AVG Free Advisor Top Threats

http://free.grisoft.com/doc/rss20/chn/threats/us

Something about Mac OS x firewall blocking Skype.

Mac OS X firewall blocks Skype and online gamers
Leopard firewall scuppers Skype Inquirer
Mac OS X Leopard firewall damages programs heise Security
Leopard fails firewall tests IT PRO
No Linux or Mac drivers for Skype phones? What are they thinking?

and only half a page (not even half a page) of news on the 3skypephone on google. Soon more about the google phone ? Very few review also to be seen.... I have never seen so little viral marketing and hype when it came down to skype. The air is out of the bubble it seems... A little bit more can be read on the blogs, but the whole 3skypephone buzz feels like a storm in a glass...

Here some reviews on the 3skypephone. Have not seen one myself. We'll see, maybe I'll be able to say something else when it can be touched.

Will the current Skypeworms also affect the 3 skype phones ?

No clue on the above, of course with all those things attached to Skype, it's no wonder it's virtually impossible to protect yourself (or your users) from all kinds of potential crap.

Time will tell. But do read this new Skype worm popping up : "It has come to our attention that some Skype for Windows users have been affected by a piece of malware that masquerades as a chat message aimed at finding a lost girl.Please do not follow any internet links you may receive in chat messages that resemble the following: “Please help me to find this Girl”. Clicking on the link will lead you to download a worm that is currently best described here." source.

Related : Skype worms.

harnessing zombie PCs and spewing spam across the Web

Seriously. VoIP/IM based systems will be on the chopblock. It's time for Skype to really secure their systems..  In analogy : "Storm worm offers trick, no treat The Storm worm, which is harnessing zombie PCs and spewing spam across the Web, is estimated to have a computed strength varying from 15 to 50 million PCs. There's special reason to watch out for e-mail that arrives in your inbox: Storm worms have been reported to be behind the surfeit of spam mail inviting users to download content specific to Halloween. Is your organization equipped to handle a mass-scale attack from a network of a million PCs?"  source.

Boost performance of VoIP across your network

More bandwidth, compression and network probes are not enough to effectively boost performance of applications like SAP, Oracle, People Soft and VoIP across your network. Learn the cornerstones to boosting WAN performance in this informative whitepaper, "The 4 Essentials of WAN Optimization." http://www.accelacomm.com/jlp/NW_EM_80193808_Esent_1101/11/80193808/

Discover P2P Skype traffic.

I got one of these DVD. Now it's time to test the www.facetime.com
More later.

Single Point of Control for IM, P2P, Spyware and URL Filtering

I missed this web-conference. But it's right on the topic: "Your employees - especially the Web 2.0 generation - often introduce consumer-oriented applications onto the corporate network to work more efficiently. When these applications circumvent the security infrastructure, it's difficult for IT to maintain visibility and control. How can your organization take advantage of the productivity and cost benefits of real-time communications while mitigating their inherent business risks? " source : eSeminars at Ziff Davis Enterprise [eSeminars at enterpriseannounce.com]

related product : www.facetime.com

Discussion of connectivity and convergence

"Much of the discussion of connectivity and convergence almost reflexively uses the total amount of bandwidth available as the key metric. While it certainly is a vital statistic, a far lower profile set of metrics is just as important in determining how well a convergence application such as video streaming or VoIP performs. The most common of these statistics - jitter and latency - deal with the timeliness and predictability with which data packets get to their destination. If these metrics are askew, convergence applications will perform poorly no matter how much bandwidth is thrown at them. We found a good primer at Smart Communications on four important topics concerning non-bandwidth elements that can threaten a converged application." source.

Organize two or more computers with an Internet connection into their own virtual network.

It's great stuff. Use it. With Hamachi you can organize two or more computers with an Internet connection into their own virtual network for direct secure communication. Access computers remotely, use Windows File Sharing, play LAN games, run private Web or FTP servers or communicate directly.

Hamachi is fast, secure and simple. It is also free. Or you can buy it from the people at www.Logmein.com (a greet remote pc user program, if you ask me) right here. But do try the free version.

Download Hamachi from FileHippo.com

block and control access to websites, such as Facebook, MySpace, eBay and YouTube, as well as applications including Skype and MSN.

" PrefixNE v3.5 will include an employee-monitoring function that is claimed to block and control access to websites, such as Facebook, MySpace, eBay and YouTube, as well as applications including Skype and MSN. The software will notify managers, via a screen pop-up or email, should a member of staff access a prohibited website and can shut down banned applications, according to the company."

