"Eugene F." <pm771.am@gmail.com> wrote in message
news:1112567712.462350.54870@f14g2000cwb.googlegro ups.com...
> Hi,
>
> Is it OK to use? Does the download include any stealth stuff?
>
> I hate to sound paranoid, but ...

http://en.wikipedia.org/wiki/Skype

"As Skype communication may get routed via peers other than the recipient of
the call, 256-bit AES encryption is used in order to actively encrypt the
data in each Skype call or instant message. Skype uses 1536 to 2048 bit RSA
to negotiate symmetric AES keys. The Skype server certifies users' public
keys when they log in.

Lack of Security
As the Skype source code is not public, the security of the software cannot
be readily established. It is known to open several ports on the user's
computer and to directly manipulate Windows XP's built-in firewall. In
addition, it provides a feature-rich API that could potentially enable a
virus to initiate calls, either to people on the user's contact list,
causing them discomfort, or the attacker's premium rate telephone number, if
the user has subscribed to the SkypeOut service.

Unlike instant messaging or email skype executable acts as both a client and
a server, so there are no safeguards you might otherwise have. It would take
any small weakness in the code for a virus to fully control more than 2
million machines within a few minutes.

Another weakness comes from peer-to-peer nature of the network too: the
backbone (supernodes) is formed from the most connected and least protected
regular skype clients. At any given time there might be a few thousand
machines that form the backbone, and none of them are protected by a
firewall. A dedicated attacker can build up a list of current supernodes and
by launching a ddos attack against them can bring the whole network down."

An interesting interview and an interesting site, neither of them about
security:

http://www.infoworld.com/article/05/...ypehype_1.html
http://www.skypejournal.com/

TB