It’s not Skype….

January 9, 2005

in Skype Journal

I heard a rumor yesterday about a post by Andy Abramson on Skype and SAM. Frankly I believe he should print a retraction. I’ll use the comments posted on Jeff Pulver’s blog to add clarity. Jeff also passed on a posts without some more detailed fact checking. Tom Keating did the same. Industry leaders with their facts wrong.This is a shame. I also don’t buy the slant on Andy’s Skype Responds either. It’s still out of context and there are no links on the post to the third party product SAM or Skype.

This is not a security hole in Skype. It is the result of using third party beta software in development for use with Skype. His problem.. that SAM connected two calls is listed in known bugs. As for the technical issue of recording “encrypted” calls this is complete hogwash. I can record all sorts of call and it makes no matter if it is an X-Ten softphone or Glophone etc. You’d also get the same result if you ran two softphone clients at the same time on the same soundcard and answered both calls.

Peter Macaulay comments:
This is not a security flaw — this is a feature! : – ) It is just as if you were sitting in my office and an incoming POTS call is picked up by my 20 year old answering machine. If the volume is up everyone in the secure space (my office) can hear the recording. Solution: Mute the answering machine. Remember how folks used this feature to screen calls — “Hi it’s Sally, if you are there please pick up”. We just need to learn how to use these new tools. When you have a meeting you mute your answering machine — that should be the default. Andy Abramson posted this as a Skype security flaw as if it were a programming memory leak — no it is just the mixing of your voice on the speaker. I will leave my Skype/SAM running in my hotel room while I am at CES today — just need to mute the speakers so I don’t scare housekeeping — and have my messages overheard! The bigger issue is that this implied flaw is from the Skype/SAM combo created by Skype publishing their API. I would hate to see Skype shut down their API which is already creating many new products such as the Siemens handset and also the Actiontec gateway just announced at CES this week. Just my thoughts on a cold night in Las Vegas

Andrew comments:
I was on the conference call taking place at the time Andy called and I would just point out that the version of SAM my colleague was using was Beta software (the version in use was 0.9.30, the then-current release) and that this is a documented known bug ( “2) SAM answers incoming call even though user is in an active outgoing call. You get a audio mixture of the current call, SAM and the incoming caller.” I am not diminishing the importance of Andy’s point, merely adding context.

The Jeff Pulver Blog: Andy reports major bug in Skype Voicemail!

There is a brave new world of developers out there creating some interesting new VoIP applications. They need encouragment not a flamepool. It’s obvious that Skype will launch an “Authorized by Skype” program too. Issues around new products and functionalities are important. Sometimes even bugs have become new products.

Just think. If you run two profiles (names that will get searched!) of Skype on your PC. Set them both to auto answer… and employ SAM as it is now. Then you could connect random strangers. Even more the first caller could keep an open line and wait for another person to call the other line. Then I guess that would make the listener a voyeur. Have fun kids! Now… is that a security flaw? I doubt it. Common sense works wonders too.

Previous post:

Next post: