The Network Operations, Engineering, and Security teams at Blue Jeans Network, Inc. have been working diligently to assess the impact on our infrastructure in the wake of April 7 2014 disclosure of CVE-2014-0160, known the as Heartbleed vulnerability in the popular OpenSSL software. Nearly two-thirds (66%) of service providers on the Internet responded to this critical vulnerability in OpenSSL’s handling of heartbeat packets and conducted a comprehensive security review in response.
With the wide adoption of Skype in the consumer market, it is not surprising that more and more company networks are finding Skype to also be a valuable tool for communication, But one hurdle that seems to confound many IT departments is the “is Skype secure?” question. In short the answer is “yes”. It is, in a few ways. Let me try and explain.
To stay ahead – in business or academia or whatever your industry – it takes real collaboration with partners, customers, vendors and colleagues around the globe. Often times the best way to invent, discuss and work together on a global basis is via video-collaboration. It saves costs and is about as good as it gets when it comes to meeting with colleagues “face-to-face” outside of in-person travel.
But… it’s a scary world out there. There are real security concerns as evidenced by this New York Times article where Rapid7 exposed Goldman Sach’s boardroom video conferencing vulnerability.
According to the article and Mr. Tuchen, CEO of Rapid 7, “New [video] systems are outfitted with a feature that automatically accepts inbound calls so users do not have to press an ‘accept’ button every time someone dials into their videoconference. The effect is that anyone can dial in and look around a room, and the only sign of their presence is a tiny light on a console unit, or the silent swing of a video camera. "Any reasonably computer literate 6-year-old can try this at home”.