The total madness and insecurity issues of the current public Skype.exe and why no corporation should implement it just like that.

This is what I was thinking today (don’t go looking for a yes sir or no sir in me) on the matter of Skype’s and certain security issues. I have blogged about these topics many times. Until they are fixed or addressed, I will continue to do so. Is that not why blogs are around ? Or should we only write nice things.. Who dears to speak up... These are my personal opinions by the way.

Here goes. I Always wondered why the "external" security of skype is such a unfinished business.... yeah, the 256-aes tunnel is for sure unbeatable, but the dual-, triple, quadruple (and so on) logon without notification, combined with a public web-control panel that virtually anybody can access without the owner getting any notification...

It does not show log-files internally who accessed it, so what kind of system is that really… The public password reset (initiated via a simple email fill-in procedure initiating an email containing the password in clear text... pfff, people being able to fill in their email-address as user id... tsss. that kind of stuff... why don't they fix such simple issues ? especially since the identification data (except for the hidden fields) on the skype p2p cloud can be downloaded just like that.... I find that a scary scenario. I have never heard of any other IM system whereby virtually any basic «hacker» could download the field of the publicly visible database.. It’s probably not easy to prevent with the current Skype p2p concept. But that is not the point, the point is that it is possible.. Think about privacy and security, spamming and all kind of potential abuse.

What if others login to your account ? What if others intercept your email-address by having it reset via the public https:// interface, login one time and get hold of your contact list (phone-numbers included) ?

I mentioned earlier in one of my blogs (this is a retake) the tip of the iceberg whereby it seems to be quite easy to download the whole skype user DB... at least the public part. Then probably some people are matching it to email-addresses with tools like Skylook.biz…

Even if you can't see the email-address of the user, you can have Skylook.biz search for it...) so how hidden is that ... just fill up an ms outlook 2003 with a bunch of email-address and start searching. i find that disturbing that it is even possible.  Besides a whole bunch of people are filling in their email-address into their visible Skype identification data. «Yeah it is the user his/her problem». Wrong again, make it so that the email – address cannot be filled in where it should not be filled in and fix the setup-up procedure.

Anybody can setup any account and impersonate a person by creating a similar account (using dots, dashes as prefix or postfix… pfff) , simply because the account can be activated just like that. How useful is a system like that for business ?

Further I find it annoying that people can fill in my cell-phone number in a skype box with me getting any notification of that… Same goes for the forwarding of calls. You seem to be able to fill any number in there without the recipient being able to authorise that ????

«Most people are not worried about these issues» … Yeah right. Most people just use their cell phone but the provider has procedures to follow and comply with regulations. which explains why skype is not ready to be a global Internet telephony company. they cannot comply with these rules and regulations. Maybe that is why the project of the skype for cell-phones is being delayed. Maybe it would also be better to setup a decent help-desk, support-center, callcenter with the help of Ebay to support paying customers… Skype still does not have that figured out it seems…

Does nobody at Skype see the problem of this ? Especially now that they are in the proces to being connected to other systems (Paypal, Ebay and so on).

Well it’s one of these days again where thoughts flow and unsolved issues float to the surface again. Over and over. Yes Skype wants people to easily access the system and they do (just look at the growth figures and usage) but those system are also being accessed by others with other goals. On that matter Skype can make any policy or end-user licence agreement to scare the potential culprits, but what really should be done is apply simple security procedures that relate to account creation. Simple logic…

I think currently there could be a potential total abuse possible of virtually any account that sits on the Skype system and I wish that would be fixed. Many others have the same feeling. Until then, well I still love that system, but it needs improvement… I hope we shall see that coming our way. The p2p skype cloud keep growing, that is clear, but what about these whole that I have described here above. I am sure I am not the only one who was seen this… But with all the focus on marketing and getting as much users on the cloud, I guess this is just me like preaching on a soapbox… A voice in the mist… does not carry far (enough).

Anyways these issues have to be solved to make Skype usable for business users. Skype themselves are business users too, right…