My Skype Odyssey - aka MS are retarded ass-clowns


  • :belt_onion:

    @dkf said in My Skype Odyssey - aka MS are retarded ass-clowns:

    I'm assuming that the real underlying cause is removal of some of the cypher algorithms in the cypher suite, resulting in older clients being unable to negotiate a matching crypto profile with the servers, meaning that neither side ends up trusting what the other says at all.

    Basically. It's usually cipher suites but can also be disagreement on version, e.g. "I've never heard of TLS 1.2." Either way, you're correct in saying neither side ends up trusting what the other says at all, which is why you can't predicate any response on "If it sees the correct username and password..." It doesn't get that far, it can't be allowed to.

    When it comes to security, you need to fail early and fail fast. This is unlike almost any other paradigm in software development. Unfortunately, some implementers have also interpreted this to mean you need to fail incomprehensibly or with no disclosure of the fail conditions, which is not actually a requirement.



  • Depending on how old her Skype version is, it could also be the move from decentralised (ie. P2P) to centralised servers.