Tag Archives: skype

Skype “forgets” (?) to inform users of critical security patch

Leave a reply

Submit: Add to your del.icio.us Digg This Slashdot GotNews StumbledUpon Reddit

Skype burningI love the Skype service, in part because I believe it is far more secure than other IM services. Skype is an eBay company.

This week, Secunia released a “highly critical” advisory on the Skype service, recommending that users upgrade to the latest patch version.

Skype was silent on the matter. They did not inform their customers. Why?

This and other recent events suggest either a policy of non-communication to users, or management ineptitude along the same lines.

Skype does not communicate with its users when there is bad news to communicate. Instead, they go dark. In a world where quality includes good customer service, it is simply amazing to me that they have established such a strong track record of turning their back on their customers. Company spokesman Villu Arak apologized for the most recent blunder. “We strive to inform the public of vulnerabilities and malware that may affect Skype software,” Villu Arak on Skype’s security blog on December 10, 2007 (really??). “While this particular vulnerability was fixed, there was an unintentional communication oversight and we failed to bring the case to the public’s attention. All we can do now is to apologize.”

Skype needs to do more than apologize. This has happened too many times. While we can forgive companies for a single mis-step, this is just another example of Skype choosing silence over giving bad news. Earlier incidents:

Skype service restored but executives still in hiding

Skype: not one disaster, but two

I have no personal vendetta against Skype. As I’ve stated, I love the service and regularly recruit colleagues away from MSN, Yahoo, and AIM. And I don’t know anyone who works at Skype: I don’t know their names, their nationalities, or what they believe in. But I am disappointed in their corporate behavior when it comes to communicating with their customers. Are they pretending that difficult problems will just go away if they don’t communicate news to their customers?

My level of trust in Skype’s corporate integrity has fallen significantly. What other bad news are they choosing to keep to themselves?

On the contrary, things will get worse for them. Is anyone at eBay paying attention?

http://www.networkworld.com/news/2007/121007-oops-skype-forgets-to-tell.html

Graphic from samLown.com

Law enforcement unable to perform lawful wiretaps of Skype calls

Leave a reply

Bookmark This (opens in new window)

Skype uses robust encryption that protects its Internet-based phone calls from eavesdroppers. The problem is, if you’re law enforcement and need to conduct a lawful wiretap on a Skype account, you’re out of luck.

Skype’s encryption is end-to-end, and its design includes no provision for a lawful wiretap such as those that are routinely conducted over cellular and landline based phones.

There is no question in my mind that Skype’s encryption is robust. Here is an excellent cryptanalysis (PDF) of the Skype service that was performed by Tom Berson of Anagram Laboratories.

Recent article: Internet Telephone Encryption Stumps German Police

Skype restored, but executives still in hiding

2 Replies

Bookmark This (opens in new window)

Disclaimer: I’m a big fan of Skype – it’s my IM client of choice.

The Skype PR disaster continues unabated. There is no end in sight.

The Skype network service has been restored. Here is a short explanation of their problem:

On Thursday, 16th August 2007, the Skype peer-to-peer network became unstable and suffered a critical disruption. The disruption was triggered by a massive restart of our users’ computers across the globe within a very short timeframe as they re-booted after receiving a routine set of patches through Windows Update.

The high number of restarts affected Skype’s network resources. This caused a flood of log-in requests, which, combined with the lack of peer-to-peer network resources, prompted a chain reaction that had a critical impact.

Normally Skype’s peer-to-peer network has an inbuilt ability to self-heal, however, this event revealed a previously unseen software bug within the network resource allocation algorithm which prevented the self-healing function from working quickly. Regrettably, as a result of this disruption, Skype was unavailable to the majority of its users for approximately two days.

This and other postings were made by someone named Villu Arak, about which practically nothing can be found.

Skype had one of the most significant outages of any online service, and none of its executives have so much as said “Hello”.

Skype’s network disaster has been solved, but Skype’s PR disaster continues. Have they ever heard the terms “goodwill”, “media relations”, or “customer service”?

Earlier story.

Skype: not one disaster, but two

2 Replies

Bookmark This (opens in new window)

Disclaimer: I’m a big fan of Skype – it’s my IM client of choice.

Update to the story.

Aug. 19, 2007 – Skype suffered a colossal outage last week, and the network is just now coming back. They have promised to tell everyone on August 20, 2007, what happened in the previous week.

Two disasters hit Skype last week:

  1. The network outage, whatever it was about.
  2. The complete absence of Skype and eBay executives throughout the crisis.

While the first disaster might not have been preventable, the second disaster was a direct result of decisions made by Skype and eBay executives who apparently chose to hide. They appear to have left the Skype technical recovery team out to flap in the wind, alone, with no visible public support. This led to rumors and speculation about what really happened, and whether Skype and eBay executives care about the community of users. Those executives committed the cardinal sin of disaster management: communicating from a high level about what’s happened and what is being done about it. Instead of being told, we were left to wonder if they even noticed. Maybe they were too busy and could not be bothered about a world-wide outage. Their silence is deafening – we hear it loud and clear.

In a different part of the world, the Utah mine accident is playing out. Those executives got it right: they are right there, working and concerned, and are making frequent statements to the press. They are telling everyone what they know, what they don’t know, and what they’re doing.

Murray Energy Executives get two thumbs up for being there. Skype and eBay get two thumbs down for being silent and absent.

While Skype users may breathe a collective sigh of relief that the network is running again, I wonder if Skype and eBay have even noticed that the second disaster has taken place and has yet to be addressed.