iSkoot Security Bug Resolved

One benefit of the network of bloggers that has built up around IP-based communications is the ability to identfiy, define and resolve issues in time frames not even imaginable prior to the Internet and the blogosphere. Over the past few months uberblogger PhoneBoy (Dameon Welch-Abernathy) along with Disruptive Telephony’s Dan York, who is also involved with the Voice over IP Security Alliance, have become two sources I will often defer to when I need to confirm the integrity of a vendor’s claim or the viability of an issue related to telecommunications, especially when it comes to security.

Last fall Dameon (pictured right) worked with me to confirm that Skype’s High Quality Video really did provide a superior video communications performance. Recently he was wondering about the quality of audio conference calling until he learned about, and experienced, VAPPS’ High Definition Conferencing. Now, I don’t know about how you spend your Friday evenings, but it seems that Dameon got an urge this past Friday evening to check out iSkoot’s security when using iSkoot’s Symbian S60 client on a Nokia N95. Dameon found and reported a security leak that would expose your SkypeID and password — under very stringent conditions. Dan York followed up with a post on the VoIPSA blog.

To find the security issue you needed to be accessing iSkoot via WiFi on a Nokia N-series phone (in this case an N95) via a home-based WiFi router. And you needed to have the WEP or WPA password for the router and be within radio range (sniffing distance) of the router. And you needed to know how to do a packet trace via a tcpip dump.

Once reported iSkoot CEO Mark Jacobstein then called his developer team into action early today (Sunday). Around 4 p.m. I learned that the iSkoot team had been in touch with Dameon while Dan and I received the following statement:

Unfortunately, it turns out that Dameon was right. We’re not sure how, but a non-production Symbian build ended up on the site, and it had this bug. We’re pulling the build and fixing the bug and will be doing a forced upgrade to every Symbian user as soon as possible. We also checked all the other builds, and they’re all fine (Windows Mobile, Blackberry, J2ME, etc.)

Thanks to Dameon and Dan for their diligence in identifying and confirming the issue — score one for the blogosphere. And thanks to Mark and his iSkoot team for acknowledging — so quickly over a weekend — that there was an issue and for dealing with it so promptly — score one for iSkoot.

Bottom line – the blogosphere helped identify and communicate an issue back to the vendor’s management team; iSkoot did not try to hide behind any PR spin or mask but rather acknowledged and resolved the issue in a very timely manner. And it all happened over a weekend; now if Dameon would just recognize that there are better things to do on a Friday evening than hacking routers.

And, as an aside. It was VON Spring that provided an opportunity for many of these bloggers to meet not only with other bloggers (and where I first met Dameon in person) but also executives such as recently appointed iSkoot CEO Mark Jacobstein who attended the Pulver Social Networking breakfast. The recently reported demise of PulverMedia, and with it the VON conferences, will be a serious blow to building a enthusiastic, effective and communicative IP-communications community. Certainly our meeting at this event made it easier to communicate between bloggers and vendor to address this issue over this past weekend.

Related Posts:

Tags: iSkoot, PhoneBoy, Dameon Welch-Abernathy, Dan York, Disruptive Communications, Mark Jacobstein, Symbian S60, Nokia N95, Skype High Quality Video, VAPPS, High Definition Conferencing, Blackberry, VoIPSA, VoIP Security Alliance

Powered by Qumana

About Jim Courtney

Bringing over thirty years' experience in the sales, marketing and management of cutting edge technology businesses.
No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.