype.com.
In those case I think that all your trust should be on the company or enterprise behind the application. If you trust in Skype’s people just use it. Now if you ask if it works yes it does and in my case quite well.
And adding to the above (which I fully endorse). Depends on what you think is save.
I see e.g. that Skype tells me about the people im my Skype list when they are going on-/off-line.
IMHO that means that I see when someone has running Skyp there on the system. I then can come to the conclusion that that person is sitting there.
I suppose they see the same about me. The question is, feel I/you safe with this.
Well in the Skype Howto they suggest creating an Apparmor profile for skype. I posted about it HERE asking for clarification on the profile but got no replies.
Apparently skype reads your mozilla profile. Who knows what else it’s doing. It’s a shame that it’s become the defacto app for voice and video calling rather than an open standards based app.
suse tpx60s wrote:
> but got no replies … Apparently skype reads your mozilla profile. Who knows what else it’s
> doing.
you can’t get replies from folks without answers (or care enough to
get answers)…
if you are concerned about Skype, then don’t use it…
or, figure out how to jail it…
and, learn how to find out what else it is doing…
then come back and tell us all what it may be doing…
right now, i’m not worried about Skype … if i were i’d do something
about it…
–
DenverD (Linux Counter 282315)
CAVEAT: http://is.gd/bpoMD
via NNTP w/TBird 2.0.0.23 | KDE 3.5.7 | openSUSE 10.3
2.6.22.19-0.4-default SMP i686
AMD Athlon 1 GB RAM | GeForce FX 5500 | ASRock K8Upgrade-760GX |
CMedia 9761 AC’97 Audio
Fair enough but I am not technical enough to figure out how to even find out what skype is doing hence relying on this forum for information and the howto articles. Someone wrote that entry about the privacy and security in the Skype howto so I thought posting a question in this forum would have a good chance of that author seeing it and perhaps responding. Failing that I was hoping that someone else here knows enough about Apparmor to advise. TBH if it wasn’t for that paragraph in the howto I would not have known about skype reading the mozilla profile and would not have even known about the possibility of jailing skype.
I assume you have not bothered to jail skype then?
suse tpx60s wrote:
> I assume you have not bothered to jail skype then?
no, i’ve had Skype installed on Linux here before eBay bought the
company in 2005 from a 20-something year old Danish guy (i live in
Denmark) and the $2,600,000,000.00 sale made him the second richest
guy in the country…
so, i’m not afraid of it…maybe i should be, but i am not…i
mean, if Skype is able to get my mozilla profile, then don’t you
reckon mozilla already has it?
who you gonna trust?
–
DenverD (Linux Counter 282315)
CAVEAT: http://is.gd/bpoMD
via NNTP w/TBird 2.0.0.23 | KDE 3.5.7 | openSUSE 10.3
2.6.22.19-0.4-default SMP i686
AMD Athlon 1 GB RAM | GeForce FX 5500 | ASRock K8Upgrade-760GX |
CMedia 9761 AC’97 Audio
IMHO the big risk is how you use Skype with wireless, especially with a laptop. It appears my wife’s Skype was hacked on the weekend (she uses an iPod to access Skype), but from what I speculate, the hack could just as easy been done to a Linux PC’s wireless, based on the poor security practice she was using at the time. She has now learned to tighten her methods to prevent such a hack. … It was an interesting weekend.
oldcpu wrote:
> appears my wife’s Skype was hacked on the weekend
did they make money costing calls…or??
–
DenverD (Linux Counter 282315)
CAVEAT: http://is.gd/bpoMD
via NNTP w/TBird 2.0.0.23 | KDE 3.5.7 | openSUSE 10.3
2.6.22.19-0.4-default SMP i686
AMD Athlon 1 GB RAM | GeForce FX 5500 | ASRock K8Upgrade-760GX |
CMedia 9761 AC’97 Audio
They used her account to credit 4 different accounts …
Now me, I don’t use Skype, I’ve never used Skype, and I do not know the 1st thing about Skype, so what I am passing in is second hand, and I may have missed some details in the translation.
**The Hack **
She discovered on Sunday, that someone had transferred 135 euros worth of credit from her Skype account to 4 separate Skype accounts with an automatic bill to PayPal. [She has a maximum 140 euros pre-authorized setup on her Skype/Pay-Pal combination].
My wife knows none of the 4 people (to whom the credit was transfered) and she definitely did NOT authorize the transfer. Yet the transfer was made on Saturday, according to the Skype billing records [she 1st new of the hack when she received an email advising her of the transfer from PayPal, which warned of a strange fund transfer that she did not expect].
Initial reaction
So on Sunday, with my help in her spelling (she is Thai and not the best English speller so she needed my help (albeit I’m also a bad speller)), she got onto an on-line chat with Skype “help line”, advising them of the unauthorized transfer and she asked that they immediately abort/reverse the transfer. Skype “help staff” agreed to look into it.
I then told her to change her password for Skype immediately. She then did so at my pushing her. I also suggested she contact Paypal and tell Paypal to stop Skype payment (and to reverse the previous payment to Skype) immediately. My wife checked with PayPal policy for refunds, noted she had discovered she had 45-days to do so, and so she declined to contact PayPal. She wanted to see Skype’s response first.
Initial Skype Reply on Monday (today).
Skype sent her an email on Monday advising they froze her Skype account, and recommended she change her password. They told her once her password was changed, they told her they would only then re-open her account. They also advised they would NOT reverse the credit transfer and noted she was responsible for the unauthorized transfer. My wife advised that she had ALREADY changed her password, and she objected to their decision not to reverse the credit transfer.
Wife’s Next action on Monday (today)
My wife then contacted PayPal, and asked they reverse the fund transfer to Skype, saying she did NOT authorize it. PayPal advised they would investigate.
Skype 2nd reply on Monday (today)
Shortly after PayPal replied to my wife, advising they would investigate the unauthorized PayPal transfer to Skype (and thus indirectly help investigate the Skype unauthorized transfer to the 4 other Skype users), my wife received an email from Skype, saying they had changed their mind, and they would reverse the unauthorized credit transfer. But that reversal would take a few days.
Thats where we stand now. … sort of in limbo with the possibility of good news.
My Speculation
How did the hack occur ? One thought is Skype (and not my wife) was hacked.
But another possibility is possibly my wife was using her ipod in a public wifi place, and logged on to Skype with her user name and password in an unencrypted wifi (which she has done on occasion) and someone intercepted her password/username from the ipod Skype user account logon to Skype. My speculation is Skype software does NOT encrypt the username/password over wireless. So a hacker intercepted the wireless, and they then took that username/password, and logged on to her Skype management account (which typically is the same as the user account, although it does not have to be the same, nor IMHO should it be the same. My wife SHOULD have had a different management account with a different user name/password, but she did not - her mistake) and the hacker(s) then initiated the maximum credit transfer they could do with her account.
My guess is the hackers also obtained username/password from enough OTHER users to transfer a massive credit to their accounts, and then they immediately ordered a very expensive phone purchase from Skype (possibly an iphone or what ever expensive hardware one can get from Skype, if possible to order something expensive like a PBX).
My wife’s planned Follow-up action.
My wife is now going to setup a separate Management account for Skype, and use a separate password for her Skype management account (which will be different from her Skype user account - according to my wife). And she is going to keep her Skype user account credit below 5 euros. Hence in future if they steal her user account password via wireless ( ? ) , the most they will be able to steal will be 5 euros from her user account, but they still won’t be able to access her management account with Skype. And she will ONLY access her Skype Management account from a wired connection. At least that is her plan.
Still, its a big lesson for my wife and it cost both of us (me in particular) some time, where I am a bit short of time with many business trips coming up.
sounds scary…i just changed my skype password and set limits on paypal…
–
DenverD (Linux Counter 282315)
CAVEAT: http://is.gd/bpoMD
via NNTP w/TBird 2.0.0.23 | KDE 3.5.7 | openSUSE 10.3
2.6.22.19-0.4-default SMP i686
AMD Athlon 1 GB RAM | GeForce FX 5500 | ASRock K8Upgrade-760GX |
CMedia 9761 AC’97 Audio
DenverD wrote:
> i just changed my skype password and set limits on paypal…
well, i wrote that in past tense and then went to do it, and change my
skype pass to a stronger ‘word’ but couldn’t figure out how/where to
set paypal limits…
i’ll try again another day…
–
DenverD (Linux Counter 282315)
CAVEAT: http://is.gd/bpoMD
via NNTP w/TBird 2.0.0.23 | KDE 3.5.7 | openSUSE 10.3
2.6.22.19-0.4-default SMP i686
AMD Athlon 1 GB RAM | GeForce FX 5500 | ASRock K8Upgrade-760GX |
CMedia 9761 AC’97 Audio
On 2010-07-05 03:36 GMT accessdeniedno wrote:
> I know that skype not in the repositories but is it ok to use?
http://en.wikipedia.org/wiki/Skype_security
–
Cheers / Saludos,
Carlos E. R.
(from 11.2 x86_64 “Emerald” GM (Elessar))