As a security professional, I adopt Skype as my primary IM due to its encryption and firewall bypass. Although firewall bypass is the direct experience, encryption is just claimed by Skype. Nothing more about the encryption mechanism, such as the key generation, management and etc. The following is the Top Ten Questions I want to know about Skype security issues:
- does Skype company de-encrypt/record my talk/chat?
- besides the parties of the talk/chat, any body else can read/hear the content?
- how does Skype process the talk/chat traffic along the internet route?
- is the talk/chat content stored at somewhere else at the internet?
- how does Skype negotiate the session-key used to encrypt the traffic?
- what algorithm does Skype used to encrypt the talk/chat traffic? (more detailed info than just AES)
- how does Skype store the public/private key pairs of skype client?
- is there any means to identify the traffic at network layer? (though Verso has succeeded in it, I mean what means Skype support)
- is there any existing mechanism to account/audit the activities of the skype client, or recommendation from Skype?
- is there any country agents involved at the key management?
What’s yours most of concern questions? want to know from Skype?
Posted by Richard 
Posted by Richard 
Advice for US Companies in China by Kaifu Lee
October 17, 2005China economy and IT market are exciting and attrative. It’s lucrative to some multi-natioinal companies, while a waterloo to many of them and their SVP/EVP/MD/GMs. Why? A good slides by Kaifu Lee disclose his findings at China. Click to download.
Thanks to Dr.Lee’s excellent summary. It’s very valuable to read.