Company : Prefix IT
News picked up here.

Good router for frequent travellers that will work well with Skype Wifi and other wifi phones.

Wireless-G Travel Router with SpeedBooster - A Wireless Network In Your Pocket!
	Shares a wired or wireless Internet connection with SpeedBooster, Wireless-G and -B devices, and an Ethernet wired PC Create temporary, personal, wireless access in your hotel room or a coffee shop hotspot -- pushbutton easy Travel-friendly design with built-in power supply and antenna High security: Wi-Fi Protected Access™ (WPA), wire direct link to product-page :

Skype’s cooperation with internet censorship in China

I noticed something simular earlier this year I think on tom.com (meaning a special version of Skype by tom.com with a content-filter) when downloading http://skype.tom.com . So the below is not really new information, but just probably a revelation for some of us. Basically Skype is just a company here that provides a special version of Skype for the Chinese territory. That is how I see it. I know that there is a list in China with the forbidden words, and since they are forbidden nobody talks about them … Censorship in China, we all know it exists. Basically don't do funny things.. Here is the news-line.

" Dynamic Internet Technology Inc. Alleges Skype Redirects Users in China to Censorware Version - Ten Days After Users Are Able To Download Freegate Software Through Skype CARY, N.C.--(BUSINESS WIRE)--DIT alleges discovery of Skype's cooperation with internet censorship in China, which DIT believes is an effort to stop the spread of DIT's popular anti-censorship tool.

Skype (http://www.skype.com), an instant messaging, voice chat and file downloading tool, is very popular in China. On September 13, 2007, DIT established its presence on Skype, so users in China can talk to DIT over Skype to get DynaWeb url and download its popular censorship-busting software, Freegate.

DIT alleges that, on the morning of September 23, the company started to receive reports from concerned users in China that now when they try to download the Skype software, Skype's website redirects them to Skype's Chinese partner's site, http://skype.tom.com, which doles out a modified Chinese version, instead of Skype's official version as before.

DIT feels that such a version of Skype from a Chinese website is questionable, as some hidden capabilities can be built-in to censor Skype's usage. In January, 2006, Business Week reported that "TOM and Skype now filter phrases such as "Falun Gong" and "Dalai Lama." According to DIT, internet freedom activists in China have been warning people about the possibility that Tom.com's versions have or will have more trojan capability to monitor and report users' activities to Chinese government.

DIT has confirmed this redirection. DIT believes this move by Skype is the result of Chinese government's pressure, targeting to curb Freegate's wildfire-speed adoption in China.

Freegate is part of DynaWeb technologies. DynaWeb enable users to evade Internet censorship and to visit websites that are otherwise blocked. DynaWeb was first launched in March, 2002. It is developed and maintained by volunteers and personal contributions, and has enjoyed great popularity among users in China and Iran, despite Internet restrictions by the governments in these countries." Source.

Company : www.dit-inc.us

Related : | Skype in China | China and Censorship | Big Chinese Firewall | China blocks Skype |

Skype v3.5 management and blocking capabilities

This one is all about blocking p2p, Skype.

" REDWOOD CITY, Calif.--(BUSINESS WIRE)--Check Point Software Technologies Ltd. (NASDAQ:CHKP), the worldwide leader in securing the Internet, today announced that its enterprise security gateways now have the unique ability to block Skype v3.5, the latest version of the popular consumer VoIP application. This development, leveraging Check Point's SmartDefense™ integrated intrusion prevention capabilities, is part of the company's ongoing efforts to help enterprises better manage the risks from consumer software downloaded by employees for personal use.

The addition of Skype v3.5 management and blocking capabilities is particularly critical because a new virus called "w32/Ramex.A" is currently spreading through Skype for Windows. Infected users send a chat message to other Skype users, asking them to click on a web link that can infect the computer of the recipient. With Check Point, an IT administrator could immediately secure the corporate network against the virus by simply blocking Skype use until the virus storm has passed, or limiting use to versions not affected.

Consumer applications such as instant messaging (IM), peer-to-peer (P2P) file sharing and Skype are often installed by employees without the company's knowledge or consent. Once installed on even a single PC connected to the network, the application can become an open avenue for hackers seeking to infiltrate the network. Check Point has strategically developed extensive security and management features for IM and P2P applications running across a corporate network. By offering IT administrators more granular control of these applications, an enterprise can reduce the risk of security breaches associated with consumer software vulnerabilities as well improve employee productivity by limiting distractions.

