1 |
On Tuesday, September 09, 2014 08:59:41 PM Andrew Savchenko wrote: |
2 |
My last response to this, as it is getting too OT |
3 |
|
4 |
> Hello, |
5 |
> |
6 |
> On Sun, 07 Sep 2014 17:51:46 +0200 J. Roeleveld wrote: |
7 |
> > It probably works, provided all your contacts also use it. |
8 |
> > As long as the vast majority of my contacts use Skype and Yahoo, I will |
9 |
> > not |
10 |
> > be able to switch. If Kopete (and other generic IM clients) would add |
11 |
> > support for tox, then it would be easier. |
12 |
> |
13 |
> There is a tox plugin for pidgin in tox-overlay. |
14 |
|
15 |
That's nice for pidgin users. When others follow, uptake will be easier. |
16 |
|
17 |
> > Which trojan injection are you talking about? |
18 |
> |
19 |
> I'm talking about the following research: |
20 |
> https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact |
21 |
> =8&ved=0CB4QFjAA&url=https%3A%2F%2Fwww.blackhat.com%2Fpresentations%2Fbh-eur |
22 |
> ope-06%2Fbh-eu-06-biondi%2Fbh-eu-06-biondi-up.pdf&ei=9jAPVJH1AafnygOOiIHgDg& |
23 |
> usg=AFQjCNHeILDYY4k-nUUw8vPmUCJ86Eywbg&bvm=bv.74649129,d.bGQ |
24 |
> |
25 |
> Of course, skype protocol was likely changed since that time, but I |
26 |
> really doubt that functionality for remote execution of arbitrary |
27 |
> code was removed. |
28 |
|
29 |
That research was from 2006. Over 8 years ago. |
30 |
Do you avoid using Bind because of all the security bugs it had in 2006? |
31 |
What about OpenSSL, that one had a big one not too long ago. |
32 |
And I'm sure I can find plenty of exploits for the Linux kernel based on the |
33 |
versions in use in 2006. |
34 |
|
35 |
The Skype protocol has changed a lot over the years and older versions of the |
36 |
protocol have been deprecated and removed. |
37 |
|
38 |
If it is still in there, I'm certain it would be known, considering the amount |
39 |
of people using Skype these days. |
40 |
|
41 |
-- |
42 |
Joost |