Is It Safe To Run Skype On Your Computer?

Originally posted at KtecK Blog – Syndicated on October 31, 2005 (My old blog)

Skype running HTTP servers on your computer!The other day, my son made an interesting discovery, while trying to set up a web server on his computer. Apache web server kept giving an error that port 80 was already in use. He was not runing any other server on that port or so he thought. Not seeing any know server application in the process list, he slow shut down programs know not to be a part of windows XP. This is where he discovered that Skype was running a web server on 2 ports, something we definitely did not expect to find.. You can check this on your computer: http://127.0.0.1 and http://127.0.0.1:443 (You will get a blank page in your browser)Skype claims it uses these ports to allow connection through a firewall. It seems a bit strange seeing this as no other other application such as Yahoo, Google etc. require this to function.. Worst of all the two ports used 80 and 443 are among the most common ones searched for by the bad guys.. This lead me to do some further research on the subject.. Some of what I found (see below) I will no longer being using Skype. I’ll leave it up to you to come to your own conclusions on this. For me, I think it is time to move on and give the open standards program Gizmo a try. http://www.gizmoproject.comcall4help.tech


University of Cambridge department bans Skype, citing security concernsToday, the Department of Physics at Cambridge issued a memo to all staff and students, blocking the use of Skype on the University data network (CUDN). Users were alerted to recent security compromises and back-door intrusion attempts on machines running Skype.Breaches involved Skype’s underlying P2P technology: essentially, the connection sharing permitted by Skype “makes the host computer and the CUDN available for the world at large to use for relaying purposes; indeed, the licence for such software can require the end-user to make them available even though the end-user has no power to make that commitment regarding use of the network” Read whole story


Skype: Hazardous to network health?While not exactly a low-profile endeavor before its recent acquisition by eBay, Skype is sure to be an even greater presence on the Internet and on home computers – and most likely on your corporate network. But can Skype be hazardous to your network’s health?It might come as no surprise that you could be carrying Skype traffic for your user base, but are you are aware that your LAN and WAN links might be carrying VoIP traffic of complete strangers? That is, traffic of VoIP conversations that neither originate nor terminate on your network. In effect, you are donating what can be scarce and expensive WAN bandwidth to your newly minted multi-millionaire friends at Skype. (I’m sure, however, that they greatly appreciate it!) Read whole story


Multiple Vulnerabilities in Skype added October 26, 2005US-CERT is aware of several buffer overflow vulnerabilities in Skype that may allow a remote attacker to execute arbitrary code.The most critical of these issues can be exploited by sending a specially crafted packet to a vulnerable Skype installation. More information about this vulnerability can be found in the following US-CERT Vulnerability Note:

  • VU#905177 – Skype vulnerable to heap-based buffer overflow

The other two vulnerabilities can be exploited by accessing a specially crafted VCARD or Skype URI. More information about these vulnerabilities can be found in the following US-CERT Vulnerability Notes:

  • VU#668193 – Skype VCARD handling routine contains a buffer overflow
  • VU#930345 – Skype URI handling routine contains a buffer overflow

Skype has released the following Security Bulletins to address these vulnerabilities:

US-CERT encourages Skype users to upgrade to the latest fixed version of Skype as soon as possible.Read whole story


University of Cambridge department bans Skype, citing security concernsoday, the Department of Physics at Cambridge issued a memo to all staff and students, blocking the use of Skype on the University data network (CUDN). Users were alerted to recent security compromises and back-door intrusion attempts on machines running Skype.Breaches involved Skype’s underlying P2P technology: essentially, the connection sharing permitted by Skype “makes the host computer and the CUDN available for the world at large to use for relaying purposes; indeed, the licence for such software can require the end-user to make them available even though the end-user has no power to make that commitment regarding use of the network” Read whole story


Have You read the Skype End User Agreement?4.1 Permission to utilize Your computer. In order to receive the benefits provided by the Skype Software, You hereby grant permission for the Skype Software to utilize the processor and bandwidth of Your computer for the limited purpose of facilitating the communication between Skype Software users.5.1 Skype’s Confidential Information. You agree to take all reasonable steps at all times to protect and maintain any confidential information regarding Skype, its Affiliates, the Skype Staff, the Skype Software and the IP Rights, strictly confidential. 7.2 No Warranties. Skype cannot guarantee that You will always be able to communicate with other Skype Software users, nor can Skype guarantee that You can communicate without disruptions, delays or other communication-related flaws. Skype will not be liable for any such disruptions, delays or other omissions in any communication experienced when using Skype Software.7.3 No Control. You acknowledge and understand that Skype does not control, or have any knowledge of, the content of any communication(s) spread by the use of the Skype Software. The content of the communication is entirely the responsibility of the person from whom such content originated. You, therefore, may be exposed to content that is offensive, indecent or otherwise objectionable. Skype will not be liable for any type of communication spread by means of the Skype Software.8.2 Termination by Skype. Skype may terminate this Agreement with immediate effect at any time, with or without cause and without recourse to courts, by providing notice to You and/or by preventing Your access to the Skype Software, as set forth in Article 2.5 above.YOU EXPRESSLY ACKNOWLEDGE THAT YOU HAVE READ THIS AGREEMENT AND UNDERSTAND THE RIGHTS, OBLIGATIONS, TERMS AND CONDITIONS SET FORTH HEREIN. BY CLICKING ON THE ACCEPT BUTTON AND/OR CONTINUING TO INSTALL THE SKYPE SOFTWARE, YOU EXPRESSLY CONSENT TO BE BOUND BY ITS TERMS AND CONDITIONS AND GRANT TO SKYPE THE RIGHTS SET FORTH HEREIN.