"IM, Skype and P2P applications are exciting new ways to communicate and collaborate, but enterprises must have control over anything with the potential to introduce new threats into the network," said Dave Burton, director of product marketing at Check Point. "Check Point is leading the way by ensuring that these management and blocking capabilities extend to the most current versions of consumer software applications, such as Skype v3.5."

Beyond security vulnerabilities, the potential for proprietary information to be sent off the network without approval introduces legal and competitive risks. Plus, the added bandwidth consumption from these products can increase IT costs and negatively affect the performance of the overall network. Lastly, employers may not want employees to be distracted by alternative communication mediums such as Skype, MSN, Jabber, ICQ and others.

As part of Check Point's management capabilities, IT administrators can limit or entirely block IM and P2P communications, and help set boundaries over their network traffic. Real-time updates from Check Point's SmartDefense Services provide Check Point users with the latest patches to ensure customers are protected against new exploits, vulnerabilities and protocols. Additionally, the Check Point SmartDefense engine allows administrators to add advanced functionalities that are both protocol- and heuristic-based.

For more information on how to protect against IM and P2P applications that pose a threat to enterprise security, please visit www.checkpoint.com. "

Source : Media Alert: Check Point Offers Superior Protection for Enterprise.

Telework Security Concerns Linger

" While managers are growing more comfortable with remote workers, three areas of concern remain. Managers worry about how productive the workers will be while outside the office; how their absence will impact team building; and, of course, how their data will be secured. The SonicWall survey that led to these conclusions also points to shortcomings in preparedness. For instance, only 23 percent of off-site workers have anti-virus software on their machines, only 16 percent have SSL VPNs and only 14 percent have IPSec VPNs. A startling 9 percent of those charged with security don't know what measures are in place for their remote staffs. The survey offered comparable anemic statistics for the related area of disaster preparedness. " source : IT Business Edge

Variant of the Skype Bubbles worm.

FaceTime Security Labs (FSL) has identified a variant of the Bubbles worm on Skype. The team at FSL found what they're calling "Bubbles for Kids" that is designed to steal any and all sensitive information from the victim's computer through the most devious method of all...keylogging! It looks like it not only attempts to steal all your info on your machine, but once it's done that, it spreads out to all your Skype contacs. The team have written up their find on the Spyware blog - which you can find here. It's probably a good time to remind you that FaceTime's Internet Security Edition for Skype, is not only a great solution, but it's unique and its backed by the great work - like this discovery - that the FaceTime Security Labs do in discovering new threats over real-time communications channels.

So basically for all those happy people out there, better get some proper security before you "skypetize your ms office documents…" Get real !

Skype worm, related to keylogging and potential data theft.

Something to keep in mind for all those happy people that might simply be adding things like Skylook to their MS outlook or the new Skype MS office integration toolbar. Think twice before you simply Skypify your MS office documents !

I wish Skype would come out with a Business Control Panel application that allow IT-managers to run their cloud of internal Skype network users. One thing that this application would have to provide is an overview to the number of Skype extra's that are attached to the Skype-users their application.

My personal opinion is that if you start simply linking MS office document via Skype plugin to Skype, well you are looking for trouble. Until it is exactly clear and documented what that exactly means, I would recommend to use it wisely.

In the past I was very happy with Skylook, but I am convinced that for those Exchange server admins, it will pose some concerns. You simply don't attach things that suck up company content (and send it to god knows where...) to your office-mail system. I have documented the risk of Skylook earlier. It's the same with plugins like Plaxo and Linkedin. I would not recommend to simply add them to your MS outlook system. You can do it, but I have never seen an IT-manager smile when this happened en masse in their network. It should not just be happening without any notification. Until then the IT- and security guys will fight the Web 2.0. movement, since they perceive it as an attack and something unmanageable.

Read this by Paperghost : http://www.vitalsecurity.org/2007/09/skype-worm-linked-to-keylogger.html

Skype friend or Foe Webinar by Facetime.

I always love these spicy and controversial marketing sting letter from Facetime. I Just got this from www.facetime.com. It looks and sounds interesting to Join their September webinar series - and get in the draw to win a BRAND new IPOD Itouch.  Check out our topics - click on the registration link.

•  Skype:  Friend or Foe:
•  Instant Messaging: BonaFide Benefit -Genuine Threat
•  Unified Communications - Get the Facts

 WEBINAR Skype:  Friend or Foe: 21 September

Take 45 minutes out and tune into our web conference.  21 September: 0915 AEST / 1115 NZST

• The main risks associated with Skype in the enterprise
• How IM worms propagate through Skype and other networks
• How to get a view on Skype usage in your organisation
• The FaceTime "if nothing else guidelines"  

Register for SKYPE FRIEND or FOE:

 WEBINAR Instant Messaging:  Bona Fide Benefit?  Genuine Threat? 28 September

 " Instant Messaging and More! Discover the benefits and threats of new productivity tools and learn how Skype & IM worms succeed "

• Instant Messaging benefits
• Major threats
• How to counter the threats
• What's going on on your network?

Register for IM:  Bona Fide Benefit - Genuine Threat    28 September 0915 AEST / 1115 NZST

 WEBINAR Unified Communications:  Get the Facts 26 September 0930 AEST / 1130 NZST

Unified communications (UC) promises to transform business the same way email did in the 1990s—streamlining communications, increasing efficiency, and reducing costs like never before.   Security and compliance are critical to a successful UC deployment. Learn how to build an efficient and scalable UC architecture that addresses IM, VoIP and other modalities.

Register for UC Webinar 26 September: 

  Employees Drive Adoption of Instant Messaging, Skype and Unified Communications in the Enterprise
Responding to the changing nature of Internet traffic, FaceTime announced the first network security appliance that provides comprehensive security and management across the broadest set of Web and real-time communications applications under a single point of control. The Unified Security Gateway (USG) integrates management, security and compliance for Web communications, consumer-driven greynet applications such as public instant messaging (IM), Skype and P2P, and enterprise-class unified communications platforms such as Microsoft's Office Communications Server and IBM Lotus Sametime. (Full story...)

  Legal Battle for iPhone Hackers?
It took 17-year-old George Hotz just weeks to unlock Apple's iPhone. Hotz's hack makes it possible for the once AT&T-only geek gadget to be used on any mobile network. It turns out it's legal to unlock the phone, but it remains unclear if outside developers can legally make, and keep profits selling software for the device. (Full story...)

  Microsoft to Buy Enterprise Chat Maker
Adding one more piece to Microsoft's "unified communications initiative," the Redmond software giant picked up chat vendor Parlano. The software giant is bullish on the technology acquisition's potential in combination with Microsoft's own objectives, noting Parlano has already had success in financial and other vertical markets. (Full story...)

  Instant Messaging Market to More Than Double
Companies devoted to developing instant messaging platforms continue to innovate, and rake in cash. Revenues in the global instant messaging market are expected to grow from $203 million in 2007, to $530 million by 2011. (Full story...)

  Singworm Spreading in Singapore / Hong Kong Via MSN Messenger
What do Sony, Viacom, and Turner Broadcasting have in common? They've all signed deals with Joost to provide the online video service with content. As a result of this video content explosion, Internet-service providers are having sleepless nights. (Full story...)

  Preparing for the Workforce of the Future
Soon, computers will be everywhere and the corporate workplace is about to undergo a significant transformation. There's no time like the present to recognize and prepare for these changes. (Full story....)

  Report: Businesses Plan to Increase Spending on Wireless Security
It seems like every other day, a missing laptop or cell phone end up being the culprit of a costly information leak. It's clear IT decision makers are well aware of this escalating problem, as their proposed budgets for the coming year reflect an increase in spending to combat these security vulnerabilities. (Full story...)

  Way Too Good for Facebook or MySpace?
If you think you're too good for the social networking sites that anyone can join, you might be interested in the exclusive online networks popping up for the social elite. These "online country clubs" are designed to be, as Business Week puts it, "an online gateway to the upper echelons of the social stratosphere." (Full story...)

  The 10 Most Dangerous Things Users Do Online
From clicking on an email attachment from an unknown sender to giving out passwords, Dark Reading has put together a list of the top 10 most dangerous things users do online. The list was generated directly from input they received, and arranged in descending order of danger, based on votes received from the experts and analysts who make up Dark Reading's editorial advisory board. (Full story...)

  Don't Let Your Boss Catch You Reading This
You're a hard worker, sure, but we'll bet you waste a few minutes of the workday surfing the Internet. How do we know you might be a "cyberslacker?" Studies suggest that employees spend about a fifth of their work shifts engaged in personal activities, and, of course, the Internet is the biggest time waster of all. (Full story...)

source : The FaceTimes Asia Pacific Edition

Make sure your data doesn't walk out the door

" Hacker attacks that bring down the network get a lot of attention, so companies concern themselves with protecting against those threats. Unfortunately, the security precautions that prevent those high-profile attacks may not be addressing a much more insidious problem: theft of company data for corporate espionage or other purposes. Find out what you should be doing to keep your data from walking out the door." Source : Network Administration at TechRepublic.com [newsletters at www.techrepublic.online.com]

Bad p2p habits ? Should we apart from getting more used to p2p also get a bit more worried ?

Should IT Worry About P2P's Traffic Domination? Yes

" P2P may not have been the culprit in the Skype blankout, but peer sharing is still bad news for network admins. A research firm says P2P accounts for 50 percent to 90 percent of the traffic on the Internet. Some observers say small companies' reliance on P2P is unfortunate because it means that there is little oversight. Clearly, companies of all sizes should do whatever they can to squelch their employees' bad P2P habits. "

Source : It business Edge.

My take : use it wisely and invest in security.

P2P identity theft leads to 29 years jailtime.

" A Seattle man faces as many as 29 years in prison after being charged with using the LimeWire and Soulseek p-to-p (peer-to-peer) networks to commit identity theft. Gregory Kopiloff was arrested Wednesday on charges of mail fraud, accessing a protected computer without authorization, and two counts of aggravated identity theft, said Emily Langlie, a spokeswoman with the U.S. Attorney's Office for the Western District of Washington. This is the first case that Langlie's office is aware of that involves P-to-P identity-theft charges, she said." source.

Skype is now being used as a 256 AES encrypted delivery mechanism for sound, files, voice and yes also the occasional worm / virus.

Messages start popping up on the Skype forum on the matter of this worm/virus.

http://forum.skype.com/index.php?showtopic=96610&st=0&gopid=439584&#entry439584

I wonder what caused the problem this time and what explanation we are going to make on the matter of Skype PR this time.

It seems to me that me somebody just set off something that exploits weaknesses in the whole Skype p2p system. I have always said (apart from it greatness in transmitting sound and video over p2p) that this would happen and it looks like it's happening now.

Employees Drive Adoption of Instant Messaging, Skype and Unified Communications in the Enterprise.

While Skype is being used as a secure p2p 256-AES encrypted delivery mechanism, we have www.facetime.com moving for with a press release on "Employees Drive Adoption of Instant Messaging, Skype and Unified Communications in the Enterprise". I would call this perfect timing. I would not want to be an IT-manager today in a network where Skype has entered as an allowed but not supported application. Time for cleanup.

Here is the press release.

Contact:  Sarah Carter, FACETIME COMMUNICATIONS EMEA
+44 (0) 7970 729068 scarter@facetime.com skype : sl_carter

Employees Drive Adoption of Instant Messaging, Skype and Unified Communications in the Enterprise

FaceTime® first to deliver security, management and compliance for Web browsing, instant messaging and UC applications under a single point of control

FOSTER CITY, Calif., Sept. 10, 2007 – Responding to the changing nature of Internet traffic, FaceTime Communications today announced the first network security appliance that provides comprehensive security and management across the broadest set of Web and real-time communications applications under a single point of control.  The Unified Security Gateway (USG) integrates management, security and compliance for Web communications, consumer-driven greynet applications such as public instant messaging (IM), Skype and P2P, and enterprise-class unified communications platforms such as Microsoft’s Office Communications Server and IBM Lotus Sametime.

The New Internet
Internet communications have changed. Today, user-initiated traffic is no longer limited to e-mail and Web browsing, but dominated by highly evasive greynets – real time communications such as IM, Skype, P2P and hundreds of other unique applications and networks. Today’s workforce is introducing these consumer networks into the enterprise to improve communications at work and to stay connected with their extended social networks.

Responding to this end-user demand, many large organizations are deploying enterprise-grade Unified Communications platforms such as Microsoft Office Communications Server and IBM Lotus Sametime.

“IM has become the launch pad from which other forms of communication or meetings are established – a Web conference or voice over IP call for example,” said David Mario Smith, research analyst for Gartner, Inc.. “The consumer IM client has become a UC client, and organizations are rapidly adopting enterprise IM and UC platforms. Today, we’re seeing a 25 percent to 30 percent penetration of enterprise IM, and we expect to see nearly 100 percent by 2010.”

According to prelimina